asp.net-mvc Asp.net MVC 4 + WEB API - 自定义身份验证令牌
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16128505/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Asp.net MVC 4 + WEB API - Custom authentication token
提问by Hari Subramaniam
I am developing an ASP.NET MVC 4 site on .NET 4.0. I am trying to authenticate the site to a WEB API. Now the site will pass a username and password and the WEB API will authenticate it. If authenticated, the WEB API will return a Token with roles, Time To Live etc. I am looking for a few pointers on this.
我正在 .NET 4.0 上开发一个 ASP.NET MVC 4 站点。我正在尝试通过 WEB API 对该站点进行身份验证。现在站点将传递用户名和密码,WEB API 将对其进行身份验证。如果通过身份验证,WEB API 将返回一个带有角色、生存时间等的令牌。我正在寻找有关此的一些提示。
1.)How to generate this token?I dont want to use STS or anything else. Even a non fool proof approach would do. 2.)In the MVC side, i have to receive this token and set the current session as authenticated and make sure once TTL is expired i redirect the user to login page? Also in all the WEB API requests i need to send this token.
1.) 如何生成这个令牌?我不想使用 STS 或其他任何东西。即使是非万无一失的方法也可以。2.) 在 MVC 端,我必须接收这个令牌并将当前会话设置为经过身份验证并确保一旦 TTL 过期我将用户重定向到登录页面?同样在所有 WEB API 请求中,我需要发送此令牌。
采纳答案by Regfor
Generally you can either generate token and implement its verification logic manually or use some 3rd party tools.
通常,您可以手动生成令牌并实现其验证逻辑,也可以使用某些 3rd 方工具。
For manual implementation look hereor hereat blog post, it could be a good starting point for you. It's based on http://oauth.googlecode.com/svn/code/csharp/OAuthBase.csclass.
对于手动实现,请查看此处或此处的博客文章,这对您来说可能是一个很好的起点。它基于http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs类。
For client side and OAuth concepts you can read herea good answer.
对于客户端和 OAuth 概念,您可以在这里阅读一个很好的答案。
From 3rd parties a goo choice could be DotNetOpenAuth. It's a good library but is complicated when working with OAuth. Try to look at its Web API OAuth2 sample
来自 3rd 方的 goo 选择可能是DotNetOpenAuth。这是一个很好的库,但在使用 OAuth 时很复杂。尝试查看其Web API OAuth2 示例
Second questions - answer is yes. You validate token and set request as authenticated. Anyway you can look at Wep API OAuth sample, where it's implemented.
第二个问题 - 答案是肯定的。您验证令牌并将请求设置为已验证。无论如何,您可以查看实现它的 Wep API OAuth 示例。
回答by Aviran Cohen
You might consider using the WebAPI Token Auth Bootstrap PackageI am currently working on - available at GitHubor NuGet.
您可以考虑使用我目前正在开发的WebAPI Token Auth Bootstrap Package- 可从GitHub或NuGet 获得。
Documentation and code samples available at GitHub Wiki.
GitHub Wiki 上提供的文档和代码示例。
Simple Token and Users Authentication and Authorization Bootstrap for WebAPI applications. Provided with 'TokenAuthApiController' which has built-in support for Login and Logout (cookies-based) and automatic token parsing and authenticating (inside query strings, form data or cookies).
WebAPI 应用程序的简单令牌和用户身份验证和授权引导程序。提供“TokenAuthApiController”,它内置支持登录和注销(基于 cookie)以及自动令牌解析和身份验证(内部查询字符串、表单数据或 cookie)。
This bootstrap allow you to simply have [TokenAuthentication]attribute on actions with the appropriate AccessLevel: Admin, User, Publicor Annonymous.
此引导程序允许您[TokenAuthentication]使用适当的AccessLevel: Admin、User、Public或来简单地拥有动作的属性Annonymous。
This bootstrap also provides TokenAuthApiControllerthat inherits from the traditional ApiControllerand adds extra functionality detailed here.
此引导程序还提供TokenAuthApiController继承自传统的ApiController并添加此处详述的额外功能。
Feel free to Pull requests, Report issues or Contribute
随意拉取请求,报告问题或贡献
回答by Naresh Jois
This would be one of the good places to start, This ties in nicely with the asp.net membership
这将是开始的好地方之一,这与 asp.net 会员资格很好地联系在一起
https://stackoverflow.com/a/7217957/989679
https://stackoverflow.com/a/7217957/989679
You basically store information in userData of authCookie and works well with WebAPI
您基本上将信息存储在 authCookie 的 userData 中,并且与 WebAPI 配合良好
