1. 首頁
  2. 問答
  3. 是否可以使用CAS對Web API進行身份驗證?

是否可以使用CAS對Web API進行身份驗證?

2016-01-28 147 views
2

===設置===是否可以使用CAS對Web API進行身份驗證?

ASP.net - Visual Studio中 - MVC &的Web API - 實體框架

目前,該應用程序在調用第三方數據庫並顯示我已經選擇了這些結果爲這些結果創建一個帶腳手架的新控制器。我試圖添加[authorize]過濾器並遵循以下文章,但我的網站並不要求您登錄CAS。我只希望那些註冊用戶被允許瀏覽網站。

===目標===

好像你可以使用CAS是形式的唯一途徑,但我想知道是否可以設置這是你能要求身份驗證當試圖訪問一個Web API。如果用戶訪問URL,他們有可能登錄到CAS來查看結果嗎?

===資源===

https://wiki.jasig.org/display/CASC/.Net+Cas+Client https://wiki.jasig.org/display/CASC/ASP.NET+Forms+Authentication

來源

2016-01-28 Coded Container

+0

你好,你能做到嗎? – jtorrescr

回答

3

我不使用.NET客戶端CAS,但我相信有一個專門爲MVC其中工程。我用CAS SSO下面的代碼:

AuthController.cs

public class AuthController : Controller 
{ 
    private readonly string _casHost = System.Configuration.ConfigurationManager.AppSettings["CasHost"]; 
    private readonly string _casXMLNS = "http://www.yale.edu/tp/cas"; 

    private readonly IBannerIdentityService _bannerIdentityService; 

    public ILogger Logger { get; set; } 

    public AuthController(IBannerIdentityService bannerIdentityService) 
    { 
     _bannerIdentityService = bannerIdentityService; 
    } 

    // 
    // GET: /Auth/ 
    public ActionResult Index() 
    { 
     return RedirectToAction("Login"); 
    } 

    // 
    // GET: /Auth/Login 
    public ActionResult Login(string ticket, string ReturnUrl) 
    { 
     // Make sure CasHost is specified in web.config 
     if (String.IsNullOrEmpty(_casHost)) 
      Logger.Fatal("Could not find CasHost in web.config. Please specify this value for authentication."); 

     string strService = Request.Url.GetLeftPart(UriPartial.Path); 

     // First time through there is no ticket=, so redirect to CAS login 
     if (String.IsNullOrWhiteSpace(ticket)) 
     { 
      if (!String.IsNullOrWhiteSpace(ReturnUrl)) 
      { 
       Session["ReturnUrl"] = ReturnUrl; 
      } 

      string strRedirect = _casHost + "login?" + "service=" + strService; 

      Logger.Debug("Initializing handshake with CAS"); 
      Logger.DebugFormat("Redirecting to: {0}", strRedirect); 

      return Redirect(strRedirect); 
     } 

     // Second time (back from CAS) there is a ticket= to validate 
     string strValidateUrl = _casHost + "serviceValidate?" + "ticket=" + ticket + "&" + "service=" + strService; 

     Logger.DebugFormat("Validating ticket from CAS at: {0}", strValidateUrl); 

     XmlReader reader = XmlReader.Create(new WebClient().OpenRead(strValidateUrl)); 
     XDocument xdoc = XDocument.Load(reader); 
     XNamespace xmlns = _casXMLNS; 

     Logger.DebugFormat("CAS Response: {0}", xdoc.ToString()); 
     Logger.Debug("Parsing XML response from CAS"); 

     var element = (from serviceResponse in xdoc.Elements(xmlns + "serviceResponse") 
         from authenticationSuccess in serviceResponse.Elements(xmlns + "authenticationSuccess") 
         from user in authenticationSuccess.Elements(xmlns + "user") 
         select user).FirstOrDefault(); 

     string strNetId = String.Empty; 

     if (element != null) 
      strNetId = element.Value; 

     if (!String.IsNullOrEmpty(strNetId)) 
     { 
      Logger.DebugFormat("User '{0}' was validated successfully", strNetId); 
      Logger.DebugFormat("Loading user data for '{0}'", strNetId); 

      // Get banner data 
      var bannerUser = _bannerIdentityService.GetBannerIdentityByNetId(strNetId); 

      // Make sure banner user isnt null 
      if (bannerUser == null) 
       throw new ArgumentOutOfRangeException(String.Format("Could not found any banner records for the Net ID ({0}).", strNetId)); 

      Logger.DebugFormat("Logging in user '{0}' as a system user.", strNetId); 

      Response.Cookies.Add(GetFormsAuthenticationCookie(bannerUser)); 
     } 
     else 
     { 
      return HttpNotFound(); 
     } 

     if (Session["ReturnUrl"] != null) 
     { 
      ReturnUrl = Session["ReturnUrl"].ToString(); 
      Session["ReturnUrl"] = null; 
     } 

     if (String.IsNullOrEmpty(ReturnUrl) && Request.UrlReferrer != null) 
      ReturnUrl = Server.UrlEncode(Request.UrlReferrer.PathAndQuery); 

     if (Url.IsLocalUrl(ReturnUrl) && !String.IsNullOrEmpty(ReturnUrl)) 
     { 
      return Redirect(ReturnUrl); 
     } 
     else 
     { 
      return RedirectToAction("Index", "Home", new { area = "" }); 
     } 
    } 

    private HttpCookie GetFormsAuthenticationCookie(BannerIdentity identity) 
    { 
     Logger.DebugFormat("Building FormsAuthentication Cookie for user: '{0}'", identity.NetId.Value); 

     UserPrincipalPoco pocoModel = new UserPrincipalPoco(); 
     pocoModel.BannerIdentity = identity; 

     JavaScriptSerializer serializer = new JavaScriptSerializer(); 

     string userData = serializer.Serialize(pocoModel); 

     FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
      1, 
      identity.NetId.Value, 
      DateTime.Now, 
      DateTime.Now.AddMinutes(15), 
      false, 
      userData); 

     string encryptedTicket = FormsAuthentication.Encrypt(authTicket); 

     return new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); 
    } 
}

因爲Web.config看起來像:

<appSettings> 
    <add key="CasHost" value="https://auth.myschool.edu/cas/" /> 
    <add key="webpages:Version" value="3.0.0.0" /> 
    <add key="webpages:Enabled" value="false" /> 
    <add key="ClientValidationEnabled" value="true" /> 
    <add key="UnobtrusiveJavaScriptEnabled" value="true" /> 
</appSettings> 
<system.web> 
    <compilation debug="true" targetFramework="4.5" /> 
    <httpRuntime targetFramework="4.5" /> 
    <authentication mode="Forms"> 
    <forms loginUrl="~/Auth/Login" timeout="30" defaultUrl="~/Home/Index" cookieless="UseCookies" slidingExpiration="true" path="/" /> 
    </authentication> 
    <authorization> 
    <allow users="*" /> 
    </authorization> 
</system.web>

有很多額外的代碼在那裏我喜歡從數據庫中提取用戶數據並將其附加到表單身份驗證Cookie,但希望您能看到我們如何從CAS獲取用戶名。

這可以在任何使用[Authorize]屬性註釋的控制器上工作,甚至是WebAPI。

來源

2016-01-28 19:15:51

相關問題

 相關問題