使用控制台程序搭建OAuth授权服务器
参考地址:ASP.NET Web Api: Understanding OWIN/Katana Authentication/Authorization Part I: Concepts
先上一张OAuth的认证图
很多情况下授权服务器和资源服务器时同一台机器,就有了下面这张图
接着可以使用上一篇文章中的控制台程序,做一些改动
首先需要引入Microsoft.AspNet.Identity.Owin包
PM> Install-Package Microsoft.AspNet.Identity.Owin -Pre
添加一个授权提供类ApplicationOAuthServerProvider继承自Microsoft.Owin.Security.OAuth中的OAuthAuthorizationServerProvider ,这个类实现了IOAuthAuthorizationServerProvider接口
using Microsoft.Owin.Security.OAuth;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
namespace ConsoleWebApi.OAuthServerProvider
{
public class ApplicationOAuthServerProvider: OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
// This call is required...
// but we're not using client authentication, so validate and move on...
await Task.FromResult(context.Validated());
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
// DEMO ONLY: Pretend we are doing some sort of REAL checking here:
if (context.Password != "password")
{
context.SetError(
"invalid_grant", "The user name or password is incorrect.");
context.Rejected();
return;
}
// Create or retrieve a ClaimsIdentity to represent the
// Authenticated user:
ClaimsIdentity identity =
new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("user_name", context.UserName));
// Add a Role Claim:
identity.AddClaim(new Claim(ClaimTypes.Role, "Admin"));
// Identity info will ultimately be encoded into an Access Token
// as a result of this call:
context.Validated(identity);
}
}
}
这里重写了两个方法:
ValidateClientAuthentication()验证客户信息。
GrantResourceOwnerCredentials()创建ClaimsIdentity并通过OWIN middleware将ClaimsIdentity编码生成Access Token。
Suffice it to say that theClaimsIdentity information is encrypted with a private key (generally, but not always the Machine Key of the machine on which the server is running). Once so encrypted, the access token is then added to the body of the outgoing HTTP response.
大意就时通过机器的Machine Key将ClaimsIdentity编码,如果资源服务器和授权服务器不是同一台机器的话,需要在配置文件中配置相同的Machine Key,这样通过OWIN 中间件就能解码出ClaimsIdentity。
下一步修改Startup ,添加ConfigureAuth()
Startup class. Check to make sure you have added the following usings and code to Startup:
Add a ConfigureAuth() Method to the OWIN Startup Class:
using System;
// Add the following usings:
using Owin;
using System.Web.Http;
using MinimalOwinWebApiSelfHost.Models;
using MinimalOwinWebApiSelfHost.OAuthServerProvider;
using Microsoft.Owin.Security.OAuth;
using Microsoft.Owin;
namespace MinimalOwinWebApiSelfHost
{
public class Startup
{
// This method is required by Katana:
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
var webApiConfiguration = ConfigureWebApi();
app.UseWebApi(webApiConfiguration);
}
private void ConfigureAuth(IAppBuilder app)
{
var OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthServerProvider(),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(),
// Only do this for demo!!
AllowInsecureHttp = true
};
app.UseOAuthAuthorizationServer(OAuthOptions);
app.UseOAuthBearerAuthentication(
new OAuthBearerAuthenticationOptions());
}
private HttpConfiguration ConfigureWebApi()
{
var config = new HttpConfiguration();
config.Routes.MapHttpRoute(
"DefaultApi",
"api/{controller}/{id}",
new { id = RouteParameter.Optional });
return config;
}
}
}
接下来新建一个客户端控制台程序
添加几个类
ApiClientProvider
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
namespace MinimalOwinWebApiClient
{
public class ApiClientProvider
{
string _hostUri;
public string AccessToken { get; private set; }
public ApiClientProvider(string hostUri)
{
_hostUri = hostUri;
}
public async Task<Dictionary<string, string>> GetTokenDictionary(
string userName, string password)
{
HttpResponseMessage response;
var pairs = new List<KeyValuePair<string, string>>
{
new KeyValuePair<string, string>( "grant_type", "password" ),
new KeyValuePair<string, string>( "username", userName ),
new KeyValuePair<string, string> ( "password", password )
};
var content = new FormUrlEncodedContent(pairs);
using (var client = new HttpClient())
{
var tokenEndpoint = new Uri(new Uri(_hostUri), "Token");
response = await client.PostAsync(tokenEndpoint, content);
}
var responseContent = await response.Content.ReadAsStringAsync();
if (!response.IsSuccessStatusCode)
{
throw new Exception(string.Format("Error: {0}", responseContent));
}
return GetTokenDictionary(responseContent);
}
private Dictionary<string, string> GetTokenDictionary(
string responseContent)
{
Dictionary<string, string> tokenDictionary =
JsonConvert.DeserializeObject<Dictionary<string, string>>(
responseContent);
return tokenDictionary;
}
}
}
Company
public class Company
{
public int Id { get; set; }
public string Name { get; set; }
}
CompanyClient
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using System.Threading.Tasks;
namespace MinimalOwinWebApiClient
{
public class CompanyClient
{
string _accessToken;
Uri _baseRequestUri;
public CompanyClient(Uri baseUri, string accessToken)
{
_accessToken = accessToken;
_baseRequestUri = new Uri(baseUri, "api/companies/");
}
// Handy helper method to set the access token for each request:
void SetClientAuthentication(HttpClient client)
{
client.DefaultRequestHeaders.Authorization
= new AuthenticationHeaderValue("Bearer", _accessToken);
}
public async Task<IEnumerable<Company>> GetCompaniesAsync()
{
HttpResponseMessage response;
using (var client = new HttpClient())
{
SetClientAuthentication(client);
response = await client.GetAsync(_baseRequestUri);
}
return await response.Content.ReadAsAsync<IEnumerable<Company>>();
}
public async Task<Company> GetCompanyAsync(int id)
{
HttpResponseMessage response;
using (var client = new HttpClient())
{
SetClientAuthentication(client);
// Combine base address URI and ID to new URI
// that looks like http://hosturl/api/companies/id
response = await client.GetAsync(
new Uri(_baseRequestUri, id.ToString()));
}
var result = await response.Content.ReadAsAsync<Company>();
return result;
}
public async Task<HttpStatusCode> AddCompanyAsync(Company company)
{
HttpResponseMessage response;
using (var client = new HttpClient())
{
SetClientAuthentication(client);
response = await client.PostAsJsonAsync(
_baseRequestUri, company);
}
return response.StatusCode;
}
public async Task<HttpStatusCode> UpdateCompanyAsync(Company company)
{
HttpResponseMessage response;
using (var client = new HttpClient())
{
SetClientAuthentication(client);
response = await client.PutAsJsonAsync(
_baseRequestUri, company);
}
return response.StatusCode;
}
public async Task<HttpStatusCode> DeleteCompanyAsync(int id)
{
HttpResponseMessage response;
using (var client = new HttpClient())
{
SetClientAuthentication(client);
// Combine base address URI and ID to new URI
// that looks like http://hosturl/api/companies/id
response = await client.DeleteAsync(
new Uri(_baseRequestUri, id.ToString()));
}
return response.StatusCode;
}
}
}
修改Main
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace MinimalOwinWebApiClient
{
class Program
{
static void Main(string[] args)
{
// Wait for the async stuff to run...
Run().Wait();
// Then Write Done...
Console.WriteLine("");
Console.WriteLine("Done! Press the Enter key to Exit...");
Console.ReadLine();
return;
}
static async Task Run()
{
// Create an http client provider:
string hostUriString = "http://localhost:8080";
var provider = new ApiClientProvider(hostUriString);
string _accessToken;
Dictionary<string, string> _tokenDictionary;
try
{
// Pass in the credentials and retrieve a token dictionary:
_tokenDictionary = await provider.GetTokenDictionary(
"john@example.com", "password");
_accessToken = _tokenDictionary["access_token"];
// Write the contents of the dictionary:
foreach (var kvp in _tokenDictionary)
{
Console.WriteLine("{0}: {1}", kvp.Key, kvp.Value);
Console.WriteLine("");
}
// Create a company client instance:
var baseUri = new Uri(hostUriString);
var companyClient = new CompanyClient(baseUri, _accessToken);
// Read initial companies:
Console.WriteLine("Read all the companies...");
var companies = await companyClient.GetCompaniesAsync();
WriteCompaniesList(companies);
;
Console.WriteLine("Add a new company...");
var result = await companyClient.AddCompanyAsync(
new Company { Name = string.Format("New Company #{0}", nextId) });
WriteStatusCodeResult(result);
Console.WriteLine("Updated List after Add:");
companies = await companyClient.GetCompaniesAsync();
WriteCompaniesList(companies);
Console.WriteLine("Update a company...");
var updateMe = await companyClient.GetCompanyAsync(nextId);
updateMe.Name = string.Format("Updated company #{0}", updateMe.Id);
result = await companyClient.UpdateCompanyAsync(updateMe);
WriteStatusCodeResult(result);
Console.WriteLine("Updated List after Update:");
companies = await companyClient.GetCompaniesAsync();
WriteCompaniesList(companies);
Console.WriteLine("Delete a company...");
result = );
WriteStatusCodeResult(result);
Console.WriteLine("Updated List after Delete:");
companies = await companyClient.GetCompaniesAsync();
WriteCompaniesList(companies);
}
catch (AggregateException ex)
{
// If it's an aggregate exception, an async error occurred:
Console.WriteLine(ex.InnerExceptions[].Message);
Console.WriteLine("Press the Enter key to Exit...");
Console.ReadLine();
return;
}
catch (Exception ex)
{
// Something else happened:
Console.WriteLine(ex.Message);
Console.WriteLine("Press the Enter key to Exit...");
Console.ReadLine();
return;
}
}
static void WriteCompaniesList(IEnumerable<Company> companies)
{
foreach (var company in companies)
{
Console.WriteLine("Id: {0} Name: {1}", company.Id, company.Name);
}
Console.WriteLine("");
}
static void WriteStatusCodeResult(System.Net.HttpStatusCode statusCode)
{
if (statusCode == System.Net.HttpStatusCode.OK)
{
Console.WriteLine("Opreation Succeeded - status code {0}", statusCode);
}
else
{
Console.WriteLine("Opreation Failed - status code {0}", statusCode);
}
Console.WriteLine("");
}
}
}
给CompaniesController加上[Authorize]后就有了授权认证了。
使用控制台程序搭建OAuth授权服务器的更多相关文章
- 一步一步搭建 OAuth 认证服务器
http://www.fising.cn/2011/03/%E4%B8%80%E6%AD%A5%E4%B8%80%E6%AD%A5%E6%90%AD%E5%BB%BA-oauth-%E8%AE%A4% ...
- 搭建Idea授权服务器用于学习
我自己的搭建服务器http://doit.wenyule.top 懒得看教程或弄不好的小伙伴可以用我搭建的,在激活那选择服务器,输入我上面的地址,注意可以激活2018.2.1之前的.为了防止用的人太多 ...
- 使用控制台程序搭建WebApi
原文参考: ASP.NET Web Api 2.2: Create a Self-Hosted OWIN-Based Web Api from Scratch 新建控制台程序,引入Owin包 PM&g ...
- Spring Authorization Server授权服务器入门
11月8日Spring官方已经强烈建议使用Spring Authorization Server替换已经过时的Spring Security OAuth2.0,距离Spring Security OA ...
- 使用Owin中间件搭建OAuth2.0认证授权服务器
前言 这里主要总结下本人最近半个月关于搭建OAuth2.0服务器工作的经验.至于为何需要OAuth2.0.为何是Owin.什么是Owin等问题,不再赘述.我假定读者是使用Asp.Net,并需要搭建OA ...
- [2014-11-11]使用Owin中间件搭建OAuth2.0认证授权服务器
前言 这里主要总结下本人最近半个月关于搭建OAuth2.0服务器工作的经验.至于为何需要OAuth2.0.为何是Owin.什么是Owin等问题,不再赘述.我假定读者是使用Asp.Net,并需要搭建OA ...
- 搭建Jetbrains家族IDE授权服务器
虽然VS号称宇宙第一IDE但是也有不方便的地方,如果你也是C#码农我不得不向你推荐一个强大的插件ReSharper,他会是你的开发更加便捷,大大加快了开发的速度以及开发的乐趣.但是ReSharper并 ...
- 自己搭建IntelliJ IDEA授权服务器
https://github.com/Jrohy/Idea_LicenseServer_onekey 运行 bash <(curl -L -s https://raw.githubusercon ...
- 【转】idea激活搭建授权服务器
1.下载软件:磁力链接: magnet:?xt=urn:btih:2289E4F8CEB346AC44E54C8C0DA706CC537301AA 复制磁力链接地址 magnet:?xt=urn:bt ...
随机推荐
- python中的分号
很多编程语言是以分号作为一行代码的的结束标志,但是在Python中不是这样的,而是靠缩进来识别程序结构. Python中一行代码以分号结束,并不是必须的,准确来说是不被推荐的,因为加上分号就是画蛇添足 ...
- js,JavaScript 监听 判断 移动端 滑动事件
<script> var startx, starty; //获得角度 function getAngle(angx, angy) { return Math.atan2(angy, an ...
- Java实现FTP批量大文件上传下载篇1
本文介绍了在Java中,如何使用Java现有的可用的库来编写FTP客户端代码,并开发成Applet控件,做成基于Web的批量.大文件的上传下载控件.文章在比较了一系列FTP客户库的基础上,就其中一个比 ...
- 使用Golang+Mongodb打造你的第一个站点
很多人推荐MEAN来开发站点.MEAN就是M:mongodb,E:expressjs.A:angular最后的N:nodejs. 但是如果你亲身的体会到了js的嵌套回调的话你就会想换换别的办法了.虽然 ...
- 从npm到vue和nodejs
https://www.npmjs.com.cn/ vue和nodejs Windows 下安装NPM:https://www.cnblogs.com/interdrp/p/6779973.html ...
- Java学习介绍
Java版本介绍 JavaME:微型版,用于开发小型设备.智能卡.移动终端应用(使用率较低) JavaSE:标准版,用于创建桌面应用(企业用JavaSE创建桌面应用较少) JavaEE:企业版,用于创 ...
- scikit-FEM-例1-求解Possion边值问题
""" Author: kinnala Solve the problem -∇²u = 1 with zero boundary conditions on a uni ...
- [javascript-debug-ajax-json]两种不同的json格式数据
Bug 1: 1. 这里面的 data 只是一维数组{"state":0,"errorCode":0,"data":{"origi ...
- NLTK之WordNet 接口【转】
转自:http://www.cnblogs.com/kaituorensheng/p/3149095.html WordNet是面向语义的英语词典,类似于传统字典.它是NLTK语料库的一部分,可以 ...
- adb错误 - INSTALL_FAILED_NO_MATCHING_ABIS
#背景 换组啦,去了UC国际浏览器,被拥抱变化了.还在熟悉阶段,尝试了下adb,然后就碰到了这个INSTALL_FAILED_NO_MATCHING_ABIS的坑... #解决方法 INSTALL_F ...