登錄網頁API使用Live標識

Question

我想實現以下功能：從Windows Phone的8.1（或通用）應用在

1. 用戶登錄到Live ID帳戶。
2. 應用程序訪問我使用ASP.NET Web Api開發的Web Api 2
3. 在此Web Api中，我需要驗證用戶。
4. 後來，我想驗證的Web應用程序相同的用戶

下面是我在做什麼，而這是行不通的。

在我的Windows Phone應用程序：

var authClient = new LiveAuthClient("http://myservice.cloudapp.net"); 
LiveLoginResult result = await authClient.LoginAsync(new string[] { "wl.signin" }); 

if (result.Status == LiveConnectSessionStatus.Connected) 
{ 
    connected = true; 
    var identity = await ConnectToApi(result.Session.AuthenticationToken); 
    Debug.WriteLine(identity); 
} 

然後

private async Task<string> ConnectToApi(string token) 
{ 
    using (var client = new HttpClient()) 
    { 
     client.BaseAddress = new Uri("http://myservice.cloudapp.net/"); 
     client.DefaultRequestHeaders.Accept.Clear(); 
     client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); 
     client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); 

     // HTTP GET 
     HttpResponseMessage response = await client.GetAsync("api/values"); 
     if (response.IsSuccessStatusCode) 
     { 
      string result = await response.Content.ReadAsStringAsync(); 
      return result; 
     } 
     else 
      return response.ReasonPhrase; 
    } 
} 

然後在我的網頁API我有以下

public void ConfigureAuth(IAppBuilder app) 
{ 

    app.UseMicrosoftAccountAuthentication(
     clientId: "my client id", 
     clientSecret: "my secret"); 

} 

我註冊http://myservice.cloudapp.net爲重定向URL。

問題是身份驗證不起作用，web api操作無法識別用戶。

Answer 1

我完全錯了。首先，我實際上需要使用app.UseJwtBearerAuthentication方法。這個例子在這裏找到了http://code.lawrab.com/2014/01/securing-webapi-with-live-id.html。但是，當我嘗試，我得到了在輸出

IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier ( IsReadOnly = False, Count = 1, Clause[0] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause )

這一次我花了一段時間才能找出這個錯誤，直到我發現這個職位：JwtSecurityTokenHandler 4.0.0 Breaking Changes?

把這些東西放在一起，我得到了似乎現在在我的測試環境中工作的解決方案：

public void ConfigureAuth(IAppBuilder app) 
    { 
     var sha256 = new SHA256Managed(); 
     var sKey = "<Secret key>" + "JWTSig"; 
     var secretBytes = new UTF8Encoding(true, true).GetBytes(sKey); 
     var signingKey = sha256.ComputeHash(secretBytes); 
     var securityKeyProvider = new SymmetricKeyIssuerSecurityTokenProvider("urn:windows:liveid", signingKey); 
     var securityKey = securityKeyProvider.SecurityTokens.First().SecurityKeys.First(); 

     var jwtOptions = new JwtBearerAuthenticationOptions() 
     { 
      //AllowedAudiences = new[] { "<url>" }, 
      //IssuerSecurityTokenProviders = new[] 
      //{ 
      // new SymmetricKeyIssuerSecurityTokenProvider("urn:windows:liveid",signingKey) 
      //}, 
      TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters() 
      { 
       IssuerSigningKeyResolver = (token, securityToken, keyIdentifier, validationParameters) => 
        { 
         return securityKey; 
        }, 
       ValidAudience = "<url>", 
       ValidIssuer = securityKeyProvider.Issuer 
      } 

     }; 
     app.UseJwtBearerAuthentication(jwtOptions); 

    }