如何在Web API应用程序中使用ASP.net 5 Identity? 基于令牌的用户身份验证。 移动应用
[英]How to use ASP.net 5 Identity in web API application? User authentication based on tokens. Mobile apps
问题描述
Assuming that I currently have a newly created project based on Visual Studio 2015 "WebApp" template with Individual Accounts authentication, I use Microsoft.AspNet.Authentication package and I can't always rely on cookies, because my web API should also target mobile apps: 
假设我目前有一个基于Visual Studio 2015“WebApp”模板的新创建的项目,具有个人帐户身份验证,我使用Microsoft.AspNet.Authentication包,我不能总是依赖cookie,因为我的Web API也应该针对移动应用程序:
How can I add authentication to my web API? 如何向我的Web API添加身份验证? I'm especially interested in token based authentication. 我对基于令牌的身份验证特别感兴趣。
3 个解决方案
解决方案1
4 2015-12-29 13:44:51
您可以使用基本的http身份验证或使用通过http标头传递的令牌或票证实现类似的身份验证。
解决方案2
3 2015-12-29 13:44:20
Implement custom AuthorizeAttribute in your web api project. 在web api项目中实现自定义AuthorizeAttribute。 In IsAuthorized(HttpActionContext actionContext) overload you can check the authorization scheme and authorization header and then you can connect to your sessions provider and check if the user has an active session. 在IsAuthorized(HttpActionContext actionContext)重载中,您可以检查授权方案和授权标头,然后您可以连接到会话提供程序并检查用户是否具有活动会话。 You must pass the login token in the authorization header, so if the token is missing that means there is no active user. 您必须在授权标头中传递登录令牌,因此如果缺少令牌,则表示没有活动用户。 So when you login you must create and encrypt the token on successful login. 因此,当您登录时,您必须在成功登录时创建并加密令牌。 Then pass this token with each request to the server. 然后将此令牌与每个请求一起传递给服务器。
This blog contains more information about using AuthorizeAttribute: http://weblogs.asp.net/jongalloway/asp-net-mvc-authentication-customizing-authentication-and-authorization-the-right-way 此博客包含有关使用AuthorizeAttribute的更多信息: http : //weblogs.asp.net/jongalloway/asp-net-mvc-authentication-customizing-authentication-and-authorization-the-right-way
解决方案3
3 2016-01-03 02:38:49
You can make separate table in db for storing authentication detail (AuthKey, UserID, CreatedDate, ExpiredDate, IsExpired) and make functions like CheckAuthorizationKey(string authKey), ExtendAuthorization(string authKey), ExpireAuthorization(string authKey){} 您可以在db中创建单独的表来存储身份验证详细信息(AuthKey,UserID,CreatedDate,ExpiredDate,IsExpired),并使函数像CheckAuthorizationKey(字符串authKey),ExtendAuthorization(字符串authKey),ExpireAuthorization(字符串authKey){}
and call that functions for checking the authorization as below sample code. 并调用该功能以检查授权,如下面的示例代码。
public ServiceResult<LoginModel> Login(string auth_key)
{
var service = new ServiceResult<LoginModel>();
LoginModel user = new LoginModel();
if (AuthKey.CheckAuthorizationKey(auth_key) == false)
{
service.message = TemplateCodes.GetMessage(TemplateCodes.UnAuthorize, null, db);
service.status = ServiceStatus.authorization_failed;
return service;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.