首页 > 代码库 > Web API 身份验证 不记名令牌验证 Bearer Token Authentication

Web API 身份验证 不记名令牌验证 Bearer Token Authentication

1. Startup.Auth.cs文件

添加属性

?
1
public static OAuthBearerAuthenticationOptions OAuthBearerOptions { get; private set; }

 添加静态构造函数

?
1
2
3
4
5
6
7
/// <summary>
/// 构造函数
/// </summary>
static Startup()
{
    OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
}   

 方法ConfigureAuth中添加

?
1
2
// 使用不记名身份验证
app.UseOAuthBearerAuthentication(OAuthBearerOptions);

 

2. WebApiConfig.cs文件

方法Register中添加

?
1
2
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter("Bearer"));

 

3. 创建身份验证方法(Web API)

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
[HttpPost]
public async Task<String> Authenticate(string userName, string password)
{
    if (string.IsNullOrEmpty(userAccount) || string.IsNullOrEmpty(password))
    {
        return string.Empty;
    }<br>
    // 用户查找失败
    User user = await UserManager.FindAsync(userName, password);           
    if (user == null)
    {
        return string.Empty;
    }
 
    // 身份验证票证包括角色或者可以换成用户名
    var identity = new ClaimsIdentity(Startup.OAuthBearerOptions.AuthenticationType);
    identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
    if (UserManager.SupportsUserRole)
    {
        IList<string> roles = await UserManager.GetRolesAsync(user.Id).ConfigureAwait(false);
        foreach (string roleName in roles)
        {
            identity.AddClaim(new Claim(ClaimTypes.Role, roleName, ClaimValueTypes.String));
        }
    }
    AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
    var currentUtc = DateTime.UtcNow;
    ticket.Properties.IssuedUtc = currentUtc;
    ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromDays(1));
 
    // 返回值
    return Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
}

 4. 为需要身份验证的控制器或方法添加标记

?
1
2
3
4
[Authorize(Roles = "Admin")]
public class UsersController : ApiController
{
}

 

测试:

在请求头部中添加令牌,格式如下:

Authorization: Bearer boQtj0SCGz2GFGz...