我目前在Xamarin.Forms中構建了我的第一個移動應用程序。該應用程序有一個Facebook登錄,並在用戶登錄後,我存儲的是Facebook標記,因爲我想用它作爲承載令牌來驗證任何針對API的進一步請求。如何在asp.net核心2中驗證facebook web api
該API是一個.NET核心2.0項目,我很努力獲得認證工作。
在我的Xamarin.Forms應用程序中,facebook令牌被設置爲帶有以下代碼的載體令牌;
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", UserToken);
據我所知,這正確地設置請求標頭中的不記名令牌。 我已經跟我的一位同事談過這件事了,他讓我看看Identityserver4應該支持這一點。但就目前而言,我決定不這樣做,因爲對我來說,在這一刻,實施這個是開銷。所以我決定留下這個想法,使用Facebook令牌作爲不記名令牌並驗證它。
對我來說,下一步是找到一種方法來驗證傳入的持票人令牌與Facebook以檢查它是否(仍然)有效。 所以我爲我的API項目配置了啓動,如下所示;
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddFacebook(o =>
{
o.AppId = "MyAppId";
o.AppSecret = "MyAppSecret";
});
services.AddMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
//Enable authentication
app.UseAuthentication();
//Enable support for default files (eg. default.htm, default.html, index.htm, index.html)
app.UseDefaultFiles();
//Configure support for static files
app.UseStaticFiles();
app.UseMvc();
}
}
但是,當我使用郵遞員做請求和測試,如果一切正常工作,我收到以下錯誤;
InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found.
我在這裏做錯了什麼?
編輯: 在同時,如果一直忙着試圖找到解決方案。在Google上閱讀很多內容之後,似乎添加AuthorizationHandler是目前的方式。從那裏開始,我可以向Facebook發送請求以檢查令牌是否有效。我已將以下代碼添加到我的ConfigureServices方法中;
public void ConfigureServices(IServiceCollection services)
{
//Other code
services.AddAuthorization(options =>
{
options.AddPolicy("FacebookAuthentication", policy => policy.Requirements.Add(new FacebookRequirement()));
});
services.AddMvc();
}
而且我創建了一個FacebookRequirement,它可以幫助我處理政策;
public class FacebookRequirement : AuthorizationHandler<FacebookRequirement>, IAuthorizationRequirement
{
private readonly IHttpContextAccessor contextAccessor;
public FacebookRequirement(IHttpContextAccessor contextAccessor)
{
this.contextAccessor = contextAccessor;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FacebookRequirement requirement)
{
//var socialConfig = new SocialConfig{Facebook = new SocialApp{AppId = "MyAppId", AppSecret = "MyAppSecret" } };
//var socialservice = new SocialAuthService(socialConfig);
//var result = await socialservice.VerifyFacebookTokenAsync()
var httpContext = contextAccessor.HttpContext;
if (httpContext != null && httpContext.Request.Headers.ContainsKey("Authorization"))
{
var token = httpContext.Request.Headers.Where(x => x.Key == "Authorization").ToList();
}
context.Succeed(requirement);
return Task.FromResult(0);
}
}
現在我遇到的問題是,我不知道在哪裏得到IHttpContextAccessor。這是被注入某種方式?我甚至在正確的道路上解決這個問題?
糾正我,如果我錯了,但這意味着,在您的服務的每一個請求,你向Facebook發出一個請求。這聽起來不太有效。 – Stilgar