使用控制檯程序搭建OAuth受權服務器
參考地址:ASP.NET Web Api: Understanding OWIN/Katana Authentication/Authorization Part I: Conceptsweb
先上一張OAuth的認證圖api
不少狀況下受權服務器和資源服務器時同一臺機器,就有了下面這張圖服務器
接着能夠使用上一篇文章中的控制檯程序,作一些改動app
首先須要引入Microsoft.AspNet.Identity.Owin包async
PM> Install-Package Microsoft.AspNet.Identity.Owin -Pre
添加一個受權提供類ApplicationOAuthServerProvider繼承自Microsoft.Owin.Security.OAuth中的OAuthAuthorizationServerProvider ,這個類實現了IOAuthAuthorizationServerProvider接口ide
using Microsoft.Owin.Security.OAuth; using System; using System.Collections.Generic; using System.Linq; using System.Security.Claims; using System.Text; using System.Threading.Tasks; namespace ConsoleWebApi.OAuthServerProvider { public class ApplicationOAuthServerProvider: OAuthAuthorizationServerProvider { public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { // This call is required... // but we're not using client authentication, so validate and move on... await Task.FromResult(context.Validated()); } public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { // DEMO ONLY: Pretend we are doing some sort of REAL checking here: if (context.Password != "password") { context.SetError( "invalid_grant", "The user name or password is incorrect."); context.Rejected(); return; } // Create or retrieve a ClaimsIdentity to represent the // Authenticated user: ClaimsIdentity identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim("user_name", context.UserName)); // Add a Role Claim: identity.AddClaim(new Claim(ClaimTypes.Role, "Admin")); // Identity info will ultimately be encoded into an Access Token // as a result of this call: context.Validated(identity); } } }
這裏重寫了兩個方法:ui
ValidateClientAuthentication()驗證客戶信息。this
GrantResourceOwnerCredentials()建立ClaimsIdentity並經過OWIN middleware將ClaimsIdentity編碼生成Access Token。編碼
Suffice it to say that theClaimsIdentity information is encrypted with a private key (generally, but not always the Machine Key of the machine on which the server is running). Once so encrypted, the access token is then added to the body of the outgoing HTTP response.url
大意就時經過機器的Machine Key將ClaimsIdentity編碼,若是資源服務器和受權服務器不是同一臺機器的話,須要在配置文件中配置相同的Machine Key,這樣經過OWIN 中間件就能解碼出ClaimsIdentity。
下一步修改Startup ,添加ConfigureAuth()
Startup class. Check to make sure you have added the following usings and code to Startup: Add a ConfigureAuth() Method to the OWIN Startup Class: using System; // Add the following usings: using Owin; using System.Web.Http; using MinimalOwinWebApiSelfHost.Models; using MinimalOwinWebApiSelfHost.OAuthServerProvider; using Microsoft.Owin.Security.OAuth; using Microsoft.Owin; namespace MinimalOwinWebApiSelfHost { public class Startup { // This method is required by Katana: public void Configuration(IAppBuilder app) { ConfigureAuth(app); var webApiConfiguration = ConfigureWebApi(); app.UseWebApi(webApiConfiguration); } private void ConfigureAuth(IAppBuilder app) { var OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthServerProvider(), AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), // Only do this for demo!! AllowInsecureHttp = true }; app.UseOAuthAuthorizationServer(OAuthOptions); app.UseOAuthBearerAuthentication( new OAuthBearerAuthenticationOptions()); } private HttpConfiguration ConfigureWebApi() { var config = new HttpConfiguration(); config.Routes.MapHttpRoute( "DefaultApi", "api/{controller}/{id}", new { id = RouteParameter.Optional }); return config; } } }
接下來新建一個客戶端控制檯程序
添加幾個類
ApiClientProvider
using Newtonsoft.Json; using System; using System.Collections.Generic; using System.Linq; using System.Net.Http; using System.Text; using System.Threading.Tasks; namespace MinimalOwinWebApiClient { public class ApiClientProvider { string _hostUri; public string AccessToken { get; private set; } public ApiClientProvider(string hostUri) { _hostUri = hostUri; } public async Task<Dictionary<string, string>> GetTokenDictionary( string userName, string password) { HttpResponseMessage response; var pairs = new List<KeyValuePair<string, string>> { new KeyValuePair<string, string>( "grant_type", "password" ), new KeyValuePair<string, string>( "username", userName ), new KeyValuePair<string, string> ( "password", password ) }; var content = new FormUrlEncodedContent(pairs); using (var client = new HttpClient()) { var tokenEndpoint = new Uri(new Uri(_hostUri), "Token"); response = await client.PostAsync(tokenEndpoint, content); } var responseContent = await response.Content.ReadAsStringAsync(); if (!response.IsSuccessStatusCode) { throw new Exception(string.Format("Error: {0}", responseContent)); } return GetTokenDictionary(responseContent); } private Dictionary<string, string> GetTokenDictionary( string responseContent) { Dictionary<string, string> tokenDictionary = JsonConvert.DeserializeObject<Dictionary<string, string>>( responseContent); return tokenDictionary; } } }
Company
public class Company { public int Id { get; set; } public string Name { get; set; } }
CompanyClient
using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Net.Http; using System.Net.Http.Headers; using System.Text; using System.Threading.Tasks; namespace MinimalOwinWebApiClient { public class CompanyClient { string _accessToken; Uri _baseRequestUri; public CompanyClient(Uri baseUri, string accessToken) { _accessToken = accessToken; _baseRequestUri = new Uri(baseUri, "api/companies/"); } // Handy helper method to set the access token for each request: void SetClientAuthentication(HttpClient client) { client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", _accessToken); } public async Task<IEnumerable<Company>> GetCompaniesAsync() { HttpResponseMessage response; using (var client = new HttpClient()) { SetClientAuthentication(client); response = await client.GetAsync(_baseRequestUri); } return await response.Content.ReadAsAsync<IEnumerable<Company>>(); } public async Task<Company> GetCompanyAsync(int id) { HttpResponseMessage response; using (var client = new HttpClient()) { SetClientAuthentication(client); // Combine base address URI and ID to new URI // that looks like http://hosturl/api/companies/id response = await client.GetAsync( new Uri(_baseRequestUri, id.ToString())); } var result = await response.Content.ReadAsAsync<Company>(); return result; } public async Task<HttpStatusCode> AddCompanyAsync(Company company) { HttpResponseMessage response; using (var client = new HttpClient()) { SetClientAuthentication(client); response = await client.PostAsJsonAsync( _baseRequestUri, company); } return response.StatusCode; } public async Task<HttpStatusCode> UpdateCompanyAsync(Company company) { HttpResponseMessage response; using (var client = new HttpClient()) { SetClientAuthentication(client); response = await client.PutAsJsonAsync( _baseRequestUri, company); } return response.StatusCode; } public async Task<HttpStatusCode> DeleteCompanyAsync(int id) { HttpResponseMessage response; using (var client = new HttpClient()) { SetClientAuthentication(client); // Combine base address URI and ID to new URI // that looks like http://hosturl/api/companies/id response = await client.DeleteAsync( new Uri(_baseRequestUri, id.ToString())); } return response.StatusCode; } } }
修改Main
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; namespace MinimalOwinWebApiClient { class Program { static void Main(string[] args) { // Wait for the async stuff to run... Run().Wait(); // Then Write Done... Console.WriteLine(""); Console.WriteLine("Done! Press the Enter key to Exit..."); Console.ReadLine(); return; } static async Task Run() { // Create an http client provider: string hostUriString = "http://localhost:8080"; var provider = new ApiClientProvider(hostUriString); string _accessToken; Dictionary<string, string> _tokenDictionary; try { // Pass in the credentials and retrieve a token dictionary: _tokenDictionary = await provider.GetTokenDictionary( "john@example.com", "password"); _accessToken = _tokenDictionary["access_token"]; // Write the contents of the dictionary: foreach (var kvp in _tokenDictionary) { Console.WriteLine("{0}: {1}", kvp.Key, kvp.Value); Console.WriteLine(""); } // Create a company client instance: var baseUri = new Uri(hostUriString); var companyClient = new CompanyClient(baseUri, _accessToken); // Read initial companies: Console.WriteLine("Read all the companies..."); var companies = await companyClient.GetCompaniesAsync(); WriteCompaniesList(companies); int nextId = (from c in companies select c.Id).Max() + 1; Console.WriteLine("Add a new company..."); var result = await companyClient.AddCompanyAsync( new Company { Name = string.Format("New Company #{0}", nextId) }); WriteStatusCodeResult(result); Console.WriteLine("Updated List after Add:"); companies = await companyClient.GetCompaniesAsync(); WriteCompaniesList(companies); Console.WriteLine("Update a company..."); var updateMe = await companyClient.GetCompanyAsync(nextId); updateMe.Name = string.Format("Updated company #{0}", updateMe.Id); result = await companyClient.UpdateCompanyAsync(updateMe); WriteStatusCodeResult(result); Console.WriteLine("Updated List after Update:"); companies = await companyClient.GetCompaniesAsync(); WriteCompaniesList(companies); Console.WriteLine("Delete a company..."); result = await companyClient.DeleteCompanyAsync(nextId - 1); WriteStatusCodeResult(result); Console.WriteLine("Updated List after Delete:"); companies = await companyClient.GetCompaniesAsync(); WriteCompaniesList(companies); } catch (AggregateException ex) { // If it's an aggregate exception, an async error occurred: Console.WriteLine(ex.InnerExceptions[0].Message); Console.WriteLine("Press the Enter key to Exit..."); Console.ReadLine(); return; } catch (Exception ex) { // Something else happened: Console.WriteLine(ex.Message); Console.WriteLine("Press the Enter key to Exit..."); Console.ReadLine(); return; } } static void WriteCompaniesList(IEnumerable<Company> companies) { foreach (var company in companies) { Console.WriteLine("Id: {0} Name: {1}", company.Id, company.Name); } Console.WriteLine(""); } static void WriteStatusCodeResult(System.Net.HttpStatusCode statusCode) { if (statusCode == System.Net.HttpStatusCode.OK) { Console.WriteLine("Opreation Succeeded - status code {0}", statusCode); } else { Console.WriteLine("Opreation Failed - status code {0}", statusCode); } Console.WriteLine(""); } } }
給CompaniesController加上[Authorize]後就有了受權認證了。
相關文章
- 1. 使用Owin中間件搭建OAuth2.0認證受權服務器
- 2. OAuth受權過程
- 3. cmd控制檯受權
- 4. 使用Swift4.0搭建後臺服務器
- 5. PHP搭建OAuth服務
- 6. IntelliJ Idea 受權服務器使用
- 7. OAuth 2.0受權之受權碼受權
- 8. Spring Cloud OAuth2(一) 搭建受權服務
- 9. Spring Cloud Security OAuth2搭建受權服務
- 10. 版本控制-搭建git服務器
- 更多相關文章...
- • Git 服務器搭建 - Git 教程
- • ASP.NET MVC - 控制器 - ASP.NET 教程
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
- • Docker容器實戰(六) - 容器的隔離與限制
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 升級Gradle後報錯Gradle‘s dependency cache may be corrupt (this sometimes occurs
- 2. Smarter, Not Harder
- 3. mac-2019-react-native 本地環境搭建(xcode-11.1和android studio3.5.2中Genymotion2.12.1 和VirtualBox-5.2.34 )
- 4. 查看文件中關鍵字前後幾行的內容
- 5. XXE萌新進階全攻略
- 6. Installation failed due to: ‘Connection refused: connect‘安卓studio端口占用
- 7. zabbix5.0通過agent監控winserve12
- 8. IT行業UI前景、潛力如何?
- 9. Mac Swig 3.0.12 安裝
- 10. Windows上FreeRDP-WebConnect是一個開源HTML5代理,它提供對使用RDP的任何Windows服務器和工作站的Web訪問
歡迎關注本站公眾號,獲取更多信息
