您的位置: 首页  >  IT文章  >  ASP.NET  >  请教一下,asp.net Web API怎样验证OAuth2的AccessToken

请教一下,asp.net Web API怎样验证OAuth2的AccessToken

分类: IT文章 2022-05-02 23:02:56
请问一下,asp.net Web API怎样验证OAuth2的AccessToken?
请问一下,asp.net Web API怎样验证OAuth2的AccessToken?

按照DotNetOpenAuth的示例代码,copy了2个类过来

OAuthAuthorizationManager.cs



using System;

using System.Collections.Generic;

using System.IdentityModel.Policy;

using System.Linq;

using System.Security.Principal;

using System.ServiceModel;

using System.ServiceModel.Channels;

using System.ServiceModel.Security;

using System.ServiceModel.Web;

using DotNetOpenAuth.Messaging;

using DotNetOpenAuth.OAuth2;

using ProtocolException = System.ServiceModel.ProtocolException;


using System.Web;

using System.Security.Cryptography;


namespace myTools123.OAuth

{

    /// <summary>

    /// A WCF extension to authenticate incoming messages using OAuth.

    /// </summary>

    public class OAuthAuthorizationManager : ServiceAuthorizationManager

    {

        public OAuthAuthorizationManager()

        {          

        }

        protected override bool CheckAccessCore(OperationContext operationContext)

        {

            if (!base.CheckAccessCore(operationContext))

            {

                return false;

            }


            var httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;

            var requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;


            try

            {

                var principal = VerifyOAuth2(httpDetails, requestUri, operationContext.IncomingMessageHeaders.Action ?? operationContext.IncomingMessageHeaders.To.AbsolutePath);

                if (principal != null)

                {

                    var policy = new OAuthPrincipalAuthorizationPolicy(principal);

                    var policies = new List<IAuthorizationPolicy> {

						policy,

					};


                    var securityContext = new ServiceSecurityContext(policies.AsReadOnly());

                    if (operationContext.IncomingMessageProperties.Security != null)

                    {

                        operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;

                    }

                    else

                    {

                        operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty

                        {

                            ServiceSecurityContext = securityContext,

                        };

                    }


                    securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> {

						principal.Identity,

相关推荐