堆棧內存溢出
  簡體   English   中英

C#Web API OWIN身份驗證

[英]c# web api owin authentication

 原文  2015-12-15 16:06:28       c#/ authentication/ asp.net-web-api/ owin

問題描述

我對WebAPi身份認證非常陌生,即使OWIN似乎很受歡迎。 我不明白為什么我應該使用EntityFramework進行OWIN身份驗證,因為ApplicationDbContext從IdentityDbContext隱隱,而IdentityDbContext在EntityFramework命名空間中。 下面是在WebApi項目模板中選擇“個人用戶帳戶”時自動創建的過程: 

public partial class Startup
{
    public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }

    public static string PublicClientId { get; private set; }

    // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
    public void ConfigureAuth(IAppBuilder app)
    {
        // Configure the db context and user manager to use a single instance per request
        app.CreatePerOwinContext(ApplicationDbContext.Create);
        app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);

        // Enable the application to use a cookie to store information for the signed in user
        // and to use a cookie to temporarily store information about a user logging in with a third party login provider
        app.UseCookieAuthentication(new CookieAuthenticationOptions());
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        // Configure the application for OAuth based flow
        PublicClientId = "self";
        OAuthOptions = new OAuthAuthorizationServerOptions
        {
            TokenEndpointPath = new PathString("/Token"),
            Provider = new ApplicationOAuthProvider(PublicClientId),
            AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
            // In production mode set AllowInsecureHttp = false
            AllowInsecureHttp = true
        };

        // Enable the application to use bearer tokens to authenticate users
        app.UseOAuthBearerTokens(OAuthOptions);

        // Uncomment the following lines to enable logging in with third party login providers
        //app.UseMicrosoftAccountAuthentication(
        //    clientId: "",
        //    clientSecret: "");

        //app.UseTwitterAuthentication(
        //    consumerKey: "",
        //    consumerSecret: "");

        //app.UseFacebookAuthentication(
        //    appId: "",
        //    appSecret: "");

        //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
        //{
        //    ClientId = "",
        //    ClientSecret = ""
        //});
    }
}

在ConfigureAuth過程中,引用了ApplicationDbContext。

您能否幫助我用OWIN編寫簡單的身份驗證,而不使用EntityFramework?

謝謝。

1 個解決方案

解決方案1
 3  2015-12-15 18:36:27

您不需要使用EF,是的,模板使用EF和ASPNET Identity進行身份驗證,但是您可以開始使用黑色模板並在不使用EF的情況下添加它,請看下面的代碼部分:

  1. Startup.cs 

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        HttpConfiguration config = new HttpConfiguration();
        ConfigureOAuth(app);

        WebApiConfig.Register(config);
        app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
        app.UseWebApi(config);
    }

    public void ConfigureOAuth(IAppBuilder app) 
    {
        OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
        {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
            Provider = new SimpleAuthorizationServerProvider()
        };

        // Token Generation
        app.UseOAuthAuthorizationServer(OAuthServerOptions);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
    }
}
  1. SimpleAuthorizationServerProvider.cs 

public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider
{
    public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
    {
        context.Validated();
    }

    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {

        context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
        if (context.UserName != "Admin")
        {
            context.SetError("upps!", "Wrong data");
            return;
        }

        var identity = new ClaimsIdentity(context.Options.AuthenticationType);
        identity.AddClaim(new Claim("sub", context.UserName));
        identity.AddClaim(new Claim("role", "user"));

        context.Validated(identity);
    }
}

另外,您可以在此處下載一個簡單的示例: http : //1drv.ms/1mmaqtn

問候,

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 在MVC和Web Api中進行Owin認證 C#OWIN Web API路由索引頁面 Swagger 在 OWIN 啟動中不起作用 Web API C# Web API 2 OWIN Bearer令牌自定義身份驗證 使用C#Web API的Microsoft Azure身份驗證 具有OAuth和基本身份驗證的C#Web Api 在 C# 中使用基本身份驗證調用 WEB API 如何在Web API中將Windows身份驗證與Owin令牌身份驗證結合使用? 無法在C#WEB API REST服務單元測試中模擬Owin上下文 是否可以在WinForms(C#)中運行自托管的OWIN Web API?
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM