在使用Microsoft.AspNet.Security的MVC 6 RCP 6中,我能夠使用自定義的SecurityTokenValidator。MVC 6使用OAuthBearerAuthentication
在RC Microsoft.AspNet.Security在BETA4是不存在的,所以我改變了我的代碼中使用Microsoft.AspNet.Authentication見下文:(編譯和運行,但SecurityTokenValidator永遠不會觸發
services.Configure<ExternalAuthenticationOptions>(options =>
{
options.SignInScheme = OAuthBearerAuthenticationDefaults.AuthenticationScheme;
});
app.UseOAuthBearerAuthentication(options =>
{
options.TokenValidationParameters.ValidateAudience = true;
options.TokenValidationParameters.ValidateIssuer = true;
options.TokenValidationParameters.RequireSignedTokens = false;
options.AuthenticationScheme = OAuthBearerAuthenticationDefaults.AuthenticationScheme;
options.AutomaticAuthentication = true;
options.SecurityTokenValidators = new List<ISecurityTokenValidator> { validator };
});