1. 首頁
  2. 問答
  3. 帶OWIN的ASP.NET Web Api - 自定義身份驗證

帶OWIN的ASP.NET Web Api - 自定義身份驗證

2016-08-24 71 views
1

我試圖創建一個新的API Key自定義身份驗證提供程序來插入我的OWIN管道。 我使用的是Cookie,OAuth和ADFS提供程序。 我實現的代碼是相當多這樣的:帶OWIN的ASP.NET Web Api - 自定義身份驗證

public static class ApiKeyAuthenticationExtension 
{ 
    public static IAppBuilder UseApiKeyAuthentication(this IAppBuilder appBuilder, ApiKeyAuthenticationOptions options = null) 
    { 
     appBuilder.Use<ApiKeyAuthenticationMiddleware>(options ?? new ApiKeyAuthenticationOptions("ApiKey")); 
     appBuilder.UseStageMarker(PipelineStage.Authenticate); 

     return appBuilder; 
    } 
} 

public class ApiKeyAuthenticationMiddleware : AuthenticationMiddleware<AuthenticationOptions> 
{ 
    public ApiKeyAuthenticationMiddleware(OwinMiddleware next, AuthenticationOptions options) : base(next, options) 
    { 
    } 

    protected override AuthenticationHandler<AuthenticationOptions> CreateHandler() 
    { 
     return new ApiKeyAuthenticationHandler(); 
    } 
} 

public class ApiKeyAuthenticationHandler : AuthenticationHandler<AuthenticationOptions> 
{ 
    private const string ApiKey = "....."; 

    protected override Task<AuthenticationTicket> AuthenticateCoreAsync() 
    { 
     string apiKey = Context.Request.Headers["ApiKey"]; 
     if (!string.IsNullOrEmpty(apiKey) && ApiKey.Equals(apiKey)) 
     { 
      var identity = new ClaimsIdentity(Options.AuthenticationType); 
      identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, "Id", null, Options.AuthenticationType)); 
      identity.AddClaim(new Claim(ClaimTypes.Name, "Name")); 
      identity.AddClaim(new Claim(ClaimTypes.Email, "[email protected]")); 

      return new Task<AuthenticationTicket>(() => new AuthenticationTicket(identity, new AuthenticationProperties())); 
     } 

     return Task.FromResult(null as AuthenticationTicket); 
    } 
} 

public class ApiKeyAuthenticationOptions : AuthenticationOptions 
{ 
    public ApiKeyAuthenticationOptions(string authenticationType) : base(authenticationType) 
    { 
    } 
}

我Startup.Auth看起來是這樣的:

app.UseCookieAuthentication(... 
app.UseActiveDirectoryFederationServicesBearerAuthentication(... 
app.UseOAuthAuthorizationServer(... 
app.UseOAuthBearerAuthentication(...

,並在年底

app.UseApiKeyAuthentication(...

當執行進入AuthenticateCoreAsync和我返回和身份驗證票,瀏覽器掛起和執行似乎無處可去。之後沒有任何反應。

我在這裏錯過了什麼?

來源

2016-08-24 Ricardo Rodrigues

回答

1

我認爲你創建的任務從來沒有完成,甚至沒有開始。 您可能還想在其中使用Task.FromResult,或者將其更改爲異步方法。

protected override Task<AuthenticationTicket> AuthenticateCoreAsync() 
{ 
    string apiKey = Context.Request.Headers["ApiKey"]; 
    if (!string.IsNullOrEmpty(apiKey) && ApiKey.Equals(apiKey)) 
    { 
     var identity = new ClaimsIdentity(Options.AuthenticationType); 
     identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, "Id", null, Options.AuthenticationType)); 
     identity.AddClaim(new Claim(ClaimTypes.Name, "Name")); 
     identity.AddClaim(new Claim(ClaimTypes.Email, "[email protected]")); 

     return Task.FromResult(new AuthenticationTicket(identity, new AuthenticationProperties())); 
    } 

    return Task.FromResult(null as AuthenticationTicket); 
}

來源

2016-08-24 13:24:50 fbiagi

+0

現貨!查看相同的代碼太久:) –

相關問題

 相關問題