I have two main projects in my Web application:
我的Web应用程序中有两个主要项目:
- WebApi project as back-end to serve authentication and authorization for the Web project,using OWIN 2 with bearer tokens.
- WebApi项目作为后端,用于为Web项目提供身份验证和授权,使用带有承载令牌的OWIN 2。
- Web project uses Angularjs.
- Web项目使用Angularjs。
The Web project works as expected(authentication and authorization are working)
Web项目按预期工作(身份验证和授权正在运行)
Method: store token to localstorage, and send it using interceptors each request.
方法:将令牌存储到localstorage,并使用拦截器发送每个请求。
Now I want to add authentication and authorization to the the WebApi project,which would serve other modules like Hangfire,Elmah and Help pages. I added the same login logic, which works(Authorizing) and then redirect to Dashboard page(using Angularjs) which works.
现在我想为WebApi项目添加身份验证和授权,该项目将为Hangfire,Elmah和Help页面等其他模块提供服务。我添加了相同的登录逻辑,它工作(授权),然后重定向到仪表板页面(使用Angularjs),它工作。
But going to any other page(one of the mentioned modules) don't work.By not working: The user from the Owin context always null/empty.(see code)
但是去任何其他页面(其中一个提到的模块)都不起作用。不工作:来自Owin上下文的用户总是为空/空。(参见代码)
For my understanding, I need somehow to send the token with each request which doesn't happen here.
根据我的理解,我需要以某种方式发送令牌,每次请求都不会发生。
Questions:
问题:
-
How can I achieve that(sending/getting the token)?
我怎样才能实现这一点(发送/获取令牌)?
If cookie is the only/better approach ↴
如果cookie是唯一/更好的方法↴
-
How can I integrate cookie for project 1 and token for project 2?(Tried to use cookies, but it seems I'm doing it wrong, or does it work simultaneously with bearer tokens?)
如何为项目1和项目2的令牌集成?(尝试使用cookie,但似乎我做错了,或者它与承载令牌同时工作?)
Code:
码:
public void Configuration(IAppBuilder app)
{
HttpConfiguration config = new HttpConfiguration();
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),
Provider = new SimpleAuthorizationServerProvider(),
RefreshTokenProvider = new SimpleRefreshTokenProvider()
};
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
GlobalConfiguration.Configure(WebApiConfig.Register);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWebApi(config);
AreaRegistration.RegisterAllAreas();
app.UseHangfire(hangfireConfig =>
{
config.UseAuthorizationFilters(
new AuthorizationFilter { Users = "admin, superuser", Roles = "advanced" },
new ClaimsBasedAuthorizationFilter("name", "value")
);
hangfireConfig.UseSqlServerStorage("Context");
hangfireConfig.UseServer();
});
}
I tried for testing purposes:
我试过测试目的:
public class HFAuthorizationFilter : Hangfire.Dashboard.IAuthorizationFilter
{
public bool Authorize(IDictionary<string, object> owinEnvironment)
{
var context = new OwinContext(owinEnvironment);
if (context.Authentication.User == null)
return false;//Always null
return context.Authentication.User.HasClaim(ClaimTypes.Role, "SuperAdmin")
|| context.Authentication.User.HasClaim(ClaimTypes.Role, "Admin");
}
}
and in Configuration:
在配置中:
app.UseHangfire(hangfireConfig =>
{
hangfireConfig.UseAuthorizationFilters(
new HFAuthorizationFilter()
);
hangfireConfig.UseSqlServerStorage("Context");
hangfireConfig.UseServer();
});
Potential duplicate: Passing and verifying the OWIN Bearer token in Query String in WebAPI
潜在重复:在WebAPI中的查询字符串中传递和验证OWIN承载标记
1 个解决方案
#1
0
if i understood correctly, you are looking to implement token generation in one api and use the same token in other api. if that is the case then you need master api to be the token generator and child or dependent api to consume the token. Please find master and child API config for oauth Master API config:
如果我理解正确,你希望在一个api中实现令牌生成,并在其他api中使用相同的令牌。如果是这种情况,那么你需要master api作为令牌生成器,使用child或dependent api来使用令牌。请找到oauth Master API配置的主和子API配置:
public void ConfigureOAuth(IAppBuilder app)
{
//configure OAuth using owin framework
var oAuthOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/api/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromHours(2),
Provider = new KatanaAuthorizationServerProvider()
};
app.UseOAuthAuthorizationServer(oAuthOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
Child API config:
子API配置:
public void ConfigureAuth(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
#1
0
if i understood correctly, you are looking to implement token generation in one api and use the same token in other api. if that is the case then you need master api to be the token generator and child or dependent api to consume the token. Please find master and child API config for oauth Master API config:
如果我理解正确,你希望在一个api中实现令牌生成,并在其他api中使用相同的令牌。如果是这种情况,那么你需要master api作为令牌生成器,使用child或dependent api来使用令牌。请找到oauth Master API配置的主和子API配置:
public void ConfigureOAuth(IAppBuilder app)
{
//configure OAuth using owin framework
var oAuthOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/api/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromHours(2),
Provider = new KatanaAuthorizationServerProvider()
};
app.UseOAuthAuthorizationServer(oAuthOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
Child API config:
子API配置:
public void ConfigureAuth(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}