阿里云-云小站(无限量代金券发放中)
【腾讯云】云服务器、云数据库、COS、CDN、短信等热卖云产品特惠抢购

使用控制台程序搭建OAuth授权服务器

241次阅读
没有评论

共计 9693 个字符,预计需要花费 25 分钟才能阅读完成。

详细讲解使用控制台程序搭建 OAuth 授权服务器,先上一张 OAuth 的认证图

使用控制台程序搭建 OAuth 授权服务器

很多情况下授权服务器和资源服务器时同一台机器,就有了下面这张图

使用控制台程序搭建 OAuth 授权服务器

接着可以使用上一篇文章中的控制台程序,做一些改动

首先需要引入Microsoft.AspNet.Identity.Owin 包

PM> Install-Package Microsoft.AspNet.Identity.Owin -Pre

添加一个授权提供类 ApplicationOAuthServerProvider 继承自Microsoft.Owin.Security.OAuth 中的OAuthAuthorizationServerProvider,这个类实现了 IOAuthAuthorizationServerProvider 接口

 
using Microsoft.Owin.Security.OAuth;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;

namespace ConsoleWebApi.OAuthServerProvider
{public class ApplicationOAuthServerProvider: OAuthAuthorizationServerProvider
    {public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
        {// This call is required...
            // but we're not using client authentication, so validate and move on...
            await Task.FromResult(context.Validated());
        }
        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
        {// DEMO ONLY: Pretend we are doing some sort of REAL checking here:
            if (context.Password != "password")
            {
                context.SetError("invalid_grant", "The user name or password is incorrect.");
                context.Rejected();
                return;
            }

            // Create or retrieve a ClaimsIdentity to represent the 
            // Authenticated user:
            ClaimsIdentity identity =
                new ClaimsIdentity(context.Options.AuthenticationType);
            identity.AddClaim(new Claim("user_name", context.UserName));

            // Add a Role Claim:
            identity.AddClaim(new Claim(ClaimTypes.Role, "Admin"));

            // Identity info will ultimately be encoded into an Access Token
            // as a result of this call:
            context.Validated(identity);
        }
    }
}

这里重写了两个方法:

ValidateClientAuthentication()验证客户信息。

GrantResourceOwnerCredentials()创建 ClaimsIdentity 并通过 OWIN middleware 将 ClaimsIdentity 编码生成 Access Token。

Suffice it to say that theClaimsIdentity information is encrypted with a private key (generally, but not always the Machine Key of the machine on which the server is running). Once so encrypted, the access token is then added to the body of the outgoing HTTP response.

大意就时通过机器的 Machine Key 将 ClaimsIdentity 编码,如果资源服务器和授权服务器不是同一台机器的话,需要在配置文件中配置相同的 Machine Key,这样通过 OWIN 中间件就能解码出 ClaimsIdentity。

下一步修改Startup,添加 ConfigureAuth()

 
Startup class. Check to make sure you have added the following usings and code to Startup:

Add a ConfigureAuth() Method to the OWIN Startup Class:
using System;
 
// Add the following usings:
using Owin;
using System.Web.Http;
using MinimalOwinWebApiSelfHost.Models;
using MinimalOwinWebApiSelfHost.OAuthServerProvider;
using Microsoft.Owin.Security.OAuth;
using Microsoft.Owin;
 
namespace MinimalOwinWebApiSelfHost
{public class Startup
    {// This method is required by Katana:
        public void Configuration(IAppBuilder app)
        {ConfigureAuth(app);
            var webApiConfiguration = ConfigureWebApi();
            app.UseWebApi(webApiConfiguration);
        }
 
 
        private void ConfigureAuth(IAppBuilder app)
        {var OAuthOptions = new OAuthAuthorizationServerOptions
            {TokenEndpointPath = new PathString("/Token"),
                Provider = new ApplicationOAuthServerProvider(),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
 
                // Only do this for demo!!
                AllowInsecureHttp = true
            };
            app.UseOAuthAuthorizationServer(OAuthOptions);
            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
        }
 
 
        private HttpConfiguration ConfigureWebApi()
        {var config = new HttpConfiguration();
            config.Routes.MapHttpRoute("DefaultApi",
                "api/{controller}/{id}",
                new {id = RouteParameter.Optional });
            return config;
        }
    }
}

接下来新建一个客户端控制台程序

添加几个类

ApiClientProvider

 使用控制台程序搭建 OAuth 授权服务器

using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;

namespace MinimalOwinWebApiClient
{public class ApiClientProvider
    {string _hostUri;
        public string AccessToken {get; private set; }

        public ApiClientProvider(string hostUri)
        {_hostUri = hostUri;
        }


        public async Task<Dictionary<string, string>> GetTokenDictionary(string userName, string password)
        {
            HttpResponseMessage response;
            var pairs = new List<KeyValuePair<string, string>>
                {new KeyValuePair<string, string>("grant_type", "password" ),
                    new KeyValuePair<string, string>("username", userName ),
                    new KeyValuePair<string, string> ("password", password )
                };
            var content = new FormUrlEncodedContent(pairs);

            using (var client = new HttpClient())
            {var tokenEndpoint = new Uri(new Uri(_hostUri), "Token");
                response = await client.PostAsync(tokenEndpoint, content);
            }

            var responseContent = await response.Content.ReadAsStringAsync();
            if (!response.IsSuccessStatusCode)
            {throw new Exception(string.Format("Error: {0}", responseContent));
            }

            return GetTokenDictionary(responseContent);
        }


        private Dictionary<string, string> GetTokenDictionary(string responseContent)
        {Dictionary<string, string> tokenDictionary =
                JsonConvert.DeserializeObject<Dictionary<string, string>>(responseContent);
            return tokenDictionary;
        }
    }
}

Company

public class Company
    {public int Id {get; set; }
        public string Name {get; set; }
    }

CompanyClient

 
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using System.Threading.Tasks;

namespace MinimalOwinWebApiClient
{public class CompanyClient
    {string _accessToken;
        Uri _baseRequestUri;
        public CompanyClient(Uri baseUri, string accessToken)
        {_accessToken = accessToken;
            _baseRequestUri = new Uri(baseUri, "api/companies/");
        }


        // Handy helper method to set the access token for each request:
        void SetClientAuthentication(HttpClient client)
        {
            client.DefaultRequestHeaders.Authorization
                = new AuthenticationHeaderValue("Bearer", _accessToken);
        }


        public async Task<IEnumerable<Company>> GetCompaniesAsync()
        {
            HttpResponseMessage response;
            using (var client = new HttpClient())
            {SetClientAuthentication(client);
                response = await client.GetAsync(_baseRequestUri);
            }
            return await response.Content.ReadAsAsync<IEnumerable<Company>>();}


        public async Task<Company> GetCompanyAsync(int id)
        {
            HttpResponseMessage response;
            using (var client = new HttpClient())
            {SetClientAuthentication(client);

                // Combine base address URI and ID to new URI
                // that looks like http://hosturl/api/companies/id
                response = await client.GetAsync(new Uri(_baseRequestUri, id.ToString()));
            }
            var result = await response.Content.ReadAsAsync<Company>();
            return result;
        }


        public async Task<HttpStatusCode> AddCompanyAsync(Company company)
        {
            HttpResponseMessage response;
            using (var client = new HttpClient())
            {SetClientAuthentication(client);
                response = await client.PostAsJsonAsync(_baseRequestUri, company);
            }
            return response.StatusCode;
        }


        public async Task<HttpStatusCode> UpdateCompanyAsync(Company company)
        {
            HttpResponseMessage response;
            using (var client = new HttpClient())
            {SetClientAuthentication(client);
                response = await client.PutAsJsonAsync(_baseRequestUri, company);
            }
            return response.StatusCode;
        }


        public async Task<HttpStatusCode> DeleteCompanyAsync(int id)
        {
            HttpResponseMessage response;
            using (var client = new HttpClient())
            {SetClientAuthentication(client);

                // Combine base address URI and ID to new URI
                // that looks like http://hosturl/api/companies/id
                response = await client.DeleteAsync(new Uri(_baseRequestUri, id.ToString()));
            }
            return response.StatusCode;
        }
    }
}
 

修改 Main

 使用控制台程序搭建 OAuth 授权服务器

 
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace MinimalOwinWebApiClient
{class Program
    {static void Main(string[] args)
        {// Wait for the async stuff to run...
            Run().Wait();

            // Then Write Done...
            Console.WriteLine("");
            Console.WriteLine("Done! Press the Enter key to Exit...");
            Console.ReadLine();
            return;
        }
        static async Task Run()
        {// Create an http client provider:
            string hostUriString = "http://localhost:8080";
            var provider = new ApiClientProvider(hostUriString);
            string _accessToken;
            Dictionary<string, string> _tokenDictionary;

            try
            {// Pass in the credentials and retrieve a token dictionary:
                _tokenDictionary = await provider.GetTokenDictionary("john@example.com", "password");
                _accessToken = _tokenDictionary["access_token"];

                // Write the contents of the dictionary:
                foreach (var kvp in _tokenDictionary)
                {Console.WriteLine("{0}: {1}", kvp.Key, kvp.Value);
                    Console.WriteLine("");
                }
                // Create a company client instance:
                var baseUri = new Uri(hostUriString);
                var companyClient = new CompanyClient(baseUri, _accessToken);

                // Read initial companies:
                Console.WriteLine("Read all the companies...");
                var companies = await companyClient.GetCompaniesAsync();
                WriteCompaniesList(companies);

                int nextId = (from c in companies select c.Id).Max() + 1;

                Console.WriteLine("Add a new company...");
                var result = await companyClient.AddCompanyAsync(new Company {Name = string.Format("New Company #{0}", nextId) });
                WriteStatusCodeResult(result);

                Console.WriteLine("Updated List after Add:");
                companies = await companyClient.GetCompaniesAsync();
                WriteCompaniesList(companies);

                Console.WriteLine("Update a company...");
                var updateMe = await companyClient.GetCompanyAsync(nextId);
                updateMe.Name = string.Format("Updated company #{0}", updateMe.Id);
                result = await companyClient.UpdateCompanyAsync(updateMe);
                WriteStatusCodeResult(result);

                Console.WriteLine("Updated List after Update:");
                companies = await companyClient.GetCompaniesAsync();
                WriteCompaniesList(companies);

                Console.WriteLine("Delete a company...");
                result = await companyClient.DeleteCompanyAsync(nextId - 1);
                WriteStatusCodeResult(result);

                Console.WriteLine("Updated List after Delete:");
                companies = await companyClient.GetCompaniesAsync();
                WriteCompaniesList(companies);
            }
            catch (AggregateException ex)
            {// If it's an aggregate exception, an async error occurred:
                Console.WriteLine(ex.InnerExceptions[0].Message);
                Console.WriteLine("Press the Enter key to Exit...");
                Console.ReadLine();
                return;
            }
            catch (Exception ex)
            {// Something else happened:
                Console.WriteLine(ex.Message);
                Console.WriteLine("Press the Enter key to Exit...");
                Console.ReadLine();
                return;
            }

            
        }

        static void WriteCompaniesList(IEnumerable<Company> companies)
        {foreach (var company in companies)
            {Console.WriteLine("Id: {0} Name: {1}", company.Id, company.Name);
            }
            Console.WriteLine("");
        }

        static void WriteStatusCodeResult(System.Net.HttpStatusCode statusCode)
        {if (statusCode == System.Net.HttpStatusCode.OK)
            {Console.WriteLine("Opreation Succeeded - status code {0}", statusCode);
            }
            else
            {Console.WriteLine("Opreation Failed - status code {0}", statusCode);
            }
            Console.WriteLine("");
        }
    }

}

给 CompaniesController 加上 [Authorize] 后就有了授权认证了。

参考地址:ASP.NET Web Api: Understanding OWIN/Katana Authentication/Authorization Part I: Concepts

本文永久更新链接地址:http://www.linuxidc.com/Linux/2017-12/149199.htm

正文完
星哥玩云-微信公众号
post-qrcode
 0
星锅
版权声明:本站原创文章,由 星锅 于2022-01-21发表,共计9693字。
转载说明:除特殊说明外本站文章皆由CC-4.0协议发布,转载请注明出处。
【腾讯云】推广者专属福利,新客户无门槛领取总价值高达2860元代金券,每种代金券限量500张,先到先得。
阿里云-最新活动爆款每日限量供应
评论(没有评论)
验证码
【腾讯云】云服务器、云数据库、COS、CDN、短信等云产品特惠热卖中