我的Web应用程序中有两个主要项目:
> WebApi项目作为后端,用于为Web项目提供身份验证和授权,使用带有承载令牌的OWIN 2.
> Web项目使用Angularjs.
Web项目按预期工作(身份验证和授权正在运行)
方法:将令牌存储到localstorage,并使用拦截器发送每个请求.
现在我想为WebApi项目添加身份验证和授权,该项目将为Hangfire,Elmah和Help页面等其他模块提供服务.
我添加了相同的登录逻辑,它工作(授权),然后重定向到仪表板页面(使用Angularjs),它工作.
但是去任何其他页面(其中一个提到的模块)都不起作用.不工作:来自Owin上下文的用户总是为null / empty.(参见代码)
根据我的理解,我需要以某种方式发送令牌,每次请求都不会发生.
问题:
>我如何实现(发送/获取令牌)?
如果cookie是唯一/更好的方法↴
>如何为项目1和项目2的令牌集成cookie?(尝试使用cookie,但似乎我做错了,或者它与承载令牌同时工作?)
码:
public void Configuration(IAppBuilder app)
{
HttpConfiguration config = new HttpConfiguration();
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,TokenEndpointPath = new PathString("/token"),AccesstokenExpireTimeSpan = TimeSpan.FromMinutes(30),Provider = new SimpleAuthorizationServerProvider(),RefreshTokenProvider = new SimpleRefreshTokenProvider()
};
app.USEOAuthAuthorizationServer(OAuthServerOptions);
app.USEOAuthBearerAuthentication(new OAuthBearerAuthenticationoptions());
GlobalConfiguration.Configure(WebApiConfig.Register);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWebApi(config);
AreaRegistration.RegisterallAreas();
app.UseHangfire(hangfireConfig =>
{
config.UseAuthorizationFilters(
new AuthorizationFilter { Users = "admin,superuser",Roles = "advanced" },new ClaimsBasedAuthorizationFilter("name","value")
);
hangfireConfig.UsesqlServerStorage("Context");
hangfireConfig.UseServer();
});
}
我试过测试目的:
public class HFAuthorizationFilter : Hangfire.Dashboard.IAuthorizationFilter
{
public bool Authorize(IDictionary<string,object> owinEnvironment)
{
var context = new OwinContext(owinEnvironment);
if (context.Authentication.User == null)
return false;//Always null
return context.Authentication.User.HasClaim(ClaimTypes.Role,"SuperAdmin")
|| context.Authentication.User.HasClaim(ClaimTypes.Role,"Admin");
}
}
在配置中:
app.UseHangfire(hangfireConfig =>
{
hangfireConfig.UseAuthorizationFilters(
new HFAuthorizationFilter()
);
hangfireConfig.UsesqlServerStorage("Context");
hangfireConfig.UseServer();
});
潜在重复:
Passing and verifying the OWIN Bearer token in Query String in WebAPI
如果我理解正确,你希望在一个api中实现令牌生成,并在其他api中使用相同的令牌.如果是这种情况,那么你需要master api作为令牌生成器和子或依赖api来使用令牌.请找到oauth的主和子API配置
主API配置:
主API配置:
public void ConfigureOAuth(IAppBuilder app)
{
//configure OAuth using owin framework
var oAuthOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,TokenEndpointPath = new PathString("/api/token"),AccesstokenExpireTimeSpan = TimeSpan.FromHours(2),Provider = new KatanaAuthorizationServerProvider()
};
app.USEOAuthAuthorizationServer(oAuthOptions);
app.USEOAuthBearerAuthentication(new OAuthBearerAuthenticationoptions());
}
子API配置:
public void ConfigureAuth(IAppBuilder app)
{
app.USEOAuthBearerAuthentication(new OAuthBearerAuthenticationoptions());
}