我需要C#中使用VS 2012 WCF服務應用程序模板將認證層OAuth2.0與REST服務集成的幫助。此WCF需要在允許客戶端(消費者)訪問其任何資源之前頒發令牌以進行服務的授權和驗證。三條腿認證就是我所看到的。很像Twitter,LinkedIn和Google OAuth實施。與REST WCF服務應用程序集成的OAuth 2.0
已經在互聯網上廣泛搜索了與OAuth集成的REST WCF API,但沒有遇到任何合適的幫助我的線索。我看了一箇舊例子http://weblogs.asp.net/cibrax/archive/2008/11/14/using-the-wcf-oauth-channel-with-an-ado-net-service.aspx
我已經使用這個例子來與現有的Rest WCF集成。當我運行該服務時,出現「500內部服務器錯誤」,而其他時候該操作即將結束。
這是導致問題的實現。
我不得不添加攔截如下引用和在.SVC 廠=「DemoRESTOAuthService.AppServiceHostFactory」:
class AppServiceHostFactory : System.ServiceModel.Activation.ServiceHostFactory
{
//<summary>
//Factory method called by WCF to create a <see cref="ServiceHost"/>.
//</summary>
//<param name="serviceType">The type of the service to be created.</param>
//<param name="baseAddresses">Collection of base addresses where the <see cref="ServiceHost"/> can listen.</param>
//<returns>An instance of <see cref="ServiceHost"/>.</returns>
protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)
{
try
{
Microsoft.ServiceModel.Web.WebServiceHost2 result = new Microsoft.ServiceModel.Web.WebServiceHost2(serviceType, true, baseAddresses);
result.Interceptors.Add(new OAuthChannel.OAuthInterceptor(DemoRESTOAuthService.OAuth.OAuthServicesLocator.Provider, DemoRESTOAuthService.OAuth.OAuthServicesLocator.AccessTokenRepository));
return result;
}
catch(Exception e)
{
throw e;
}
}
}
當調試使用一個日誌文件,我只是我能告訴的在OAuthChannel程序集的OAuthInterceptor.cs中拋出異常。我已經使用了tracelog和fiddler,但我沒有得到太多的幫助來理解錯誤,而不是500內部服務器錯誤。
public override void ProcessRequest(ref RequestContext requestContext)
{
if (requestContext == null || requestContext.RequestMessage == null)
{
return;
}
Message request = requestContext.RequestMessage;
HttpRequestMessageProperty requestProperty = (HttpRequestMessageProperty)request.Properties[HttpRequestMessageProperty.Name];
OAuthContext context = new OAuthContextBuilder().FromUri(requestProperty.Method, request.Headers.To);
try
{
_provider.AccessProtectedResourceRequest(context);
OAuthChannel.Models.AccessToken accessToken = _repository.GetToken(context.Token);
TokenPrincipal principal = new TokenPrincipal(
new GenericIdentity(accessToken.UserName, "OAuth"),
accessToken.Roles,
accessToken);
InitializeSecurityContext(request, principal);
}
catch (OAuthException authEx)
{
XElement response = XElement.Load(new StringReader("<?xml version=\"1.0\" encoding=\"utf-8\"?><html xmlns=\"http://www.w3.org/1999/xhtml\" version=\"-//W3C//DTD XHTML 2.0//EN\" xml:lang=\"en\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://www.w3.org/1999/xhtml http://www.w3.org/MarkUp/SCHEMA/xhtml2.xsd\"><HEAD><TITLE>Request Error</TITLE></HEAD><BODY><DIV id=\"content\"><P class=\"heading1\"><B>" + HttpUtility.HtmlEncode(authEx.Report.ToString()) + "</B></P></DIV></BODY></html>"));
Message reply = Message.CreateMessage(MessageVersion.None, null, response);
HttpResponseMessageProperty responseProperty = new HttpResponseMessageProperty() { StatusCode = HttpStatusCode.Forbidden, StatusDescription = authEx.Report.ToString() };
responseProperty.Headers[HttpResponseHeader.ContentType] = "text/html";
reply.Properties[HttpResponseMessageProperty.Name] = responseProperty;
requestContext.Reply(reply);
requestContext = null;
}
}
任何人都可以幫助我瞭解到底發生了什麼?
或者您可以幫助我爲其他合適的示例,指針,技巧或文檔提供三種支持的OAuth提供程序實現。我在這個問題上過去的一個星期裏一直堅持着。任何幫助表示讚賞。
在此先感謝
除非我們可以在服務端本身進行調試,否則很難指出當前代碼的問題。在二十八號被問到,所以我支持你可能已經完成了。無論如何這裏是一個很好的文章,以瞭解diff oauth協議之間的差異http://blog.nerdbank.net/2011/06/what-is-2-legged-oauth.html,你可以從這裏瞭解更多關於oauth的信息https: //github.com/DotNetOpenAuth/DotNetOpenAuth.Samples – 2013-08-23 11:42:57