- 1大数据与云计算、物联网、人工智能_识别二维码 传感器wifl网络蓝牙应用5g云计算关键技术,具体应用(1)
- 2【Kali Linux工具篇】使用Aircrack-ng破解wifi密码_kali aircrack-ng
- 3数据挖掘可以挖掘什么类型的模式?
- 4MySQL-MVCC:概述、工作原理、readView实现快照读、数据库解决问题、MVCC无法防止超卖_快照读 mvcc
- 5GIT 身份验证失败问题解决方案,由于修改密码产生的问题
- 6嵌入式 - 固件防复制系列【2】GD32 SWJ调试接口关闭_固件禁用调试
- 7余弦相似度_为什么要计算两者的余弦相似度呢
- 8数据结构 单链表的回文结构_单向链表 回文
- 9Python与太极文化都注重于简便_python传统文化
- 10大模型日报-20240203_coze vscode
html5 token api,WebApi使用Token(OAUTH 2.0方式)
赞
踩
1.在项目中添加引用
Microsoft.AspNet.WebApi.Owin
Microsoft.Owin.Host.SystemWeb
Microsoft.Owin.Security.OAuth
Microsoft.Owin.Security.Cookies
Microsoft.AspNet.Identity.Owin
Microsoft.Owin.Cors
2.新建Startup类
public classStartup
{public voidConfiguration(IAppBuilder app)
{
ConfigAuth(app);
HttpConfiguration config= newHttpConfiguration();
WebApiConfig.Register(config);
app.UseCors(CorsOptions.AllowAll);
app.UseWebApi(config);
}public voidConfigAuth(IAppBuilder app)
{
OAuthAuthorizationServerOptions option= newOAuthAuthorizationServerOptions()
{
AllowInsecureHttp= true,
TokenEndpointPath= new PathString("/token"), //获取 access_token 授权服务请求地址
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), //access_token 过期时间
Provider = new SimpleAuthorizationServerProvider(), //access_token 相关授权服务
RefreshTokenProvider = new SimpleRefreshTokenProvider() //refresh_token 授权服务
};
app.UseOAuthAuthorizationServer(option);
app.UseOAuthBearerAuthentication(newOAuthBearerAuthenticationOptions());
}
}
3.OAuth身份认证,新建SimpleAuthorizationServerProvider类
public classSimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider
{public overrideTask ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();return Task.FromResult(null);
}public override asyncTask GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*"});//验证用户名密码
AccountService accService = newAccountService();string md5Pwd =LogHelper.MD5CryptoPasswd(context.Password);
IList ul =accService.Login(context.UserName, md5Pwd);if (ul.Count() == 0)
{
context.SetError("invalid_grant", "The username or password is incorrect");return;
}var identity = newClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
context.Validated(identity);
}
}
4.新建SimpleRefreshTokenProvider类
public classSimpleRefreshTokenProvider : AuthenticationTokenProvider
{private static ConcurrentDictionary _refreshTokens = new ConcurrentDictionary();///
///生成 refresh_token///
public override voidCreate(AuthenticationTokenCreateContext context)
{
context.Ticket.Properties.IssuedUtc=DateTime.UtcNow;
context.Ticket.Properties.ExpiresUtc= DateTime.UtcNow.AddDays(60);
context.SetToken(Guid.NewGuid().ToString("n"));
_refreshTokens[context.Token]=context.SerializeTicket();
}///
///由 refresh_token 解析成 access_token///
public override voidReceive(AuthenticationTokenReceiveContext context)
{stringvalue;if (_refreshTokens.TryRemove(context.Token, outvalue))
{
context.DeserializeTicket(value);
}
}
}
5.在要加验证的接口上加上[Authorize]标记
[Authorize]public classDefaultController : ApiController
{
[HttpPost]public stringgetPost()
{return JsonConvert.SerializeObject(new { state = 1, msg = "ok"});
}
[HttpGet]
[AllowAnonymous]public string validatePass(stringname)
{return JsonConvert.SerializeObject(new { state = 2, msg = "validatePass_ok"});
}
}
6.传入参数,获取token
7.传入access_token
原文:https://www.cnblogs.com/huangtaiyi/p/11929234.html
