堆栈内存溢出
  简体   繁体   English

在asp.net下使用owin和LinkedIn身份验证提供程序进行WebApi身份验证

[英]WebApi authentication with owin and LinkedIn auth provider under Asp.Net

 原文  2018-07-12 10:42:42       c#/ authentication/ asp.net-web-api/ owin/ linkedin

问题描述

We have a webApi running under Asp.Net with Owin (.Net Framework 4.6). 我们有一个WebApi和Owin(.Net Framework 4.6)在Asp.Net下运行。 Several native frontend clients (iOs, android etc.) are using that api. 几个本地前端客户端(iO,android等)正在使用该api。 That API currently uses Microsoft Login with bearer token and cookie authentication. 该API当前使用带有登录令牌和cookie身份验证的Microsoft登录名。 This works, and the access token is returned directly to the webView in the client with the redirected requests and we are able to access our API with the Bearer token and another authentication cookie. 这有效,访问令牌随重定向的请求直接返回到客户端中的webView,我们能够使用Bearer令牌和另一个身份验证cookie访问我们的API。 We have now the task to implement authentication with a LinkedIn auth provider in that API. 现在,我们的任务是在该API中使用LinkedIn身份验证提供程序实现身份验证。 For clearification: we need an OWIN implementation (no AspNet.Core). 为了澄清:我们需要一个OWIN实现(没有AspNet.Core)。

We are able to get the access token from LinkedIn within the webAPI using this LinkedIn auth provider . 我们可以使用该LinkedIn身份验证提供程序从webAPI中的LinkedIn获取访问令牌。 So we see the token in our User.Identity.Claims. 因此,我们在User.Identity.Claims中看到了令牌。 We are also able to return it to the client again. 我们也可以再次将其退还给客户。 Yes, this is maybe no good idea, but it seems to be not possible to get the token directly in the browser/webView because the response_type=code is mandatory for linkedIn authentication. 是的,这可能不是一个好主意,但是似乎不可能直接在浏览器/ webView中获取令牌,因为response_type = code是linkedIn身份验证所必需的。 With response_type=token this works for the microsoft authentication. 使用response_type = token可以用于Microsoft身份验证。

Anyway at the end the webview is redirected to following url though we already have retrieved the access_token: http://10.0.2.2:8108/signin-linkedin ? 无论如何,尽管我们已经检索了access_token,最终Web视图仍被重定向到以下URL: http ://10.0.2.2: 8108 /signin- linkedin error=unsupported_response_type 错误=不受支持的响应类型

Please just ignore that we do not use https for now. 请忽略我们暂时不使用https的情况。 The host is only for testing, but the important part is the appended error. 主机仅用于测试,但重要的部分是附加的错误。

Why do we get this error? 为什么会出现此错误? Who calls this request and why do we have that error though we have the token already? 谁调用此请求,尽管我们已经有了令牌,为什么会出现该错误?

Another information is, that the access token we have now in the client cannot be used for authentication against the webAPI. 另一个信息是,我们现在在客户端中拥有的访问令牌不能用于针对webAPI的身份验证。 So we get back a 401 Unauthorized. 因此,我们取回401未经授权。

Maybe I should mention explicitly that we use also cookie authentication in the api, which seems to work as we receive the cookie in the webView and we are able to call methods that are protected with cookie authentication only in the correct user context. 也许我应该明确提到,我们也在api中使用cookie身份验证,当我们在webView中接收cookie时,它似乎可以正常工作,并且仅在正确的用户上下文中,我们才能调用受cookie身份验证保护的方法。

Any help is highly appreciated! 任何帮助深表感谢!

1 个解决方案

解决方案1
 0  2018-07-23 11:56:20

使用HTTPS之后,出现了unsupported_response_type错误。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Asp.Net WebApi OWIN身份验证 - Asp.Net WebApi OWIN Authentication Knockout中的ASP.Net WebAPI Owin身份验证令牌 - ASP.Net WebAPI Owin authentication token in Knockout Google身份验证OWIN ASP.NET - Google Authentication OWIN ASP.NET 在 ASP.NET WebApi 2 中测试 OWIN 中间件:如何设置 cookie? - Testing OWIN Middleware in ASP.NET WebApi 2: How to set cookies? 在 ASP.NET WebAPI 2 中缩短 OWIN 返回的访问令牌 - Shorten access token returned by OWIN in ASP.NET WebAPI 2 FluentValidation with Owin 忽略了 Asp.Net WebApi2 中的 [FromUri] Dtos - FluentValidation with Owin ignores [FromUri] Dtos in Asp.Net WebApi2 ASP.NET MVC 5和WebApi 2身份验证 - ASP.NET MVC 5 and WebApi 2 Authentication 将身份验证添加到ASP.NET WebApi 2.2 - Add Authentication to ASP.NET WebApi 2.2 WebApi 2身份验证和ASP.NET MVC 5应用程序 - WebApi 2 Authentication and ASP.NET MVC 5 Applications ASP.NET 核心 WebApi 身份验证 - ASP.NET Core WebApi Authentication with Identity
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM