asp.net MVC Web API-记录发送给用户的新承载令牌
[英]asp.net MVC Web API - Log New Bearer Token sent to User
问题描述
I currently have Visual Studio 2017 with a Web API Single Authentication Project. 
我目前有带有Web API单一身份验证项目的Visual Studio 2017。
I simply want to log when a bearer token (after successful authentication) is given to the user onto a text file. 我只想记录将用户令牌(成功认证后)提供给用户的文本文件。 Ie when a user sends a request to /Token and receives a relevant token back. 也就是说,当用户向/ Token发送请求并收到相关令牌时。
I am not sure where to find the method / where this variable is returned. 我不确定在哪里可以找到方法/在哪里返回该变量。 Ie what class / function etc. Before this token is return I simply want to add a few lines of code. 即是什么类/函数等。在返回此令牌之前,我只想添加几行代码。 (Ie I have a few lines of code ready to log onto a text file the token, date & time, username, etc, I just don't know where to put these!). (即我已经准备好几行代码,将令牌,日期和时间,用户名等登录到文本文件,我只是不知道将这些放在哪里!)。
Part of my logging codes involves saving the User-Agent in the Request sent to /Token. 我的部分日志记录代码涉及将User-Agent保存在发送到/ Token的请求中。 I am beginning to think I may have to do something in ApplicationOAuthProvider.cs but I am unsure how to retrieve the user's Request in the current context to extract User-agent data. 我开始认为我可能必须在ApplicationOAuthProvider.cs中执行某些操作,但是我不确定如何在当前上下文中检索用户的请求以提取用户代理数据。
For now I would like to save, User-Agent (have been using Request.Headers.Useragent prior), Username (have been using User.Identity.GetUserName() prior), Date & Time (DateTime.Now), Actual Token returned to the user. 现在,我要保存,User-Agent(以前使用Request.Headers.Useragent),Username(以前使用User.Identity.GetUserName()),日期和时间(DateTime.Now),返回的实际令牌给用户。
Edit 2: I've successfully retrieved the User-Agent using 编辑2:我已经成功使用检索了User-Agent
var myString = context.Request.Headers.Get("User-Agent");
By adding it after the (user==null) check in ApplicationOAuthProvider.cs 通过在ApplicationOAuthProvider.cs中的(user == null)检查之后添加它
Now I'm trying to figure out how to intercept the actual token being returned to the user, and the user who's receiving this token (ie Username). 现在,我试图弄清楚如何拦截返回给用户的实际令牌以及接收此令牌的用户(即用户名)。
Thanks! 谢谢!
1 个解决方案
解决方案1
0 2019-02-27 09:58:36
If I understood your problem well enough, I guess you want to log some info after successful token-based authentication and the retrieve that info for in the API controller context or any authorize attribute context. 如果我足够了解您的问题,我猜您想在成功进行基于令牌的身份验证后记录一些信息,并在API控制器上下文或任何授权属性上下文中检索该信息。
If that is the issue, I shall advise you to use claims , claim is a way to save and retrieve rich authentication info. 如果那是问题,我建议您使用Claims ,Claim是保存和检索丰富的身份验证信息的一种方法。 for example, the user-agent which you mentioned. 例如,您提到的用户代理。
you can create a class which is inherited by OAuthAuthorizationServerProvider and then override the GrantResourceOwnerCredentials which I guess you've already done. 您可以创建一个由OAuthAuthorizationServerProvider继承的类 ,然后覆盖我想您已经完成的GrantResourceOwnerCredentials 。 Just after you authorize the user with your logic and before generating the ticket and sending back the token, you can add any claims you want for the user, or even in your case generate a log file(which in my opinion is not a very valid way). 在您按照逻辑授权用户之后,在生成票证并发回令牌之前,您可以为用户添加所需的任何声明,甚至在您的情况下生成日志文件(我认为这不是非常有效的)方式)。 I hope that helps. 希望对您有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.