在Silverlight

Question

我在单点登录新上的身份验证

JWT令牌，我有一个MVC4基地网站，该网站正在JWT令牌认证。在我们之间必须实现一个Silverlight 5应用程序

如何在Silverlight应用程序中读取JWT令牌以及如何在Silverlight中验证用户，以及如果用户从Silverlight应用程序或Web应用程序用户单击注销时必须注销从这两个应用程序

如果你能提供一个例子，这将是很大的帮助。

在此先感谢

Answer 1

做你对Silverlight应用程序实现JWT成功吗？

更新

在我的Silverlight客户端的代码，我加入智威汤逊令牌HTTP头的授权，为每个请求。为了添加标题，我创建了一个负责这个的行为（AttachRequestInformationEndpointBehavior）。下面的代码添加行为的ExampleDomainContext：

Partial Class ExampleDomainContext 

     Private Sub OnCreated() 
     Dim channelFactoryProperty As PropertyInfo = Me.DomainClient.GetType().GetProperty("ChannelFactory") 

     If (channelFactoryProperty IsNot Nothing) Then 
      Dim factory = TryCast(channelFactoryProperty.GetValue(Me.DomainClient, Nothing), channelFactory) 

      If factory IsNot Nothing Then 
       If Not factory.Endpoint.Behaviors.Contains(GetType(Infrastructure.WebServices.AttachRequestInformationEndpointBehavior)) Then 
        factory.Endpoint.Behaviors.Add(New Wintouch.Infrastructure.WebServices.AttachRequestInformationEndpointBehavior()) 
       End If 
      End If 
     End If 
     End Sub 

    End Class 

如果遵循的行为准则：

Public Class AttachRequestInformationEndpointBehavior 
    Implements IEndpointBehavior, IClientMessageInspector 

    Public Sub AddBindingParameters(endpoint As ServiceEndpoint, bindingParameters As BindingParameterCollection) Implements IEndpointBehavior.AddBindingParameters 
    End Sub 

    Public Sub ApplyClientBehavior(endpoint As ServiceEndpoint, clientRuntime As System.ServiceModel.Dispatcher.ClientRuntime) Implements IEndpointBehavior.ApplyClientBehavior 
     clientRuntime.MessageInspectors.Add(Me) 
    End Sub 

    Public Sub ApplyDispatchBehavior(endpoint As ServiceEndpoint, endpointDispatcher As System.ServiceModel.Dispatcher.EndpointDispatcher) Implements IEndpointBehavior.ApplyDispatchBehavior 
    End Sub 

    Public Sub Validate(endpoint As ServiceEndpoint) Implements IEndpointBehavior.Validate 
    End Sub 

    Public Sub AfterReceiveReply(ByRef reply As Message, correlationState As Object) Implements IClientMessageInspector.AfterReceiveReply 
    End Sub 

    Public Function BeforeSendRequest(ByRef request As Message, channel As IClientChannel) As Object Implements IClientMessageInspector.BeforeSendRequest 
     Dim header As HttpRequestMessageProperty 

     If request.Properties.ContainsKey(HttpRequestMessageProperty.Name) Then 
      header = CType(request.Properties(HttpRequestMessageProperty.Name), HttpRequestMessageProperty) 
     Else 
      header = New HttpRequestMessageProperty() 
      request.Properties.Add(HttpRequestMessageProperty.Name, header) 
     End If 

     header.Headers("Authorization") = "Bearer " + "the user token here..." 

     Return Nothing 
    End Function 

在服务器端，我只是填充HttpContext.Current.User和线程。 CurrentPrincipal用从令牌中提取的信息。例如：

在Global.asax文件：

protected void Application_AcquireRequestState(Object sender, EventArgs e) 
    { 
     // code to read the token 
     var tokenHandler = new TokenHandler(); 

     // get the token from the http request header 
     var authHeaders = Request.Headers.GetValues("Authorization"); 

     if (authHeaders == null || authHeaders.Length < 1) return; 

     var authHeader = authHeaders[0].Split(' '); 
     var scheme = authHeader[0]; 
     var tokenString = authHeader[1]; 

     if (scheme != "Bearer") return; 

     // retrieves the principal from the token 
     IPrincipal principal = tokenHandler.ReadPrincipal(tokenString); 

     // set the relevant variables 
     Thread.CurrentPrincipal = principal; 
     HttpContext.Current.User = principal; 

    }