ASP.NET Web API登錄方法

我想用第三方開發人員用來訪問我的應用程序數據的ASP.NET Web API構建RESTful Web服務。ASP.NET Web API登錄方法

在Visual Studio中，我決定創建一個新的ASP.NET項目。我跟着這個tutorial，但我選擇了一個不同的模板：Web API模板。如教程中所述，我使用帶有標準用戶角色表的MySQL數據庫。

該模板帶有許多非常有趣的方法來註冊一個新用戶，但沒有默認的登錄請求。我寫這個不理解我在做什麼：

// POST api/Account/Login 
    [Route("Login")] 
    public IHttpActionResult Login(LoginBindingModel model) 
    { 
     ClaimsIdentity ci = new ClaimsIdentity(); 
     // ... 
     // ... 
     Authentication.SignIn(ci); 
     return Ok(); 
    }

我讀了很多有關安全性而不使用文件，說明它是如何工作找到一個很好的樣本。在Web API中實現簡單的登錄方法似乎非常困難。

你能解釋一下爲什麼在這個模板中沒有登錄方法。你有一個登錄方法的樣本。我應該發回客戶端應用程序來驗證請求。這是使用令牌嗎？

來源

2014-10-22 Bastien Vandamme

也許這篇文章會幫助你http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api – Monah 2014-10-22 09:00:43

這篇文章是關於這個主題的極簡主義文檔的完美例子。 – 2014-10-22 12:26:54

通常你所做的是在該方法中實現登錄邏輯，並返回一個令牌，然後在每次調用你的API時驗證該令牌。

http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/

來源

2014-10-22 09:00:20 dariogriffo

事實上，在閱讀您的文章後，我發現沒有登錄方法，因爲微軟決定（重新）將其命名爲Token。請參閱startup.cs中的ConfigureAuth方法 – 2014-10-27 07:32:58

如果你要建立對第三方開發者的API，那麼你需要使用OAuth 2.0流程，以確保它可以閱讀更多的信息，我已經寫了詳細的崗位作爲@dariogriffo指導你實現資源所有者密碼憑證流，這對你的情況非常有用。

您不需要創建登錄端點，您將使用Owin中間件配置API，以在調用諸如「/ token」之類的端點時向用戶發出OAuth承載令牌，然後用戶繼續發送此令牌以及授權標頭中的每個請求。閱讀更多關於token based authentication。

來源

2014-10-23 10:02:59

如果您已創建新的ASP.NET Web Application→Web API→更改驗證→Individual User Accounts。看看App_Start - >Startup.Auth.cs。

它應該包含這樣的事情：

PublicClientId = "self"; 
OAuthOptions = new OAuthAuthorizationServerOptions 
{ 
    TokenEndpointPath = new PathString("/Token"), 
    Provider = new ApplicationOAuthProvider(PublicClientId), 
    AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), 
    AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), 
    // In production mode set AllowInsecureHttp = false 
    AllowInsecureHttp = true 
}; 

// Enable the application to use bearer tokens to authenticate users 
app.UseOAuthBearerTokens(OAuthOptions);

這意味着，你可以發送一個請求訪問令牌，例如要求：

然後，您可以驗證訪問代幣作品：

使用此令牌，您現在可以訪問用戶有權訪問的所有受保護資源。

來源

2017-06-26 08:00:18 Ogglas

他人，一個輔助類，首先：

namespace WeBAPITest 
{ 



#region Using Statements: 



using System.Net.Http; 
using System.Collections.Generic; 

using Newtonsoft.Json; 



#endregion 



public class HttpWebApi 
{ 



#region Fields: 



private static readonly HttpClient client = new HttpClient(); 



#endregion 



#region Properties: 



/// <summary> 
/// The basr Uri. 
/// </summary> 
public string BaseUrl { get; set; } 



/// <summary> 
/// Username. 
/// </summary> 
protected internal string Username { get; set; } 



/// <summary> 
/// Password. 
/// </summary> 
protected internal string Password { get; set; } 



/// <summary> 
/// The instance of the Root Object Json Deserialised Class. 
/// </summary> 
internal Rootobject Authentication { get; set; } 



/// <summary> 
/// The Access Token from the Json Deserialised Login. 
/// </summary> 
public string AccessToken { get { return Authentication.access_token; } } 



#endregion 



public HttpWebApi(string baseurl) 
{ 

    // Init Base Url: 
    BaseUrl = baseurl; 
} 



/// <summary> 
/// Get from the Web API. 
/// </summary> 
/// <param name="path">The BaseUrl + path (Uri.Host + api/Controller) to the Web API.</param> 
/// <returns>A Task, when awaited, a string</returns> 
public async System.Threading.Tasks.Task<string> Get(string path) 
{ 

    if (Authentication.access_token == null) 
    throw new System.Exception("Authentication is not completed."); 

    // GET 
    client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", Authentication.access_token); 
    return await client.GetStringAsync(BaseUrl + path); 
} 



/// <summary> 
/// Logs In and populates the Authentication Variables. 
/// </summary> 
/// <param name="username">Your Username</param> 
/// <param name="password">Your Password</param> 
/// <returns>A Task, when awaited, a string</returns> 
public async System.Threading.Tasks.Task<string> Login(string username, string password) 
{ 

    // Set Username: 
    Username = username; 

    // Set Password: 
    Password = password; 

    // Conf String to Post: 
    var Dic = new Dictionary<string, string>() { { "grant_type", "password" }, { "username", "" }, { "password", "" } }; 
    Dic["username"] = username; 
    Dic["password"] = password; 

    // Post to Controller: 
    string auth = await Post("/Token", Dic); 

    // Deserialise Response: 
    Authentication = JsonConvert.DeserializeObject<Rootobject>(auth); 

    return auth; 
} 



/// <summary> 
/// Post to the Web API. 
/// </summary> 
/// <param name="path">The BaseUrl + path (Uri.Host + api/Controller) to the Web API.</param> 
/// <param name="values">The new Dictionary<string, string> { { "value1", "x" }, { "value2", "y" } }</param> 
/// <returns>A Task, when awaited, a string</returns> 
public async System.Threading.Tasks.Task<string> Post(string path, Dictionary<string, string> values) 
{ 

    // Add Access Token to the Headder: 
    if (Authentication != null) 
    if (Authentication.access_token != "") 
     client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", Authentication.access_token); 

    // Encode Values: 
    var content = new FormUrlEncodedContent(values); 

    // Post and get Response: 
    var response = await client.PostAsync(BaseUrl + path, content); 

    // Return Response: 
    return await response.Content.ReadAsStringAsync(); 
} 



/// <summary> 
/// Register a new User. 
/// </summary> 
/// <param name="username">Your Username, E-Mail</param> 
/// <param name="password">Your Password</param> 
/// <returns>A Task, when awaited, a string</returns> 
public async System.Threading.Tasks.Task<string> Register(string username, string password) 
{ 

    // Register: api/Account/Register 
    var Dic = new Dictionary<string, string>() { { "Email", "" }, { "Password", "" }, { "ConfirmPassword", "" } }; 
    Dic["Email"] = username; 
    Dic["Password"] = password; 
    Dic["ConfirmPassword"] = password; 

    return await Post("api/Account/Register", Dic); 
} 
} 



/// <summary> 
/// For Json Deserialisation. 
/// </summary> 
internal class Rootobject 
{ 

/// <summary> 
/// The Web Api Access Token. Gets added to the Header in each communication. 
/// </summary> 
public string access_token { get; set; } 



/// <summary> 
/// The Token Type 
/// </summary> 
public string token_type { get; set; } 



/// <summary> 
/// Expiry. 
/// </summary> 
public int expires_in { get; set; } 



/// <summary> 
/// The Username. 
/// </summary> 
public string userName { get; set; } 



/// <summary> 
/// Issued. 
/// </summary> 
public string issued { get; set; } 



/// <summary> 
/// Expiry. 
/// </summary> 
public string expires { get; set; } 
} 
}

特別設計的默認，未經編輯的網頁API模板在Visual Studio中。

然後：

HttpWebApi httpWebApi = new HttpWebApi("http://localhost/"); 
await httpWebApi.Login("email", "password"); 

richTextBox1.AppendText(await httpWebApi.Get("api/Account/UserInfo") + Environment.NewLine);

希望這有助於其他一些！

來源

2018-01-06 02:34:17

ASP.NET Web API登錄方法

回答

相關問題