owin oauth发送附加参数
[英]owin oauth send additional parameters
问题描述
I'm sure this is possible but not certain how to achieve. 
我确信这是可能的,但不确定如何实现。 I have an OWIN OAUTH implementation that currently accepts the users Username and Password and authenticates them against a database. 我有一个OWIN OAUTH实现,它当前接受用户的用户名和密码,并根据数据库对它们进行身份验证。 I would like to extend this to pass in a SmartCard Uid to support single sign-on with a SmartCard. 我想扩展它以通过SmartCard Uid来支持使用SmartCard进行单点登录。
Can I pass in additional parameters in the OWIN login and if so how? 我可以在OWIN登录中传递其他参数吗?如果是,如何传递? The basic premise is that a user can login with a username/password combination Or a SmartCard uid (if passing a SmartCard uid and that is found in the database then the application will log the user in) 基本前提是用户可以使用用户名/密码组合或SmartCard uid登录(如果通过SmartCard uid并且在数据库中找到,则应用程序将登录用户)
I am currently passing in username , password and grant_type and I would like to add uid to that list and pick that up in the my AuthorizationServiceProvider . 我目前正在传递username , password和grant_type ,我想在该列表中添加uid并在我的AuthorizationServiceProvider选择它。
I can see UserName , Password and ClientId on the OAuthGrantResourceOwnerCredentialsContext but I cannot see any other properties that would support what I am trying to achieve. 我可以在OAuthGrantResourceOwnerCredentialsContext上看到UserName , Password和ClientId ,但是我看不到任何其他属性可以支持我想要实现的内容。
This is what I currently have in my service provider 这是我目前在我的服务提供商中所拥有的
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
var user = await this._userService.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Sid, user.Id.ToString()));
identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
identity.AddClaim(new Claim("sub", context.UserName));
var secretKeyBytes = Encoding.UTF8.GetBytes(user.PasswordHash);
var props =
new AuthenticationProperties(
new Dictionary<string, string>
{
{ "dm:appid", user.Id.ToString() },
{ "dm:apikey", Convert.ToBase64String(secretKeyBytes) }
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
I want to be able to get Uid from the context as well but cannot see anyway of achieving this, any help is greatly appreciated. 我希望能够从上下文中获取Uid,但无论如何都看不到实现这一点,非常感谢任何帮助。
1 个解决方案
解决方案1
46 已采纳 2015-07-17 13:06:57
You have to implement ValidateClientAuthentication if you haven't done so. 如果尚未执行,则必须实现ValidateClientAuthentication 。
This is the place where you should validate your client. 这是您应该验证客户的地方。 In this methods you will do some sort of validation of your client and set the objects/variable which can be read in GrantResourceOwnerCredentials . 在此方法中,您将对客户端进行某种验证,并设置可在GrantResourceOwnerCredentials读取的对象/变量。
Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
receives an OAuthValidateClientAuthenticationContext which contains the additional field(s) you're passing when POSTing to your authorization server. 接收OAuthValidateClientAuthenticationContext ,其中包含在OAuthValidateClientAuthenticationContext到授权服务器时传递的其他字段。
In the picture above I've added an extra parameter uid in 4th position. 在上面的图片中,我在第4个位置添加了一个额外的参数uid 。
Before you validate your context: 在验证上下文之前:
context.Validated(clientId);
you can set your variable/object: 你可以设置你的变量/对象:
string uid = context.Parameters.Where(f => f.Key == "uid").Select(f => f.Value).SingleOrDefault()[0];
context.OwinContext.Set<string>("SmartCard", uid);
Now, in your GrantResourceOwnerCredentials you can simply read the value and use it: 现在,在GrantResourceOwnerCredentials您只需读取值并使用它:
string uid = context.OwinContext.Get<string>("SmartCard");
If you want to find out more you can have a look at this github repository where I pass an object: 如果您想了解更多信息,可以查看我传递对象的github 存储库 :
context.OwinContext.Set<ApplicationClient>("oauth:client", client);
If you download the whole solution you can test it with a javascript/jquery client. 如果您下载整个解决方案,您可以使用javascript / jquery客户端进行测试。
UPDATE : 更新 :
You would pass an additional parameter (IE: uid ) in your http POST request: 您将在http POST请求中传递一个附加参数(IE: uid ):
Vanilla Js : 香草Js :
var request = new XMLHttpRequest();
request.open('POST', oAuth.AuthorizationServer, true);
request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
request.setRequestHeader('Authorization', 'Basic ' + authorizationBasic);
request.setRequestHeader('Accept', 'application/json');
request.send("username=John&password=Smith&grant_type=password&uid=b17ac911-4cf1-4a3e-84a9-beac7b9da157");
jQuery : jQuery :
$.ajax({
type: 'POST',
url: oAuth.AuthorizationServer,
data: { username: 'John', password: 'Smith', grant_type: 'password', uid: 'b17ac911-4cf1-4a3e-84a9-beac7b9da157' },
dataType: "json",
contentType: 'application/x-www-form-urlencoded; charset=utf-8',
xhrFields: {
withCredentials: true
},
// crossDomain: true,
headers: {
'Authorization': 'Basic ' + authorizationBasic
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.