OAuth2 的原理這里不多講,可以看:https://www.cnblogs.com/icebutterfly/p/8066548.html
直奔主題:這里要實現的功能為,統計微軟的Owin程序集實現本地獲取token,完成token工作。
上代碼:
第一步:配置Startup.Auth.cs
public partial class Startup { public void ConfigureAuth(IAppBuilder app) { app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions { AllowInsecureHttp = true, TokenEndpointPath = new PathString("/oauth2/token"),//設置獲取token地址 Provider = new MyOAuthAuthorizationServerProvider(),//自定義token驗證 AccessTokenExpireTimeSpan = TimeSpan.FromSeconds(300)//定義token過期時間 }); //下面必須加用bearer方式 app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions() { }); } }
第二步:繼承OAuthAuthorizationServerProvider接口,重新里面的嚴重方法。我只實現通過用戶名密碼獲取token,所以只重寫兩個方法即可
public class MyOAuthAuthorizationServerProvider : OAuthAuthorizationServerProvider { public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId; string clientSecret; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { context.SetError("invalid_clientId", "client_Id is not set"); return Task.FromResult<object>(null); } if (!string.IsNullOrEmpty(clientSecret)) { context.OwinContext.Set("clientSecret", clientSecret); } var client = ClientRepository.Clients.Where(c => c.Id == clientId).FirstOrDefault(); if (client != null) { context.Validated(); } else { context.SetError("invalid_clientId", string.Format("Invalid client_id '{0}'", context.ClientId)); return Task.FromResult<object>(null); } return Task.FromResult<object>(null); } public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { //這里寫驗證代碼 if (context.UserName=="admin"&&context.Password=="123456") { var identity = new ClaimsIdentity( new GenericIdentity(context.UserName, OAuthDefaults.AuthenticationType), context.Scope.Select(x => new Claim("urn:oauth:scope", x))); context.Validated(identity); } else { context.SetError("invalid_grant", "The user name or password is incorrect"); return Task.FromResult<object>(null); } return Task.FromResult(0); } }
第三步:定義Client實體
public class Client { public string Id { get; set; } } public class ClientRepository { public static List<Client> Clients = new List<Client>() { new Client{ Id = "test1" }, new Client{ Id = "test2", } }; }
第四步:編寫測試方法
public class HomeController : Controller { [Authorize]//授權標簽 public ActionResult Test() { //獲取到授權登陸用戶 var authentication = HttpContext.GetOwinContext().Authentication; string name= authentication.User.Identity.Name; return Json(new { Message="Hello world",name= name }); } }
OK,就這么簡單完成。
現在來測試:
第一步:獲取token,我用的POSTMan。成功獲取到token
第二步:用postman測試也行,這里貼出用ajax請求的結果
<!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title></title> <meta charset="utf-8" /> <script src="Scripts/jquery-1.10.2.js"></script> <script> function ajax() { $.ajax({ url: '/home/test', type: 'POST', contentType: 'application/x-www-form-urlencoded', headers: { 'Authorization': 'Bearer ' + $('#token').val(), }, data: {}, success: function (data) { console.log(data); }, }) } </script> </head> <body> <input type="text" id="token" /> <input type="button" value="提交" onclick="ajax()" /> </body> </html>
測試結果為:
{ "Message": "Hello world", "name": "admin" }