asp.net Web API 身份验证 不记名令牌验证 Bearer Token Authentication 简单实现
1. Startup.Auth.cs文件
添加属性
|
1
|
public static OAuthBearerAuthenticationOptions OAuthBearerOptions { get; private set; }
|
添加静态构造函数
|
1
2
3
4
5
6
7
|
/// <summary>/// 构造函数/// </summary>static Startup()
{ OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
} |
方法ConfigureAuth中添加
|
1
2
|
// 使用不记名身份验证app.UseOAuthBearerAuthentication(OAuthBearerOptions); |
2. WebApiConfig.cs文件
方法Register中添加
|
1
2
|
config.SuppressDefaultHostAuthentication();config.Filters.Add(new HostAuthenticationFilter("Bearer"));
|
3. 创建身份验证方法(Web API)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
[HttpPost]public async Task<String> Authenticate(string userName, string password)
{ if (string.IsNullOrEmpty(userAccount) || string.IsNullOrEmpty(password))
{
return string.Empty;
}<br>
// 用户查找失败
User user = await UserManager.FindAsync(userName, password);
if (user == null)
{
return string.Empty;
}
// 身份验证票证包括角色或者可以换成用户名
var identity = new ClaimsIdentity(Startup.OAuthBearerOptions.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
if (UserManager.SupportsUserRole)
{
IList<string> roles = await UserManager.GetRolesAsync(user.Id).ConfigureAwait(false);
foreach (string roleName in roles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, roleName, ClaimValueTypes.String));
}
}
AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
var currentUtc = DateTime.UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromDays(1));
// 返回值
return Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
} |
4. 为需要身份验证的控制器或方法添加标记
|
1
2
3
4
|
[Authorize(Roles = "Admin")]
public class UsersController : ApiController
{} |
测试:
在请求头部中添加令牌,格式如下:
Authorization: Bearer boQtj0SCGz2GFGz...
分类: Web API
1. Startup.Auth.cs文件
添加属性
|
1
|
public static OAuthBearerAuthenticationOptions OAuthBearerOptions { get; private set; }
|
添加静态构造函数
|
1
2
3
4
5
6
7
|
/// <summary>/// 构造函数/// </summary>static Startup()
{ OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
} |
方法ConfigureAuth中添加
|
1
2
|
// 使用不记名身份验证app.UseOAuthBearerAuthentication(OAuthBearerOptions); |
2. WebApiConfig.cs文件
方法Register中添加
|
1
2
|
config.SuppressDefaultHostAuthentication();config.Filters.Add(new HostAuthenticationFilter("Bearer"));
|
3. 创建身份验证方法(Web API)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
[HttpPost]public async Task<String> Authenticate(string userName, string password)
{ if (string.IsNullOrEmpty(userAccount) || string.IsNullOrEmpty(password))
{
return string.Empty;
}<br>
// 用户查找失败
User user = await UserManager.FindAsync(userName, password);
if (user == null)
{
return string.Empty;
}
// 身份验证票证包括角色或者可以换成用户名
var identity = new ClaimsIdentity(Startup.OAuthBearerOptions.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
if (UserManager.SupportsUserRole)
{
IList<string> roles = await UserManager.GetRolesAsync(user.Id).ConfigureAwait(false);
foreach (string roleName in roles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, roleName, ClaimValueTypes.String));
}
}
AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
var currentUtc = DateTime.UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromDays(1));
// 返回值
return Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
} |
4. 为需要身份验证的控制器或方法添加标记
|
1
2
3
4
|
[Authorize(Roles = "Admin")]
public class UsersController : ApiController
{} |
测试:
在请求头部中添加令牌,格式如下:
Authorization: Bearer boQtj0SCGz2GFGz...