C# Asp.Net WebApi-startup.auth.cs中PublicClientId的用途是什么
我是mvc新手。我正在尝试制作webapi,因此我启动了一个webapi项目。我在Startup.Auth.cs文件中发现了一个变量:C# Asp.Net WebApi-startup.auth.cs中PublicClientId的用途是什么,c#,asp.net,asp.net-mvc,asp.net-web-api,asp.net-mvc-5,C#,Asp.net,Asp.net Mvc,Asp.net Web Api,Asp.net Mvc 5,我是mvc新手。我正在尝试制作webapi,因此我启动了一个webapi项目。我在Startup.Auth.cs文件中发现了一个变量: public static string PublicClientId { get; private set; } 它还用于以下功能,如下所示: public void ConfigureAuth(IAppBuilder app) { // Configure the db context and user ma
public static string PublicClientId { get; private set; }
它还用于以下功能,如下所示:
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context and user manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Configure the application for OAuth based flow
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath =
new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(365),
// In production mode set AllowInsecureHttp = false
AllowInsecureHttp = true
};
public void ConfigureAuth(IAppBuilder应用程序)
{
//将db上下文和用户管理器配置为每个请求使用一个实例
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext(ApplicationUserManager.Create);
//使应用程序能够使用cookie存储登录用户的信息
//以及使用cookie临时存储用户登录第三方登录提供商的信息
app.UseCookieAuthentication(新的CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
//为基于OAuth的流配置应用程序
PublicClientId=“self”;
OAuthOptions=新的OAuthAuthorizationServerOptions
{
TokenEndpointPath=新路径字符串(“/Token”),
Provider=新的ApplicationAuthProvider(PublicClientId),
授权端点路径=
新路径字符串(“/api/Account/ExternalLogin”),
AccessTokenExpireTimeSpan=TimeSpan.FromDays(365),
//在生产模式下,设置AllowInsecureHttp=false
AllowInsecureHttp=true
};
}
但我不明白它是为了什么目的。
我还通过以下方法在Accounts Countroller中找到该变量的引用
// GET api/Account/ExternalLogins?returnUrl=%2F&generateState=true
[AllowAnonymous]
[Route("ExternalLogins")]
public IEnumerable<ExternalLoginViewModel> GetExternalLogins(string returnUrl, bool generateState = false)
{
IEnumerable<AuthenticationDescription> descriptions = Authentication.GetExternalAuthenticationTypes();
List<ExternalLoginViewModel> logins = new List<ExternalLoginViewModel>();
string state;
if (generateState)
{
const int strengthInBits = 256;
state = RandomOAuthStateGenerator.Generate(strengthInBits);
}
else
{
state = null;
}
foreach (AuthenticationDescription description in descriptions)
{
ExternalLoginViewModel login = new ExternalLoginViewModel
{
Name = description.Caption,
Url = Url.Route("ExternalLogin", new
{
provider = description.AuthenticationType,
response_type = "token",
client_id = Startup.PublicClientId,
redirect_uri = new Uri(Request.RequestUri, returnUrl).AbsoluteUri,
state = state
}),
State = state
};
logins.Add(login);
}
return logins;
}
//获取api/Account/ExternalLogins?returnUrl=%2F&generateState=true
[异名]
[路线(“外部登录”)]
public IEnumerable GetExternalLogins(字符串returnUrl,bool generateState=false)
{
IEnumerable descriptions=Authentication.GetExternalAuthenticationTypes();
列表登录名=新列表();
字符串状态;
如果(不动产)
{
常数int-strengthInBits=256;
state=RandomOAuthStateGenerator.Generate(strengthInBits);
}
其他的
{
state=null;
}
foreach(描述中的AuthenticationDescription)
{
ExternalLoginViewModel login=新的ExternalLoginViewModel
{
Name=description.Caption,
Url=Url.Route(“外部登录”,新建
{
provider=description.AuthenticationType,
响应\u type=“令牌”,
client_id=Startup.PublicClientId,
redirect_uri=新uri(Request.RequestUri,returnUrl).AbsoluteUri,
状态=状态
}),
状态=状态
};
添加(登录);
}
返回登录;
}
提前谢谢。我也想知道这一点。我在任何地方都找不到它。而且,无论在哪里使用它,它都被设置为字符串“self”。这是否经过特殊处理以指示当前应用程序名称?