創(chuàng)建一個(gè)webapi項(xiàng)目,不進(jìn)行身份認(rèn)證
通過Nuget引入下面的組件
Microsoft.AspNet.WebApi.Owin
Microsoft.Owin.Host.SystemWeb
Microsoft.Owin.Security.OAuth
Microsoft.Owin.Security.Cookies
Microsoft.AspNet.Identity.Owin
Microsoft.Owin.Cors
在項(xiàng)目下新建Startup類,這個(gè)類將作為owin的啟動(dòng)入口
修改startup的內(nèi)容
[assembly: OwinStartup(typeof(OAuth.Startup))]
namespace OAuth
{
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
//ConfigureAuth(app);
MyConfigAuth(app);
HttpConfiguration config = new HttpConfiguration();
WebApiConfig.Register(config);
app.UseCors(CorsOptions.AllowAll);
app.UseWebApi(config);
}
public void MyConfigAuth(IAppBuilder app)
{
OAuthAuthorizationServerOptions option = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"), //獲取 access_token 授權(quán)服務(wù)請(qǐng)求地址
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), //access_token 過期時(shí)間
Provider = new SimpleAuthorizationServerProvider(), //access_token 相關(guān)授權(quán)服務(wù)
RefreshTokenProvider = new SimpleRefreshTokenProvider() //refresh_token 授權(quán)服務(wù)
};
app.UseOAuthAuthorizationServer(option);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
}
OAuth身份認(rèn)證伊佃,新建SimpleAuthorizationServerProvider類
namespace OAuth.OAuth
{
public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
return Task.FromResult<object>(null);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
/*
* 對(duì)用戶名、密碼進(jìn)行數(shù)據(jù)校驗(yàn)嚎研,這里我們省略
using (AuthRepository _repo = new AuthRepository())
{
IdentityUser user = await _repo.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}*/
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
context.Validated(identity);
}
}
}
新建SimpleRefreshTokenProvider類
namespace OAuth.OAuth
{
public class SimpleRefreshTokenProvider : AuthenticationTokenProvider
{
private static ConcurrentDictionary<string, string> _refreshTokens = new ConcurrentDictionary<string, string>();
/// <summary>
/// 生成 refresh_token
/// </summary>
public override void Create(AuthenticationTokenCreateContext context)
{
context.Ticket.Properties.IssuedUtc = DateTime.UtcNow;
context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(60);
context.SetToken(Guid.NewGuid().ToString("n"));
_refreshTokens[context.Token] = context.SerializeTicket();
}
/// <summary>
/// 由 refresh_token 解析成 access_token
/// </summary>
public override void Receive(AuthenticationTokenReceiveContext context)
{
string value;
if (_refreshTokens.TryRemove(context.Token, out value))
{
context.DeserializeTicket(value);
}
}
}
}
js調(diào)用
<script>
function getToken() {
var data = {
'password': '1',
'username': '1',
'grant_type': 'password'
};
$.ajax({
url: "http://localhost:52386/token",
type: "post",
data: data,
async: false,
contentType: 'application/x-www-form-urlencoded',
success: function (sResponse) {
console.log('refresh_token ok: ' + sResponse.access_token + ' expires_in:' + sResponse.expires_in);
},
error: function (a, b, c) {
if (a.status == 400 && a.responseJSON.error == 'invalid_grant') {
console.log('refresh token invalid');
}
}
});
}
</script>