驗證客戶端應用程序使用自定義AuthorizeFilter的ASP.NET Web API

Question

我能夠與

GlobalConfiguration.Configuration.Filters.Add(new Results.ClientAppAuthorization()); 

驗證所有請求除了下面的代碼

  OAuthOptions = new OAuthAuthorizationServerOptions 
     { 
      TokenEndpointPath = new PathString("/Token"), 
      Provider = new ApplicationOAuthProvider(PublicClientId), 
      AuthorizeEndpointPath = new PathString("/ExternalLogin"), 
      AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), 
      // In production mode set AllowInsecureHttp = false 
      AllowInsecureHttp = true 

     }; 

我希望能夠驗證客戶端應用程序與[ClientAppAuthorization]繼續請求令牌

Answer 1

我認爲你應該自定義OAuthAuthorizationServerProvider並覆蓋ValidateClientAuthentication然後在012上使用它在Startup這樣的：

public class CustomOAuthProvider : OAuthAuthorizationServerProvider 
    { 

     public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) 
     { 
      //here Implement your Custom validation 
      // check your validation conditions and if true call 
      context.Validated(); 
      // and at end 
      return Task.FromResult<object>(null); 
     } 
    } 

，然後在啓動時使用此

OAuthOptions = new OAuthAuthorizationServerOptions 
     { 
      TokenEndpointPath = new PathString("/Token"), 

      //change here 
      Provider = new CustomOAuthProvider(), 
      //hange above line 

      AuthorizeEndpointPath = new PathString("/ExternalLogin"), 
      AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), 
      // In production mode set AllowInsecureHttp = false 
      AllowInsecureHttp = true 

     };