如何使用RestSharp為承載令牌實現自定義IAuthenticationModule

Question

我正在使用RestSharp向使用承載令牌身份驗證的API發出請求。 大多數請求都按預期運行，但是有一個特定的端點始終將請求重定向到動態位置。 發生此重定向時，授權標頭會丟失（根據設計），從而導致錯誤請求。

我已經對該問題進行了一些調查，並在這里發現了一個類似的問題，但是我制作的自定義AuthenticationModule從未調用過Authenticate函數。

我是否在設置中遺漏了一些明顯的東西，這些東西阻止了Authentication模塊的使用，或者還有其他事情嗎？

謝謝！

我的身份驗證器類：

public class AdpAuthenticator : IAuthenticator
{
    /// <summary>
    /// The current access token for making requests to the API.
    /// </summary>
    private static string AccessToken { get; set; }

    /// <summary>
    /// When the current access token expires.
    /// </summary>
    private static DateTime TokenExpiresOn { get; set; }

    private static CredentialCache CredentialCache { get; set; }

    /// <summary>
    /// Singleton instance for making requests for access tokens.
    /// </summary>
    private static IRestClient AuthenticationClient { get; set; }

    /// <summary>
    /// Singleton instance of the request for obtaining access tokens.
    /// </summary>
    private static IRestRequest AuthenticationRequest { get; set; }

    /// <summary>
    /// Construct a new AdpAuthenticator.
    /// </summary>
    /// <param name="adpClientId"></param>
    /// <param name="adpClientSecret"></param>
    /// <param name="adpCertPath"></param>
    public AdpAuthenticator(string adpClientId, string adpClientSecret, string adpCertPath)
    {
        if (string.IsNullOrWhiteSpace(adpClientId)) throw new ArgumentNullException("Passed adpClientId was empty or null.");
        if (string.IsNullOrWhiteSpace(adpClientSecret)) throw new ArgumentNullException("Passed adpClientSecret was empty or null.");

        if (CredentialCache == null)
        {
            CredentialCache = new CredentialCache
            {
                {new Uri("https://api.adp.com"), "Basic", new NetworkCredential(adpClientId, adpClientSecret) }
            };
        }

        if (AuthenticationClient == null)
        {
            X509Certificate2Collection certificateCollection;
            X509Certificate2 certificate = new X509Certificate2(adpCertPath);
            certificateCollection = new X509Certificate2Collection
            {
                certificate
            };

            AuthenticationClient = new RestClient("https://api.adp.com")
            {
                ClientCertificates = certificateCollection,
                Authenticator = new HttpBasicAuthenticator(adpClientId, adpClientSecret)
            };
            AuthenticationClient.UseSerializer(new JsonNetSerializer());
        }

        if (AuthenticationRequest == null)
        {
            AuthenticationRequest = new RestRequest("auth/oauth/v2/token", Method.POST)
            {
                Credentials = CredentialCache
            };
            AuthenticationRequest.AddOrUpdateParameter("grant_type", "client_credentials", ParameterType.QueryString);
        }

        RegisterAuthenticationModule(new Uri("https://api.adp.com/"));
    }

    /// <summary>
    /// Authenticate a request.
    /// </summary>
    /// <param name="client"></param>
    /// <param name="request"></param>
    public void Authenticate(IRestClient client, IRestRequest request)
    { 
        //If accessToken is null or expired, get a new one.
        if (!HasValidToken())
        {
            RefreshAccessToken();
        }
        //request.AddOrUpdateParameter("Authorization", AccessToken, ParameterType.HttpHeader);
        //var newCache = new CredentialCache
        //{
        //    {new Uri("https://api.adp.com/"), "Bearer", new NetworkCredential(AccessToken, "") }
        //};
        var newCache = new CredentialCache();
        newCache.Add(new Uri("https://api.adp.com/"), AdpAuthenticationModule.TheAuthenticationType, new NetworkCredential(AccessToken, ""));

        request.Credentials = newCache;
        //request.AddOrUpdateParameter("Authorization", "Bearer " + AccessToken, ParameterType.HttpHeader);

    }

    private void RefreshAccessToken()
    {
        try
        {
            var response = AuthenticationClient.Execute<AuthorizationResponse>(AuthenticationRequest);
            if (response.StatusCode != System.Net.HttpStatusCode.OK)
            {
                throw new FailedAuthenticationException($"Authentication failed to refresh access token, returned with code {response.StatusCode}. Content: \"{response.Content}\".", null);
            }
            if (string.IsNullOrWhiteSpace(response.Data.access_token))
            {
                throw new Exception("Error: response returned during access token refresh gave Status 200 OK, but access_token returned was null or whitespace.");
            }
            AccessToken = response.Data.access_token;
            if (response.Data.expires_in <= 0)
            {
                throw new Exception("Error: response returned during access token refresh gave Status 200 OK, but expires_in value returned was <=0.");
            }
            TokenExpiresOn = DateTime.Now.AddSeconds(response.Data.expires_in);
        }
        catch (FailedAuthenticationException)
        {
            throw;
        }
        catch (Exception e)
        {
            throw new FailedAuthenticationException($"Authentication failed to refresh access token, see inner exception details.", e);
        }
    }

    /// <summary>
    /// Returns whether the current access token is valid.
    /// </summary>
    /// <returns>False if token is null or has 10 or less minutes until expiry; else returns true.</returns>
    public bool HasValidToken()
    {
        return !string.IsNullOrEmpty(AccessToken) && DateTime.Now.CompareTo(TokenExpiresOn.AddMinutes(-10.0)) < 0;
    }

    private static AdpAuthenticationModule RegisterAuthenticationModule(Uri loginServerUrl)
    {
        var registeredModules = AuthenticationManager.RegisteredModules;
        AdpAuthenticationModule authenticationModule;

        while (registeredModules.MoveNext())
        {
            object current = registeredModules.Current;
            if (current is AdpAuthenticationModule)
            {
                authenticationModule = (AdpAuthenticationModule)current;
                if (authenticationModule.LoginServerUrl.Equals(loginServerUrl))
                {
                    return authenticationModule;
                }
            }
        }

        authenticationModule = new AdpAuthenticationModule(loginServerUrl);
        AuthenticationManager.Register(authenticationModule);
        return authenticationModule;
    }
}

我的自定義身份驗證模塊：

public class AdpAuthenticationModule : IAuthenticationModule
{
    /// <summary>
    /// The name of the custom authentication type.
    /// </summary>
    public string AuthenticationType => TheAuthenticationType;

    public static string TheAuthenticationType => "AdpAuthentication";

    /// <summary>
    /// Returns false, as this IAuthenticationModule cannot pre-authenticate.
    /// </summary>
    public bool CanPreAuthenticate => false;

    private readonly CredentialCache credentialCache = new CredentialCache();
    private readonly Uri loginServerUrl;

    internal CredentialCache CredentialCache
    {
        get
        {
            return credentialCache;
        }
    }

    internal Uri LoginServerUrl
    {
        get
        {
            return loginServerUrl;
        }
    }

    internal AdpAuthenticationModule(Uri loginServerUrl)
    {
        this.loginServerUrl = loginServerUrl ?? throw new ArgumentNullException("AdpAuthenticationModule.loginServerUrl");
    }

    /// <summary>
    /// Builds and returns a <see cref="Authorization"/> object for a request.
    /// </summary>
    /// <param name="challenge"></param>
    /// <param name="request"></param>
    /// <param name="credentials"></param>
    /// <returns></returns>
    public Authorization Authenticate(string challenge, WebRequest request, ICredentials credentials)
    {
        Authorization result = null;

        if (request != null && credentials != null)
        {
            NetworkCredential creds = credentials.GetCredential(LoginServerUrl, AuthenticationType);
            if (creds == null)
            {
                return null;
            }

            ICredentialPolicy policy = AuthenticationManager.CredentialPolicy;
            if (policy != null && !policy.ShouldSendCredential(LoginServerUrl, request, creds, this))
            {
                return null;
            }

            string token = Convert.ToBase64String(Encoding.UTF8.GetBytes(creds.UserName));

            result = new Authorization(string.Format("Bearer {0}", token));
        }

        return result;
    }

    /// <summary>
    /// Returns null, since this IAuthenticationModule cannot pre-authenticate.
    /// </summary>
    /// <param name="request"></param>
    /// <param name="credentials"></param>
    /// <returns></returns>
    public Authorization PreAuthenticate(WebRequest request, ICredentials credentials)
    {
        return null;
    }
}

Answer 1

需要從System.Net在AuthenticationManager類中注冊IAuthenticationModule的實現。

使用以下代碼：

AuthenticationManager.Register(new AdpAuthenticationModule());