C# Owin如何使用OAuthAuthorizationServer?
我正在尝试取消登录owin和OAuthAuthorizationServer 我知道Outh2有4个部分: 1-资源所有者 2-资源服务器: 3-客户端应用程序: 4-授权服务器: 我已经在一个简单的应用程序中实现了owin和授权服务器 应用程序运行良好 我只是想了解更多关于南方的东西 因此,我在srartp课程中:C# Owin如何使用OAuthAuthorizationServer?,c#,asp.net,owin,C#,Asp.net,Owin,我正在尝试取消登录owin和OAuthAuthorizationServer 我知道Outh2有4个部分: 1-资源所有者 2-资源服务器: 3-客户端应用程序: 4-授权服务器: 我已经在一个简单的应用程序中实现了owin和授权服务器 应用程序运行良好 我只是想了解更多关于南方的东西 因此,我在srartp课程中: public class Startup { public void ConfigureAuth(IAppBuilder app)
public class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
app.UseCors(CorsOptions.AllowAll);//this is very important line cross orgin source(CORS)it is used to enable cross-site HTTP requests //For security reasons, browsers restrict cross-origin HTTP requests
var OAuthOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(60),//token expiration time
Provider = new OauthProvider()
};
app.UseOAuthBearerTokens(OAuthOptions);
app.UseOAuthAuthorizationServer(OAuthOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
HttpConfiguration config = new HttpConfiguration();
WebApiConfig.Register(config);//register the request
}
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
GlobalConfiguration.Configure(WebApiConfig.Register);
}
}
然后我创建了我的OauthProvider
这是我的班级
public class OauthProvider : OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
//First request will come here, this method will validate the request wheather it has crendtials(UserName and Password) if the request not contain username and
//password the request will reject from here not proceded any further
context.Validated();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
//If the request has valid and it contain username and password than this method will check correct crenstials and than generate a valid token
var identity = new ClaimsIdentity(context.Options.AuthenticationType); //it will check the authenticate type
using (var db = new DataContext())
{
if (db != null)
{
var user = db.Users.Where(o => o.UserName == context.UserName && o.Password == context.Password).FirstOrDefault();
if (user != null)
{
//Store information againest the request
identity.AddClaim(new Claim("UserName", context.UserName));
identity.AddClaim(new Claim("LoggedOn", DateTime.Now.ToString()));
context.Validated(identity);
}
else
{
context.SetError("Wrong Crendtials", "Provided username and password is incorrect");
context.Rejected();
}
}
else
{
context.SetError("Wrong Crendtials", "Provided username and password is incorrect");
context.Rejected();
}
return;
}
}
}
如果我想了解OAuth的部分
如何定义我对每个部件所做的操作
请注意,这是一个web api项目
任何有用的信息都是有用的
谢谢