C# asp.net MVC项目中的OAuth
我怎么会在网上看到这两个呢?有什么区别吗C# asp.net MVC项目中的OAuth,c#,asp.net,asp.net-mvc,oauth,C#,Asp.net,Asp.net Mvc,Oauth,我怎么会在网上看到这两个呢?有什么区别吗 var OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), AuthorizeEndpointPath = new PathString("/Account/Authorize"), Provider = new SimpleAuthorizationServerProvider(Use
var OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
AuthorizeEndpointPath = new PathString("/Account/Authorize"),
Provider = new SimpleAuthorizationServerProvider(UserRepository, UserStore),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthOptions);
及
UseAuthBealerTokens方法为什么会将OAuthAuthorizationServerOptions作为参数?我相信第一个方法UseAuthBealerTokens(options)是在Web API 2.1中添加的,它封装了对UseAuthAuthorizationServer和UseAuthBeareAuthentication的调用 不幸的是,web上文章/博客中的很多示例都没有包含发布日期,因此很难跟踪代码是否仍然适用。考虑到这些API的更新速度,我不认为它会变得更加混乱 以下是Microsoft.Owin.Security软件包中的Owin.AppBuilderExtensions.cs中的代码,供Web Api v2.2之后的参考:
publicstaticvoid使用OAuthBearTokens(此IAppBuilder应用程序,OAuthAuthorizationServerOptions)
{
如果(app==null)
{
抛出新的ArgumentNullException(“应用”);
}
如果(选项==null)
{
抛出新的ArgumentNullException(“选项”);
}
app.useAuthAuthorizationServer(选项);
app.useAuthBeareAuthentication(新的OAuthBeareAuthenticationOptions
{
AccessTokenFormat=options.AccessTokenFormat,
AccessTokenProvider=options.AccessTokenProvider,
AuthenticationMode=options.AuthenticationMode,
AuthenticationType=options.AuthenticationType,
Description=选项。Description,
Provider=新应用程序AuthBearProvider(),
SystemClock=options.SystemClock
});
app.useAuthBeareAuthentication(新的OAuthBeareAuthenticationOptions
{
AccessTokenFormat=options.AccessTokenFormat,
AccessTokenProvider=options.AccessTokenProvider,
AuthenticationMode=AuthenticationMode.Passive,
AuthenticationType=DefaultAuthenticationTypes.ExternalBearer,
Description=选项。Description,
Provider=新的ExternalOAuthBearProvider(),
SystemClock=options.SystemClock
});
}
问得好。我不知道是不是只有我一个人,但我认为ASP.NET当前状态的整个授权/身份验证/OAuth部分都是一团糟。人们建议使用其他东西吗?
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromHours(8),
Provider = new SimpleAuthorizationServerProvider(UserRepository, UserStore)
});
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());