JWT - 配置授权服务器并将发行者设置为自己
JWT - Configuring a Authorization Server and setting the issuer as itself
我正尝试按照本指南设置授权服务器:
http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/
但是,我想将我的本地服务器(即项目运行所在的服务器)指定为发行者 CustomJwtFormatting。所以,在 Startup.cs 我使用:
public void ConfigureOAuth(IAppBuilder app)
{
var issuer = HttpContext.Current.Request.Url.Scheme + System.Uri.SchemeDelimiter + HttpContext.Current.Request.Url.Host
+ (HttpContext.Current.Request.Url.IsDefaultPort ? "" : ":" + HttpContext.Current.Request.Url.Port); // get the host name with the port
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
//For Dev enviroment only (on production should be AllowInsecureHttp = false)
//TODO: Make it false before going live
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/oauth2/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),
Provider = new CustomOAuthProvider(),
AccessTokenFormat = new CustomJwtFormat(issuer)
};
// OAuth 2.0 Bearer Access Token Generation
app.UseOAuthAuthorizationServer(OAuthServerOptions);
}
对于 CustomJwtFormat class,代码如下:
var issuer = HttpContext.Current.Request.Url.Scheme + System.Uri.SchemeDelimiter + HttpContext.Current.Request.Url.Host + (HttpContext.Current.Request.Url.IsDefaultPort ? "" : ":" + HttpContext.Current.Request.Url.Port); // get the host name with the port
var token = new JwtSecurityToken(_issuer, audienceId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey);
但是,当我向 http://127.0.0.1/oauth2/token 发送 POST 请求时收到 404 错误:
在 ASP.NET 中正确实现本地服务器发行者的最佳方法是什么?
好吧,我试过将 null 分配给发行人,例如
var issuer = null;
//var issuer = HttpContext.Current.Request.Url.Scheme + System.Uri.SchemeDelimiter + HttpContext.Current.Request.Url.Host + (HttpContext.Current.Request.Url.IsDefaultPort ? "" : ":" + HttpContext.Current.Request.Url.Port); // get the host name with the port`
成功了。
你需要在Authorization header中提供clientId并将其类型设置为Basic,考虑到我也对clientId进行了编码
check my request
我正尝试按照本指南设置授权服务器: http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/
但是,我想将我的本地服务器(即项目运行所在的服务器)指定为发行者 CustomJwtFormatting。所以,在 Startup.cs 我使用:
public void ConfigureOAuth(IAppBuilder app)
{
var issuer = HttpContext.Current.Request.Url.Scheme + System.Uri.SchemeDelimiter + HttpContext.Current.Request.Url.Host
+ (HttpContext.Current.Request.Url.IsDefaultPort ? "" : ":" + HttpContext.Current.Request.Url.Port); // get the host name with the port
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
//For Dev enviroment only (on production should be AllowInsecureHttp = false)
//TODO: Make it false before going live
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/oauth2/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),
Provider = new CustomOAuthProvider(),
AccessTokenFormat = new CustomJwtFormat(issuer)
};
// OAuth 2.0 Bearer Access Token Generation
app.UseOAuthAuthorizationServer(OAuthServerOptions);
}
对于 CustomJwtFormat class,代码如下:
var issuer = HttpContext.Current.Request.Url.Scheme + System.Uri.SchemeDelimiter + HttpContext.Current.Request.Url.Host + (HttpContext.Current.Request.Url.IsDefaultPort ? "" : ":" + HttpContext.Current.Request.Url.Port); // get the host name with the port
var token = new JwtSecurityToken(_issuer, audienceId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey);
但是,当我向 http://127.0.0.1/oauth2/token 发送 POST 请求时收到 404 错误:
在 ASP.NET 中正确实现本地服务器发行者的最佳方法是什么?
好吧,我试过将 null 分配给发行人,例如
var issuer = null;
//var issuer = HttpContext.Current.Request.Url.Scheme + System.Uri.SchemeDelimiter + HttpContext.Current.Request.Url.Host + (HttpContext.Current.Request.Url.IsDefaultPort ? "" : ":" + HttpContext.Current.Request.Url.Port); // get the host name with the port`
成功了。
你需要在Authorization header中提供clientId并将其类型设置为Basic,考虑到我也对clientId进行了编码
check my request