你如何創建和使用OWIN智威湯遜？

Question

我有一個WebAPI，我需要確保一個Angular 4.x應用程序，所以我儘管可以使用JWT。 我試圖找出使用微軟的OWIN Katana 3.x包來實現它的最低限度（無OAuth？）。

怎麼辦？

Answer 1

以下不起作用（微軟的/ System部分糾纏不休）。但這是我能看到的幾乎簡單的東西中最接近的。

using System.IdentityModel.Tokens.Jwt; 
using System.Security.Claims; 
using System.Security.Cryptography; 
using Microsoft.IdentityModel.Tokens; 
using Microsoft.Owin; 
using Microsoft.Owin.Security.Jwt; 
using Owin; 

[assembly: OwinStartup(typeof(WebApplication1.Startup))] 
namespace WebApplication1 
{ 
    public class Startup 
    { 
     public void Configuration(IAppBuilder app) 
     { 
      var issuer = "test"; 
      var audience = issuer; 
      var key = new AesManaged().Key; 

      var options = new JwtBearerAuthenticationOptions 
      { 
       AllowedAudiences = new[] { audience }, 
       IssuerSecurityTokenProviders = new[] { new SymmetricKeyIssuerSecurityTokenProvider(issuer, key) } 
      }; 
      app.UseJwtBearerAuthentication(options); 

      app.Map("/Login", subApp => 
      { 
       subApp.Run(context => 
       { 
        var tokenHandler = new JwtSecurityTokenHandler(); 
        var tokenDescriptor = new SecurityTokenDescriptor 
        { 
         SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.Sha256Digest), 
         Audience = audience, 
         Issuer = issuer, 
         Subject = new ClaimsIdentity(new[] 
         { 
          new Claim(ClaimTypes.Name, "Serge") 
         }) 
        }; 
        var token = tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor)); 

        return context.Response.WriteAsync(token); 
       }); 
      }); 
     } 
    } 
}