有可能在WCF Webservice中使用Oauth吗?
我目前有webservice调用,这些调用为URL创建代理接口。我需要更新应用程序以接受Oauth 2.0。是否可以将Oauth 2.0与WCF Webservice调用一起使用 这是我的代理接口初始化。我使用它就像使用常规类初始化一样有可能在WCF Webservice中使用Oauth吗?,wcf,oauth-2.0,webservice-client,channelfactory,Wcf,Oauth 2.0,Webservice Client,Channelfactory,我目前有webservice调用,这些调用为URL创建代理接口。我需要更新应用程序以接受Oauth 2.0。是否可以将Oauth 2.0与WCF Webservice调用一起使用 这是我的代理接口初始化。我使用它就像使用常规类初始化一样 var client = ServiceClient.CreateProxyInterface<MyWebServiceClass>(WebServiceUrl); 在服务器端,您可以自定义一个类来继承ServiceAuthorizationMa
var client = ServiceClient.CreateProxyInterface<MyWebServiceClass>(WebServiceUrl);
在服务器端,您可以自定义一个类来继承ServiceAuthorizationManager,然后重写ServiceAuthorizationManager中的CheckAccessCore方法来实现它。 下面是我从以前的答案中找到的一个示例:。经过我的努力,他的例子是有效的,所以我认为它应该帮助你
public class OAuthAuthorizationManager : ServiceAuthorizationManager
{
protected override bool CheckAccessCore(OperationContext operationContext)
{
// Extract the action URI from the OperationContext. Match this against the claims
// in the AuthorizationContext.
string action = operationContext.RequestContext.RequestMessage.Headers.Action;
try
{
//get the message
var message = operationContext.RequestContext.RequestMessage;
//get the http headers
var httpHeaders = ((System.ServiceModel.Channels.HttpRequestMessageProperty)message.Properties.Values.ElementAt(message.Properties.Keys.ToList().IndexOf("httpRequest"))).Headers;
//get authorization header
var authHeader = httpHeaders.GetValues("Authorization");
if (authHeader != null)
{
var parts = authHeader[0].Split(' ');
if (parts[0] == "Bearer")
{
var tokenClaims = ValidateJwt(parts[1]);
foreach (System.Security.Claims.Claim c in tokenClaims.Where(c => c.Type == "http://www.contoso.com/claims/allowedoperation"))
{
var authorized = true;
//other claims authorization logic etc....
if(authorized)
{
return true;
}
}
}
}
return false;
}
catch (Exception)
{
throw;
}
}
private static IEnumerable<System.Security.Claims.Claim> ValidateJwt(string jwt)
{
var handler = new JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters()
{
ValidAudience = "urn://your.audience",
IssuerSigningKey = new InMemorySymmetricSecurityKey(Convert.FromBase64String("base64encoded symmetric key")),
ValidIssuer = "urn://your.issuer",
CertificateValidator = X509CertificateValidator.None,
RequireExpirationTime = true
};
try
{
SecurityToken validatedToken;
var principal = handler.ValidateToken(jwt, validationParameters, out validatedToken);
return principal.Claims;
}
catch (Exception e)
{
return new List<System.Security.Claims.Claim>();
}
}
}
公共类OAuthAuthorizationManager:ServiceAuthorizationManager
{
受保护的覆盖布尔CheckAccessCore(OperationContext OperationContext)
{
//从OperationContext提取操作URI。将其与声明匹配
//在授权上下文中。
字符串操作=operationContext.RequestContext.RequestMessage.Headers.action;
尝试
{
//明白了吗
var message=operationContext.RequestContext.RequestMessage;
//获取http头
var httpHeaders=((System.ServiceModel.Channels.HttpRequestMessageProperty)message.Properties.Values.ElementAt(message.Properties.Keys.ToList().IndexOf(“httpRequest”))).Headers;
//获取授权标头
var authHeader=httpHeaders.GetValues(“授权”);
if(authHeader!=null)
{
var parts=authHeader[0]。拆分(“”);
if(部分[0]=“持票人”)
{
var tokenClaims=ValidateJwt(第[1]部分);
foreach(tokenClaims.Where中的System.Security.Claims.Claims c)(c=>c.Type==)http://www.contoso.com/claims/allowedoperation"))
{
var=true;
//其他索赔授权逻辑等。。。。
如果(授权)
{
返回true;
}
}
}
}
返回false;
}
捕获(例外)
{
投掷;
}
}
私有静态IEnumerable ValidateJwt(字符串jwt)
{
var handler=新的JwtSecurityTokenHandler();
var validationParameters=new-TokenValidationParameters()
{
有效性=”urn://your.audience",
IssuerSigningKey=新的InMemorySymetricSecurityKey(Convert.FromBase64String(“Base64编码对称密钥”),
ValidisUser=”urn://your.issuer",
CertificateValidator=X509CertificateValidator.无,
RequireExpirationTime=true
};
尝试
{
SecurityToken validatedToken;
var principal=handler.ValidateToken(jwt,validationParameters,out validatedToken);
返还本金、债权;
}
捕获(例外e)
{
返回新列表();
}
}
}
var address = client.GetAddress(personId);
public class OAuthAuthorizationManager : ServiceAuthorizationManager
{
protected override bool CheckAccessCore(OperationContext operationContext)
{
// Extract the action URI from the OperationContext. Match this against the claims
// in the AuthorizationContext.
string action = operationContext.RequestContext.RequestMessage.Headers.Action;
try
{
//get the message
var message = operationContext.RequestContext.RequestMessage;
//get the http headers
var httpHeaders = ((System.ServiceModel.Channels.HttpRequestMessageProperty)message.Properties.Values.ElementAt(message.Properties.Keys.ToList().IndexOf("httpRequest"))).Headers;
//get authorization header
var authHeader = httpHeaders.GetValues("Authorization");
if (authHeader != null)
{
var parts = authHeader[0].Split(' ');
if (parts[0] == "Bearer")
{
var tokenClaims = ValidateJwt(parts[1]);
foreach (System.Security.Claims.Claim c in tokenClaims.Where(c => c.Type == "http://www.contoso.com/claims/allowedoperation"))
{
var authorized = true;
//other claims authorization logic etc....
if(authorized)
{
return true;
}
}
}
}
return false;
}
catch (Exception)
{
throw;
}
}
private static IEnumerable<System.Security.Claims.Claim> ValidateJwt(string jwt)
{
var handler = new JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters()
{
ValidAudience = "urn://your.audience",
IssuerSigningKey = new InMemorySymmetricSecurityKey(Convert.FromBase64String("base64encoded symmetric key")),
ValidIssuer = "urn://your.issuer",
CertificateValidator = X509CertificateValidator.None,
RequireExpirationTime = true
};
try
{
SecurityToken validatedToken;
var principal = handler.ValidateToken(jwt, validationParameters, out validatedToken);
return principal.Claims;
}
catch (Exception e)
{
return new List<System.Security.Claims.Claim>();
}
}
}