从Web API控制器获取Live SDK访问令牌
[英]Getting Live SDK Access Token from Web API Controller
问题描述
I have the following method in the back end, and I want to get the access id for user who logged in via live sdk: 
我在后端有以下方法,我想获取通过live sdk登录的用户的访问ID:
public class AccountController : ApiController
{
[HttpGet]
[Route("Account/Authenticate/LiveUser")]
public void AuthenticateLiveUser()
{
//TODO: Inspect the request query to get the access token
}
}
On the front end I have the following code: 在前端,我有以下代码:
<script type="text/javascript">
WL.init({
client_id: '00000000XXXXXXXX',
redirect_uri: 'http://XXXXXXXXXXXXX.us/Account/Authenticate/LiveUser',
scope: 'wl.signin',
response_type: 'token'
});
WL.ui({
name: "signin",
element: "signin"
});
</script>
I was able to open the live sign on page, signed in and the live server responded with the following message (as seen from fiddler): 我能够打开页面上的实时登录并登录, 实时服务器响应以下消息(从提琴手那里看到):
HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Sat, 18 Oct 2014 19:52:24 GMT
Location: http://XXXXXXXXXXXXX.us/Account/Authenticate/LiveUser#access_token=<<ACCESS_TOKEN>>&token_type=bearer&expires_in=3600&scope=wl.signin%20wl.basic%20wl.emails&state=redirect_type%3dauth%26display%3dpage%26request_ts%3d1413662001911%26response_method%3durl%26secure_cookie%3dfalse&user_id=<<USER_ID>>
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
NOTE: The redirect above forwards the user to the correct address, and it includes the access token and user id, censored in the above code. 注意:上面的重定向将用户转发到正确的地址,并且包括访问令牌和用户ID(在上面的代码中进行了检查)。
However the request that goes to my server is as follow, note the absence of Access Token and User Id 但是,发送到我的服务器的请求如下,请注意缺少访问令牌和用户ID
GET http://XXXXXXXXXXXXX.us/Account/Authenticate/LiveUser HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US,en;q=0.8,ja;q=0.6,zh-Hant-HK;q=0.4,zh-Hant;q=0.2
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: nsyncservices.us
DNT: 1
Connection: Keep-Alive
Going back full circle, I am debugging my AuthenticateLiveUser service handler, but there is no access token or user id, that will allow me to access the live services. 回过头来,我正在调试AuthenticateLiveUser服务处理程序,但是没有访问令牌或用户ID,这将允许我访问实时服务。
What am I doing wrong? 我究竟做错了什么? How can I get the access token and user id to my server side code? 如何获得访问令牌和用户ID到我的服务器端代码?
1 个解决方案
解决方案1
1 已采纳 2014-10-18 20:21:39
The answer will depend on what you intend to do with the token from your server. 答案将取决于您打算如何使用服务器中的令牌。 If you just need to make a couple quick service calls, it's usually sufficient just to write some JS that sends the token to your server. 如果您只需要拨打几个快速服务电话,通常只需编写一些将令牌发送到服务器的JS就足够了。
If you want to hold on to the token for more than an hour, everything changes. 如果您要保留令牌超过一个小时,则一切都会改变。 The access token itself will expire so what you really need is an auth code which can be used to get a long-term refresh token which can in turn be used to get short-term access tokens. 访问令牌本身将过期,因此您真正需要的是一个可用于获取长期刷新令牌的身份验证代码,而该代码又可用于获取短期访问令牌。
Read more about this at http://msdn.microsoft.com/en-us/library/hh243649.aspx and check out the SDK samples here: https://github.com/liveservices/LiveSDK-for-Windows/tree/master/src/Web 在http://msdn.microsoft.com/zh-cn/library/hh243649.aspx上了解有关此内容的更多信息,并在此处查看SDK示例: https : //github.com/liveservices/LiveSDK-for-Windows/tree/主/ src目录/网络
Fwiw, the reason your server doesn't see the access token in the redirect is because it appears after the '#' in the URL. 首先,您的服务器在重定向中看不到访问令牌的原因是因为它出现在URL中的“#”之后。 This is intentional for security reasons. 出于安全原因,这是有意的。 While all of this sounds complicated it is actually a textbook implementation of OAuth 2.0 so if you may find value in reading that spec. 尽管所有这些听起来都很复杂,但实际上它是OAuth 2.0的教科书实现,因此,如果您在阅读该规范时会发现有价值的话。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.