有没有办法在Web api项目中读取/解密承载令牌?
我的Web api还托管着SignalR集线器,可通过websocket从浏览器中调用它.
与普通的api调用不同,我无法在此处添加授权标头.虽然我可以在查询字符串中发送令牌并在SignalR集线器中读取它.
默认情况下,令牌将通过令牌解析为索赔身份.我需要手动执行此操作.我该怎么做?
OAuthAuthorizationServerOptions serverOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(Config.TokenLifetime),
Provider = new AuthProvider()
};
// Token Generation
app.UseStageMarker(PipelineStage.Authenticate); // wait for authenticate stage, so we get the windows principle for use with ntlm authentication
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
app.UseOAuthAuthorizationServer(serverOptions);
解决方法:
我假设在Startup.cs中您具有类似于以下代码:
var oAuthOpt = new OAuthBearerAuthenticationOptions
{
Provider = new OAuthTokenProvider(
req => req.Query.Get("bearer_token"),
req => req.Query.Get("access_token"),
req => req.Query.Get("refresh_token"),
req => req.Query.Get("token"),
req => req.Headers.Get("X-Token"))
};
app.UseOAuthBearerAuthentication(OAuthOpt);
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString(settings.TokenEndpointBasePath),
AccessTokenExpireTimeSpan = Util.AccessTokenExpireTimeSpan,
Provider = new AuthorizationServerProvider(new AuthenticationService()),
});
您要做的是用Startup.cs中的公共静态字段替换oAuthOpt,然后在需要取消保护承载令牌时使用它.
对于SignalR,我正在创建一个Authorization属性,在该属性中使用该oAuthOpt并使用它来解码令牌.
这是我的方法:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = false, AllowMultiple = false)]
public sealed class AuthorizeHubAttribute : AuthorizeAttribute
{
public override bool AuthorizeHubConnection (HubDescriptor hubDescriptor, IRequest request)
{
var token = request.QueryString["Authorization"];
var ticket = Startup.OAuthOpt.AccessTokenFormat.Unprotect(token);
if ( ticket != null && ticket.Identity != null && ticket.Identity.IsAuthenticated )
{
request.Environment["server.User"] = new ClaimsPrincipal(ticket.Identity);
return true;
}
else
return false;
}
public override bool AuthorizeHubMethodInvocation (IHubIncomingInvokerContext hubIncomingInvokerContext, bool appliesToMethod)
{
var connectionId = hubIncomingInvokerContext.Hub.Context.ConnectionId;
var environment = hubIncomingInvokerContext.Hub.Context.Request.Environment;
var principal = environment["server.User"] as ClaimsPrincipal;
if ( principal != null && principal.Identity != null && principal.Identity.IsAuthenticated )
{
hubIncomingInvokerContext.Hub.Context = new HubCallerContext(new Microsoft.AspNet.SignalR.Owin.ServerRequest(environment), connectionId);
return true;
}
else
return false;
}
}
var ticket = Startup.OAuthOpt.AccessTokenFormat.Unprotect(token);
该行是与Startup.cs的连接