对WebAPI中的自定义数据库的令牌认证

Question

我试图对我自己的数据库实施令牌认证。我的配置方法是

public void ConfigureAuth(IAppBuilder app) 
{ 
     // Configure the db context and user manager to use a single instance per request 
     app.CreatePerOwinContext(ApplicationDbContext.Create); 
     app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create); 

     // Enable the application to use a cookie to store information for the signed in user 
     // and to use a cookie to temporarily store information about a user logging in with a third party login provider 
     app.UseCookieAuthentication(new CookieAuthenticationOptions()); 
     app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); 

     // Configure the application for OAuth based flow 
     PublicClientId = "self"; 
     OAuthOptions = new OAuthAuthorizationServerOptions 
     { 
      TokenEndpointPath = new PathString("/Token"), 
      Provider = new CustomOAuthProvider(), 
      AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), 
      AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), 
      // In production mode set AllowInsecureHttp = false 
      AllowInsecureHttp = true 
     }; 

     // Enable the application to use bearer tokens to authenticate users 
     app.UseOAuthBearerTokens(OAuthOptions); 
} 

正如你所看到的，我用CustomOAuthProvider类，它覆盖GrantResourceOwnerCredentials方法如下

public class CustomOAuthProvider : OAuthAuthorizationServerProvider 
{ 
    public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) 
    { 
     context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] {"*"}); 

     IUsersService userService = DependencyResolver.Current.GetService<IUsersService>(); 
     if (!userService.CheckCredentials(context.UserName, context.Password)) 
     { 
      context.SetError("invalid_grant", "The user name or password is incorrect"); 
      return Task.FromResult<object>(null); 
     } 

     var identity = new ClaimsIdentity("JWT"); 

     identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); 
     identity.AddClaim(new Claim("sub", context.UserName)); 
     identity.AddClaim(new Claim(ClaimTypes.Role, "User")); 

     var props = new AuthenticationProperties(new Dictionary<string, string> 
     { 
      { 
       "audience", context.ClientId ?? string.Empty 
      } 
     }); 

     var ticket = new AuthenticationTicket(identity, props); 
     context.Validated(ticket); 
     return Task.FromResult<object>(null); 
    } 
} 

但只要我做出通过提琴手令牌的请求，我得到400 =坏请求。

我在做什么错了:)

Answer 1

具有相同困难的人，只要按照这篇文章，它显示了如何重写GrantResourceOwnerCredentials方法，使所有的工作：

http://www.hackered.co.uk/articles/asp-net-mvc-creating-an-oauth-password-grant-type-token-endpoint

public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) 
{ 
    var user = userService.GetUser(context.UserName, context.Password); 
    var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType); 
    oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, user.Name)); 
    var ticket = new AuthenticationTicket(oAuthIdentity, new AuthenticationProperties()); 
    context.Validated(ticket); 
    return base.GrantResourceOwnerCredentials(context); 
}