c# - Owin如何使用OAuthAuthorizationServer？

问题描述

我正在尝试取消 owin 和 OAuthAuthorizationServer。

我知道 Outh2 有 4 个部分：

1- 资源所有者

2-资源服务器：

3- 客户端应用程序：

4-授权服务器：

我在一个简单的应用程序中实现了 owin 和 Authorization Server。

该应用程序运行良好。

我只是想了解更多关于 Outh 的东西。

所以我在我的 srartp 课上：

public class Startup
        {
            public void ConfigureAuth(IAppBuilder app)
            {
                app.UseCors(CorsOptions.AllowAll);//this is very important line cross orgin source(CORS)it is used to enable cross-site HTTP requests                                   //For security reasons, browsers restrict cross-origin HTTP requests 
                var OAuthOptions = new OAuthAuthorizationServerOptions
                {
                    AllowInsecureHttp = true,
                    TokenEndpointPath = new PathString("/token"),
                    AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(60),//token expiration time
                    Provider = new OauthProvider()
                };
                app.UseOAuthBearerTokens(OAuthOptions);
                app.UseOAuthAuthorizationServer(OAuthOptions);
                app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
                HttpConfiguration config = new HttpConfiguration();
                WebApiConfig.Register(config);//register the request
            }

            public void Configuration(IAppBuilder app)
            {
                ConfigureAuth(app);
                GlobalConfiguration.Configure(WebApiConfig.Register);
            }

        }

然后我创建了我的 OauthProvider

这是我的课

public class OauthProvider : OAuthAuthorizationServerProvider
    {
        public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
        {
            //First request will come here, this method will validate the request wheather it has crendtials(UserName and Password) if the request not contain username and 
           //password the request will reject from here not proceded any further
            context.Validated(); 
        }
        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
        {
            //If the request has valid and it contain username and password than this method will check correct crenstials and than generate a valid token
            var identity = new ClaimsIdentity(context.Options.AuthenticationType); //it will check the authenticate type

            using (var db = new DataContext())
            {
                if (db != null)
                {
                    var user = db.Users.Where(o => o.UserName == context.UserName && o.Password == context.Password).FirstOrDefault();
                    if (user != null)
                    {
                        //Store information againest the request
                        identity.AddClaim(new Claim("UserName", context.UserName));
                        identity.AddClaim(new Claim("LoggedOn", DateTime.Now.ToString()));
                        context.Validated(identity);
                    }
                    else
                    {
                        context.SetError("Wrong Crendtials", "Provided username and password is incorrect");
                        context.Rejected();
                    }
                }
                else
                {
                    context.SetError("Wrong Crendtials", "Provided username and password is incorrect");
                    context.Rejected();
                }
                return;
            }
        }
    }

因此，如果我想了解 OAuth 部分。

我如何定义我对每个部分所做的事情？

注意这是一个 web api 项目？

任何有用的信息都是有帮助的。

谢谢

标签： c#asp.netowin