从数据存储实现动态 OAuthBearerServerOptions AccessTokenExpireTimeSpan 值
Implementing a dynamic OAuthBearerServerOptions AccessTokenExpireTimeSpan value from data store
这个post的上下文涉及ASP.NET Web API 2.2 + OWIN
该环境是具有 OWIN 服务器和 Web Api 的单个应用程序。
背景:
在 Startup class 中,必须指定 OAuthBearerServerOptions which is supplied to the OAuthBearerAuthenticationProvider. These options are created during the start up of the OWIN server. On the OAuthBearerServerOptions, I must specify the AccessTokenExpireTimeSpan 以便我可以确保令牌过期。
问题
我必须能够根据每个身份验证请求动态指定到期时间跨度。我不确定这是否可以完成并且想知道:
- 可以做到吗?
- 如果是;我可以在什么时候执行此查找和到期分配?
启动配置内容:
var config = new HttpConfiguration();
WebApiConfig.Register(config);
var container = builder.Build();
config.DependencyResolver = new AutofacWebApiDependencyResolver(container);
var OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/OAuth"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(**THIS NEEDS TO BE DYNAMIC**)),
Provider = new AuthorizationServerProvider()
};
//STOP!!!!!!!!
//DO NOT CHANGE THE ORDER OF THE BELOW app.Use statements!!!!!
//Token Generation
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); //this MUST come before oauth registration
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
Provider = new BearerProvider()
});
app.UseAutofacMiddleware(container); //this MUST come before UseAutofacWebApi
app.UseAutofacWebApi(config);//this MUST come before app.UseWebApi
app.UseWebApi(config);
我开始弄乱 BearerProvider class(请参阅上面的 app.UseOAuthBearerAuthentication 以了解我在哪里使用此 class),具体来说,是 ValidateIdentity 方法,但不确定是否是 auth 工作流程中设置此值的正确点。这似乎是合适的,但我寻求证实我的立场。
public class BearerProvider : OAuthBearerAuthenticationProvider
{
public override async Task RequestToken(OAuthRequestTokenContext context)
{
await base.RequestToken(context);
//No token? attempt to retrieve from query string
if (String.IsNullOrEmpty(context.Token))
{
context.Token = context.Request.Query.Get("access_token");
}
}
public override Task ValidateIdentity(OAuthValidateIdentityContext context)
{
//context.Ticket.Properties.ExpiresUtc= //SOME DB CALL TO FIND OUT EXPIRE VALUE..IS THIS PROPER?
return base.ValidateIdentity(context);
}
}
提前致谢!
所以我完全走错了地方。我最终不得不做的是使用我的自定义 OAuthorizationServerProvider 并在该自定义 class 中重写的 GrantResourceOwnerCredentials 方法中,我能够通过访问...设置超时值
context.Options.AccessTokenExpireTimeSpan
属性.
<!-- language: c# -->
public class AuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
//DO STUFF
var expireValue=GetTimeOutFromSomeplace();
context.Options.AccessTokenExpireTimeSpan = expireValue;
//DO OTHER TOKEN STUFF
}
}
设置context.Options.AccessTokenExpireTimeSpan实际上会改变全局值,并影响所有请求,这对原始要求不起作用。
正确的地方是 TokenEndpoint 方法。
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
...
if (someCondition)
{
context.Properties.ExpiresUtc = GetExpirationDateFromDB();
}
...
}
这个post的上下文涉及ASP.NET Web API 2.2 + OWIN 该环境是具有 OWIN 服务器和 Web Api 的单个应用程序。
背景:
在 Startup class 中,必须指定 OAuthBearerServerOptions which is supplied to the OAuthBearerAuthenticationProvider. These options are created during the start up of the OWIN server. On the OAuthBearerServerOptions, I must specify the AccessTokenExpireTimeSpan 以便我可以确保令牌过期。
问题
我必须能够根据每个身份验证请求动态指定到期时间跨度。我不确定这是否可以完成并且想知道:
- 可以做到吗?
- 如果是;我可以在什么时候执行此查找和到期分配?
启动配置内容:
var config = new HttpConfiguration();
WebApiConfig.Register(config);
var container = builder.Build();
config.DependencyResolver = new AutofacWebApiDependencyResolver(container);
var OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/OAuth"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(**THIS NEEDS TO BE DYNAMIC**)),
Provider = new AuthorizationServerProvider()
};
//STOP!!!!!!!!
//DO NOT CHANGE THE ORDER OF THE BELOW app.Use statements!!!!!
//Token Generation
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); //this MUST come before oauth registration
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
Provider = new BearerProvider()
});
app.UseAutofacMiddleware(container); //this MUST come before UseAutofacWebApi
app.UseAutofacWebApi(config);//this MUST come before app.UseWebApi
app.UseWebApi(config);
我开始弄乱 BearerProvider class(请参阅上面的 app.UseOAuthBearerAuthentication 以了解我在哪里使用此 class),具体来说,是 ValidateIdentity 方法,但不确定是否是 auth 工作流程中设置此值的正确点。这似乎是合适的,但我寻求证实我的立场。
public class BearerProvider : OAuthBearerAuthenticationProvider
{
public override async Task RequestToken(OAuthRequestTokenContext context)
{
await base.RequestToken(context);
//No token? attempt to retrieve from query string
if (String.IsNullOrEmpty(context.Token))
{
context.Token = context.Request.Query.Get("access_token");
}
}
public override Task ValidateIdentity(OAuthValidateIdentityContext context)
{
//context.Ticket.Properties.ExpiresUtc= //SOME DB CALL TO FIND OUT EXPIRE VALUE..IS THIS PROPER?
return base.ValidateIdentity(context);
}
}
提前致谢!
所以我完全走错了地方。我最终不得不做的是使用我的自定义 OAuthorizationServerProvider 并在该自定义 class 中重写的 GrantResourceOwnerCredentials 方法中,我能够通过访问...设置超时值
context.Options.AccessTokenExpireTimeSpan
属性.
<!-- language: c# -->
public class AuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
//DO STUFF
var expireValue=GetTimeOutFromSomeplace();
context.Options.AccessTokenExpireTimeSpan = expireValue;
//DO OTHER TOKEN STUFF
}
}
设置context.Options.AccessTokenExpireTimeSpan实际上会改变全局值,并影响所有请求,这对原始要求不起作用。
正确的地方是 TokenEndpoint 方法。
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
...
if (someCondition)
{
context.Properties.ExpiresUtc = GetExpirationDateFromDB();
}
...
}