Authentication WEB API 2 OAuth客户端凭据身份验证,如何添加其他参数?
我正在开发一个带有“OAuth客户端凭据”流的Web API 2,其中,在对授权令牌的第一次调用中,我需要在控制器中访问一个额外的参数,而无需在请求中始终对其进行通信 为身份验证过程传递一个附加参数并在以后的控制器中使用它的最佳方法是什么,而不需要在将来的请求中使用它,也不考虑安全问题 我发现开发人员在URL中传递这些参数,并将其添加到文本中:Authentication WEB API 2 OAuth客户端凭据身份验证,如何添加其他参数?,authentication,oauth,authorization,asp.net-web-api2,owin,Authentication,Oauth,Authorization,Asp.net Web Api2,Owin,我正在开发一个带有“OAuth客户端凭据”流的Web API 2,其中,在对授权令牌的第一次调用中,我需要在控制器中访问一个额外的参数,而无需在请求中始终对其进行通信 为身份验证过程传递一个附加参数并在以后的控制器中使用它的最佳方法是什么,而不需要在将来的请求中使用它,也不考虑安全问题 我发现开发人员在URL中传递这些参数,并将其添加到文本中: public override Task ValidateClientAuthentication(OAuthValidateClientAut
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId;
string clientSecret;
if (context.TryGetBasicCredentials(out clientId, out clientSecret) ||
context.TryGetFormCredentials(out clientId, out clientSecret))
{
try
{
if (context.Parameters.Any(x => x.Key == "Participant"))
{
// Get Participant(Additional Parameters)
string participant = context.Parameters.First(x => x.Key == "participant").Value[0];
//Validating Client
Microsoft.AspNet.Identity.PasswordHasher passwordHaser = new Microsoft.AspNet.Identity.PasswordHasher();
Client client = _clientAppService.GetById(Guid.Parse(clientId));
if (client != null && passwordHaser.VerifyHashedPassword(client.SecretHash, clientSecret) == Microsoft.AspNet.Identity.PasswordVerificationResult.Success)
{
context.OwinContext.Set<Client>("oauth:client", client);
//Store Participant(Additional Parameters)
context.OwinContext.Set<Participant>("urn:participant", new Participant { Document = participant });
context.Validated();
}
else
{
context.SetError("invalid_client", "Client credentials are invalid.");
context.Rejected();
}
}
else
{
context.SetError("invalid_request", "Participant are invalid.");
context.Rejected();
}
}
catch (Exception)
{
context.SetError("server_error");
context.Rejected();
}
}
else
{
context.SetError("invalid_client", "Client credentials could not be retrieved through the Authorization header.");
context.Rejected();
}
return Task.FromResult(0);
}
我在网上找到的另一个解决方案是在方法GrantClientCredentials上添加一个新声明,但我不知道如何获取控制器上的值:
public override Task GrantClientCredentials(OAuthGrantClientCredentialsContext context)
{
//Client validated, generate token
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
Client client = context.OwinContext.Get<Client>("oauth:client");
if (client.AllowedGrant == OAuthGrant.Client)
{
ClaimsIdentity identity = new ClaimsIdentity(new GenericIdentity(context.ClientId, OAuthDefaults.AuthenticationType));
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
// Add an custum Claim with the additional parameter
identity.AddClaim(new Claim("Participant", context.OwinContext.Get<Participant>("urn:participant").Document));
context.Validated(identity);
}
else
{
context.SetError(
"unauthorized_client",
"The authenticated client is not authorized to use this authorization grant type");
}
return Task.FromResult(0);
}
公共覆盖任务GrantClientCredentials(OAuthGrantClientCredentialsContext)
{
//客户端验证,生成令牌
context.OwinContext.Response.Headers.Add(“访问控制允许来源”,新[]{“*”});
Client-Client=context.OwinContext.Get(“oauth:Client”);
if(client.AllowedGrant==OAuthGrant.client)
{
ClaimsIdentity identity=newclaimsidentity(newGenericEntity(context.ClientId,OAuthDefaults.AuthenticationType));
identity.AddClaim(新声明(ClaimTypes.Role,“用户”);
//使用附加参数添加custum索赔
AddClaim(新声明(“参与者”,context.OwinContext.Get(“urn:Participant”).Document));
上下文验证(身份);
}
其他的
{
context.SetError(
“未经授权的客户端”,
“已验证的客户端无权使用此授权授予类型”);
}
返回Task.FromResult(0);
}
[Authorize]
public class ParticipantController : ApiController
{
public decimal GetBalance([ModelBinder(BinderType=typeof(ParticipantModelBinder))] Participant participant)
{
return 0;
}
}
public override Task GrantClientCredentials(OAuthGrantClientCredentialsContext context)
{
//Client validated, generate token
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
Client client = context.OwinContext.Get<Client>("oauth:client");
if (client.AllowedGrant == OAuthGrant.Client)
{
ClaimsIdentity identity = new ClaimsIdentity(new GenericIdentity(context.ClientId, OAuthDefaults.AuthenticationType));
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
// Add an custum Claim with the additional parameter
identity.AddClaim(new Claim("Participant", context.OwinContext.Get<Participant>("urn:participant").Document));
context.Validated(identity);
}
else
{
context.SetError(
"unauthorized_client",
"The authenticated client is not authorized to use this authorization grant type");
}
return Task.FromResult(0);
}