我的Web应用程序中有两个主要项目:
> WebApi项目作为后端,用于为Web项目提供身份验证和授权,使用带有承载令牌的OWIN 2.
> Web项目使用Angularjs.
Web项目按预期工作(身份验证和授权正在运行)
方法:将令牌存储到localstorage,并使用拦截器发送每个请求.
现在我想为WebApi项目添加身份验证和授权,该项目将为Hangfire,Elmah和Help页面等其他模块提供服务.
我添加了相同的登录逻辑,它工作(授权),然后重定向到仪表板页面(使用Angularjs),它工作.
但是去任何其他页面(其中一个提到的模块)都不起作用.不工作:来自Owin上下文的用户总是为null / empty.(参见代码)
根据我的理解,我需要以某种方式发送令牌,每次请求都不会发生.
问题:
>我如何实现(发送/获取令牌)?
如果cookie是唯一/更好的方法↴
>如何为项目1和项目2的令牌集成cookie?(尝试使用cookie,但似乎我做错了,或者它与承载令牌同时工作?)
码:
public void Configuration(IAppBuilder app) { HttpConfiguration config = new HttpConfiguration(); OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions() { AllowInsecureHttp = true,TokenEndpointPath = new PathString("/token"),AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),Provider = new SimpleAuthorizationServerProvider(),RefreshTokenProvider = new SimpleRefreshTokenProvider() }; app.USEOAuthAuthorizationServer(OAuthServerOptions); app.USEOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); GlobalConfiguration.Configure(WebApiConfig.Register); app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); app.UseWebApi(config); AreaRegistration.RegisterAllAreas(); app.UseHangfire(hangfireConfig => { config.UseAuthorizationFilters( new AuthorizationFilter { Users = "admin,superuser",Roles = "advanced" },new ClaimsBasedAuthorizationFilter("name","value") ); hangfireConfig.UsesqlServerStorage("Context"); hangfireConfig.UseServer(); }); }
我试过测试目的:
public class HFAuthorizationFilter : Hangfire.Dashboard.IAuthorizationFilter { public bool Authorize(IDictionary<string,object> owinEnvironment) { var context = new OwinContext(owinEnvironment); if (context.Authentication.User == null) return false;//Always null return context.Authentication.User.HasClaim(ClaimTypes.Role,"SuperAdmin") || context.Authentication.User.HasClaim(ClaimTypes.Role,"Admin"); } }
在配置中:
app.UseHangfire(hangfireConfig => { hangfireConfig.UseAuthorizationFilters( new HFAuthorizationFilter() ); hangfireConfig.UsesqlServerStorage("Context"); hangfireConfig.UseServer(); });
潜在重复:
Passing and verifying the OWIN Bearer token in Query String in WebAPI
如果我理解正确,你希望在一个api中实现令牌生成,并在其他api中使用相同的令牌.如果是这种情况,那么你需要master api作为令牌生成器和子或依赖api来使用令牌.请找到oauth的主和子API配置
主API配置:
主API配置:
public void ConfigureOAuth(IAppBuilder app) { //configure OAuth using owin framework var oAuthOptions = new OAuthAuthorizationServerOptions() { AllowInsecureHttp = true,TokenEndpointPath = new PathString("/api/token"),AccessTokenExpireTimeSpan = TimeSpan.FromHours(2),Provider = new KatanaAuthorizationServerProvider() }; app.USEOAuthAuthorizationServer(oAuthOptions); app.USEOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); }
子API配置:
public void ConfigureAuth(IAppBuilder app) { app.USEOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); }