Asp.net MVC 6使用OAuthBeareAuthentication
在使用Microsoft.AspNet.Security的MVC 6 RCP 6中,我能够使用自定义SecurityTokenValidator 在RC中,Beta4中不存在Microsoft.AspNet.Security,因此我将代码更改为使用Microsoft.AspNet.Authentication,请参见以下内容:(编译并运行,但SecurityTokenValidator从不启动)Asp.net MVC 6使用OAuthBeareAuthentication,asp.net,oauth,asp.net-core-mvc,bearer-token,Asp.net,Oauth,Asp.net Core Mvc,Bearer Token,在使用Microsoft.AspNet.Security的MVC 6 RCP 6中,我能够使用自定义SecurityTokenValidator 在RC中,Beta4中不存在Microsoft.AspNet.Security,因此我将代码更改为使用Microsoft.AspNet.Authentication,请参见以下内容:(编译并运行,但SecurityTokenValidator从不启动) services.Configure<ExternalAuthenticationOption
services.Configure<ExternalAuthenticationOptions>(options =>
{
options.SignInScheme = OAuthBearerAuthenticationDefaults.AuthenticationScheme;
});
app.UseOAuthBearerAuthentication(options =>
{
options.TokenValidationParameters.ValidateAudience = true;
options.TokenValidationParameters.ValidateIssuer = true;
options.TokenValidationParameters.RequireSignedTokens = false;
options.AuthenticationScheme = OAuthBearerAuthenticationDefaults.AuthenticationScheme;
options.AutomaticAuthentication = true;
options.SecurityTokenValidators = new List<ISecurityTokenValidator> { validator };
});
services.Configure(选项=>
{
options.signnscheme=OAuthBeareAuthenticationDefaults.AuthenticationScheme;
});
app.useAuthBeareAuthentication(选项=>
{
options.TokenValidationParameters.ValidateAudience=true;
options.TokenValidationParameters.ValidateIsuer=true;
options.TokenValidationParameters.RequireSignedTokens=false;
options.AuthenticationScheme=OAuthBeareAuthenticationDefaults.AuthenticationScheme;
options.AutomaticAuthentication=true;
options.SecurityTokenValidators=新列表{validator};
});
将app.useAuthBeareAuthentication代码替换为
app.UseMiddleware<OAuthBearerAuthenticationMiddleware>(new ConfigureOptions<OAuthBearerAuthenticationOptions>(options =>
{
options.AutomaticAuthentication = true;
options.SecurityTokenValidators = new List<ISecurityTokenValidator> { validator };
}));
app.use中间件(新配置选项(选项=>
{
options.AutomaticAuthentication=true;
options.SecurityTokenValidators=新列表{validator};
}));
明白了吗
今天,我们发现CustomSecurityValidationToken不会激发,因为抛出了内部异常(在我的例子中,内部验证是基于params发生的)。
尝试调试通知,如果它触发“AuthenticationFailed”,您将在“context”变量中找到名为“Exception”的属性(如果有)
app.UseOAuthBearerAuthentication(bearer =>
{
bearer.SecurityTokenValidators = new List<ISecurityTokenValidator>() { new CustomSecurityValidationToken() };
bearer.AutomaticAuthentication = true;
bearer.Notifications = new OAuthBearerAuthenticationNotifications()
{
SecurityTokenReceived = context =>
{
return Task.FromResult(0);
},
MessageReceived = context =>
{
return Task.FromResult(0);
},
SecurityTokenValidated = context =>
{
return Task.FromResult(0);
},
AuthenticationFailed = context =>
{
context.Response.Redirect("Home/Error?message=" + context.Exception.Message);
return Task.FromResult(0);
}
};
});
app.useAuthBeareAuthentication(bearer=>
{
bearer.SecurityTokenValidators=新列表(){new CustomSecurityValidationToken()};
bearer.AutomaticAuthentication=true;
bearer.Notifications=新的OAuthBeareAuthenticationNotifications()
{
SecurityTokenReceived=上下文=>
{
返回Task.FromResult(0);
},
MessageReceived=context=>
{
返回Task.FromResult(0);
},
SecurityTokenValidated=上下文=>
{
返回Task.FromResult(0);
},
AuthenticationFailed=上下文=>
{
context.Response.Redirect(“Home/Error?message=“+context.Exception.message”);
返回Task.FromResult(0);
}
};
});