Security 身份验证问题-使用API身份验证服务器保护web应用程序
我已开始创建一个软件体系结构,其中包括:Security 身份验证问题-使用API身份验证服务器保护web应用程序,security,model-view-controller,asp.net-identity,owin,bearer-token,Security,Model View Controller,Asp.net Identity,Owin,Bearer Token,我已开始创建一个软件体系结构,其中包括: 身份验证API-作为身份验证服务器 资源API-作为资源API(受Auth\u API保护) WebApplication(mvc)-前端应用程序(受Auth_API保护) 基于这篇文章,我成功地进行了谷歌认证 WebApp==重定向到==>Auth_API==challenge==>Google==>API接收externalAccessToken,在本地注册用户并返回localAccessToken 现在,当我想使用承载授权(使用本地访问令牌)时
- 身份验证API-作为身份验证服务器
- 资源API-作为资源API(受Auth\u API保护)
- WebApplication(mvc)-前端应用程序(受Auth_API保护)
/// <summary>
/// Returns local access token for already registered users
/// </summary>
/// <param name="provider"></param>
/// <param name="externalAccessToken"></param>
/// <returns></returns>
[AllowAnonymous]
[HttpGet]
[Route("ObtainLocalAccessToken")]
public async Task<IHttpActionResult> ObtainLocalAccessToken(string provider, string externalAccessToken)
{
if (string.IsNullOrWhiteSpace(provider) || string.IsNullOrWhiteSpace(externalAccessToken))
{
return BadRequest("Provider or external access token is not sent");
}
var verifiedAccessToken = await VerifyExternalAccessToken(provider, externalAccessToken);
if (verifiedAccessToken == null)
{
return BadRequest("Invalid Provider or External Access Token");
}
IdentityUser user = await _repo.FindAsync(new UserLoginInfo(provider, verifiedAccessToken.user_id));
bool hasRegistered = user != null;
if (!hasRegistered)
{
return BadRequest("External user is not registered");
}
//generate access token response
var accessTokenResponse = GenerateLocalAccessTokenResponse(user.UserName);
return Ok(accessTokenResponse);
}
if (hasLocalAccount)
{
var client = new RestClient(baseApiUrl);
var externalLoginUrl = "Account/ObtainLocalAccessToken";
var externalLoginRequest = new RestRequest(externalLoginUrl, Method.GET);
externalLoginRequest.AddQueryParameter("provider", provider);
externalLoginRequest.AddQueryParameter("externalAccessToken", externalAccessToken);
var externalLoginResponse = client.Execute(externalLoginRequest);
if (externalLoginResponse.IsSuccessful)
{
JObject response = JObject.Parse(externalLoginResponse.Content);
string localAccessToken = response["access_token"].Value<string>();
string localTokenExpiresIn = response["expires_in"].Value<string>();
// WHAT TO DO WHERE TO SIGN IN A USER ???
//AuthenticationTicket ticket = Startup.OAuthBearerOptions.AccessTokenFormat.Unprotect(localAccessToken); <== this returns NULL
return RedirectToAction("Index", "Home");
}
}
if(hasLocalAccount)
{
var client=新的RestClient(baseapirl);
var externalLoginUrl=“Account/ObtainLocalAccessToken”;
var externalLoginRequest=new RestRequest(externalLoginUrl,Method.GET);
externalLoginRequest.AddQueryParameter(“提供者”,提供者);
AddQueryParameter(“externalAccessToken”,externalAccessToken);
var externalLoginResponse=client.Execute(externalLoginRequest);
如果(外部登录应答成功)
{
JObject-response=JObject.Parse(externalLoginResponse.Content);
字符串localAccessToken=response[“access_token”].Value();
字符串localTokenExpiresIn=response[“expires_in”].Value();
//在哪里登录用户该怎么办???
//AuthenticationTicket票证=Startup.OAuthBeareOptions.AccessTokenFormat.Unprotect(localAccessToken);
if (hasLocalAccount)
{
var client = new RestClient(baseApiUrl);
var externalLoginUrl = "Account/ObtainLocalAccessToken";
var externalLoginRequest = new RestRequest(externalLoginUrl, Method.GET);
externalLoginRequest.AddQueryParameter("provider", provider);
externalLoginRequest.AddQueryParameter("externalAccessToken", externalAccessToken);
var externalLoginResponse = client.Execute(externalLoginRequest);
if (externalLoginResponse.IsSuccessful)
{
JObject response = JObject.Parse(externalLoginResponse.Content);
string localAccessToken = response["access_token"].Value<string>();
string localTokenExpiresIn = response["expires_in"].Value<string>();
// WHAT TO DO WHERE TO SIGN IN A USER ???
//AuthenticationTicket ticket = Startup.OAuthBearerOptions.AccessTokenFormat.Unprotect(localAccessToken); <== this returns NULL
return RedirectToAction("Index", "Home");
}
}