stackoom
  简体   繁体   中英

Implemented Oauth to generate token but how to validate that user has access rights are not for specific method?

 原文  2017-05-24 10:33:18       c#/ oauth-2.0/ owin/ access-token/ owin-middleware

Question

I have implemented following code to generate refresh token which i saved into database for future use. 

public class SimpleRefreshTokenProvider : IAuthenticationTokenProvider
{
    public async Task CreateAsync(AuthenticationTokenCreateContext context)
    {
        var clientid = context.Ticket.Properties.Dictionary["as:client_id"];

        if (string.IsNullOrEmpty(clientid))
        {
            return;
        }

        var refreshTokenId = Guid.NewGuid().ToString("n");

        using (AuthRepository _repo = new AuthRepository())
        {
            var refreshTokenLifeTime = context.OwinContext.Get<string>("as:clientRefreshTokenLifeTime"); 

            var token = new RefreshToken() 
            { 
                Id = Helper.GetHash(refreshTokenId),
                ClientId = clientid, 
                Subject = context.Ticket.Identity.Name,
                IssuedUtc = DateTime.UtcNow,
                ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime)) 
            };

            context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
            context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;

            token.ProtectedTicket = context.SerializeTicket();

            var result = await _repo.AddRefreshToken(token);

            if (result)
            {
                context.SetToken(refreshTokenId);
            }        
        }
    }
}

I want to validate the use privileges without using asp.net identity ,

I have my custom tables of user and privileges .

How can I validate and check whether user has what rights to access all webapi methods or only selected from database?

1 answers

solution1
 2  2017-05-24 10:45:02

You can inherit from AuthorizeAttribute 

public class OwnAuthorizeAttribute : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        // Your auth code

        // If you need base functionality
        base.OnAuthorization(filterContext);
    }
}

Or you can try implement own mechanism based on Action Filters

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to generate soundcloud oauth token (access token) Get access rights of specific folder for actual user Are OAuth access tokens user specific? How to get / generate access token from azure OAuth 2.0 token (v2) endpoints? How can I validate my custom Oauth2 access token in server-side Generate HTTP request with OAuth access token for Vimeo API in c# How to check if user has admin rights in Windows Store App How to access additional method of class that implemented interface How to get access token for google oauth? How to get access token in Web Api OAuth?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM