我有3個應用程序; OAuth 2.0生成令牌的認證服務器,請求令牌的OAuth客戶端,提供Restful API的OAuth資源服務器。這些都是MVC 3 Web應用程序。 我的問題是如何驗證從客戶端到達OAuth資源服務器的訪問令牌? 例如,OAuth客戶端使用Access令牌從OAuth服務器接收到響應。然後,客戶端在向OAuth資源服務器發出請求以調用其中一個API函數之前將此令牌添加到標頭中。 儘管我可以在標頭[認證]中看到acces標記,但我無法找到驗證此標記的方法。 因爲我使用MVC3通過Area來設計Restful API,所以我不能使用下面的函數,它與SOAP Web服務一起使用。如何驗證OAuth資源服務器中的訪問令牌
private static IPrincipal VerifyOAuth2(HttpRequestMessageProperty httpDetails, Uri requestUri, params string[] requiredScopes) {
// for this sample where the auth server and resource server are the same site,
// we use the same public/private key.
using (var signing = PixidoRest.MvcApplication.CreateAuthorizationServerSigningServiceProvider())
{
using (var encrypting = PixidoRest.MvcApplication.CreateResourceServerEncryptionServiceProvider())
{
var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(signing, encrypting));
return resourceServer.GetPrincipal(httpDetails, requestUri, requiredScopes);
}
}
}
因爲我不能路徑「HttpRequestMessageProperty」,我被困在那裏驗證AccesToken,我從客戶端接收。我如何在MVC 3 Restful API應用程序上驗證此作爲OAuth客戶端的資源服務器?
這裏是我的其他代碼:
internal static RSACryptoServiceProvider CreateResourceServerEncryptionServiceProvider()
{
var resourceServerEncryptionServiceProvider = new RSACryptoServiceProvider();
resourceServerEncryptionServiceProvider.ImportParameters(ResourceServerEncryptionPrivateKey);
return resourceServerEncryptionServiceProvider;
}
/// <summary>
/// Creates the crypto service provider for the authorization server that contains the public key used to verify an access token signature.
/// </summary>
/// <returns>An RSA crypto service provider.</returns>
internal static RSACryptoServiceProvider CreateAuthorizationServerSigningServiceProvider()
{
var authorizationServerSigningServiceProvider = new RSACryptoServiceProvider();
authorizationServerSigningServiceProvider.ImportParameters(AuthorizationServerSigningPublicKey);
return authorizationServerSigningServiceProvider;
}
public class RequireAuthorization : ActionFilterAttribute
{
public string Scope { get; set; }
public override void OnActionExecuting(ActionExecutingContext actionContext)
{
string[] scope = null;
if (!string.IsNullOrEmpty(Scope))
{
scope = Scope.Split(new[] { "," }, StringSplitOptions.RemoveEmptyEntries);
}
var query = actionContext.RequestContext.HttpContext.Request;
var req = actionContext.HttpContext;
var authvalue = query.Headers["Authorization"];
OAuthAuthorizationManager.VerifyOAuth2(query, query.Url.AbsoluteUri);
//var response = new HttpResponseMessageProperty()
//{
//here is my question.
//};
base.OnActionExecuting(actionContext);
//redirect page to
//if (CheckUrCondition)
//{
//actionContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new
//{
// controller = "Home",
// action = "Index"
//}));
////}
}
在此先感謝。
你解決了嗎?如果是這樣,請分享! – gimix