中间件将token保存在哪里?
Where does middleware save token?
我有一个用 vb.net 编写的启动中间件。它成功地让用户登录并为他们创建声明。我可以使用以下代码从应用程序的单独页面访问声明。
Dim claimsID As ClaimsIdentity = HttpContext.Current.User.Identity
我想不通的是如何访问用户令牌,以便我可以将其用于图形 api 调用。
这是startup.vb
Imports Owin
Imports Microsoft.Owin
Imports Microsoft.Owin.Security
Imports Microsoft.Owin.Security.Cookies
Imports Microsoft.Owin.Security.OpenIdConnect
Imports Microsoft.Owin.Security.Notifications
Imports Microsoft.IdentityModel.Protocols.OpenIdConnect
Imports Microsoft.IdentityModel.Tokens
Imports Microsoft.Identity.Client
Imports System.Threading.Tasks
<Assembly: OwinStartup(GetType(WEBCOMLogin.Startup))>
Namespace WEBCOMLogin
Public Class Startup
Private clientId As String = System.Configuration.ConfigurationManager.AppSettings("ClientId")
Private redirectUri As String = System.Configuration.ConfigurationManager.AppSettings("RedirectUri")
Shared tenant As String = System.Configuration.ConfigurationManager.AppSettings("Tenant")
Private authority As String = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings("Authority"), tenant)
Public Sub Configuration(ByVal app As IAppBuilder)
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
app.UseCookieAuthentication(New CookieAuthenticationOptions())
app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions With {
.clientId = clientId,
.authority = authority,
.redirectUri = redirectUri,
.PostLogoutRedirectUri = redirectUri,
.Scope = OpenIdConnectScope.OpenIdProfile,
.ResponseType = OpenIdConnectResponseType.IdToken,
.ResponseMode = OpenIdConnectResponseMode.FormPost,
.SaveTokens = True,
.RedeemCode = True,
.tokenvalidationparameters = New tokenvalidationparameters With {
.ValidateIssuer = False
},
.Notifications = New OpenIdConnectAuthenticationNotifications With {
.AuthenticationFailed = AddressOf OnAuthenticationFailedAsync,
.AuthorizationCodeReceived = AddressOf OnAuthorizationCodeReceivedAsync
}
})
End Sub
Private Shared Function OnAuthenticationFailedAsync(ByVal notification As AuthenticationFailedNotification(Of OpenIdConnectMessage, OpenIdConnectAuthenticationOptions)) As Task
notification.HandleResponse()
Dim redirect As String = "owinerror.aspx?errormessage=" & notification.Exception.Message
notification.Response.Redirect(redirect)
Return Task.FromResult(0)
End Function
Private Async Function OnAuthorizationCodeReceivedAsync(ByVal notification As AuthorizationCodeReceivedNotification) As Task
Dim idClient = ConfidentialClientApplicationBuilder.Create(clientId).WithTenantId(tenant).Build()
Dim scopes As String = OpenIdConnectScope.OpenIdProfile
Dim result = Await idClient.AcquireTokenByAuthorizationCode(scopes, notification.Code).ExecuteAsync()
Dim userToken As String = result.AccessToken
End Function
End Class
End Namespace
默认情况下,当您设置 SaveTokens = True 时,OpenIDConnect 会将令牌 (id/access/refresh) 传递给 cookie 处理程序,cookie 处理程序默认会将它们存储在会话 cookie 中。
要稍后访问令牌,您可以在控制器中使用以下方式访问它们:
string accessToken = await HttpContext.GetTokenAsync("access_token");
string idToken = await HttpContext.GetTokenAsync("id_token");
string refreshToken = await HttpContext.GetTokenAsync("refresh_token");
string tokenType = await HttpContext.GetTokenAsync("token_type");
string accessTokenExpire = await HttpContext.GetTokenAsync("expires_at");
我有一个用 vb.net 编写的启动中间件。它成功地让用户登录并为他们创建声明。我可以使用以下代码从应用程序的单独页面访问声明。
Dim claimsID As ClaimsIdentity = HttpContext.Current.User.Identity
我想不通的是如何访问用户令牌,以便我可以将其用于图形 api 调用。
这是startup.vb
Imports Owin
Imports Microsoft.Owin
Imports Microsoft.Owin.Security
Imports Microsoft.Owin.Security.Cookies
Imports Microsoft.Owin.Security.OpenIdConnect
Imports Microsoft.Owin.Security.Notifications
Imports Microsoft.IdentityModel.Protocols.OpenIdConnect
Imports Microsoft.IdentityModel.Tokens
Imports Microsoft.Identity.Client
Imports System.Threading.Tasks
<Assembly: OwinStartup(GetType(WEBCOMLogin.Startup))>
Namespace WEBCOMLogin
Public Class Startup
Private clientId As String = System.Configuration.ConfigurationManager.AppSettings("ClientId")
Private redirectUri As String = System.Configuration.ConfigurationManager.AppSettings("RedirectUri")
Shared tenant As String = System.Configuration.ConfigurationManager.AppSettings("Tenant")
Private authority As String = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings("Authority"), tenant)
Public Sub Configuration(ByVal app As IAppBuilder)
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
app.UseCookieAuthentication(New CookieAuthenticationOptions())
app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions With {
.clientId = clientId,
.authority = authority,
.redirectUri = redirectUri,
.PostLogoutRedirectUri = redirectUri,
.Scope = OpenIdConnectScope.OpenIdProfile,
.ResponseType = OpenIdConnectResponseType.IdToken,
.ResponseMode = OpenIdConnectResponseMode.FormPost,
.SaveTokens = True,
.RedeemCode = True,
.tokenvalidationparameters = New tokenvalidationparameters With {
.ValidateIssuer = False
},
.Notifications = New OpenIdConnectAuthenticationNotifications With {
.AuthenticationFailed = AddressOf OnAuthenticationFailedAsync,
.AuthorizationCodeReceived = AddressOf OnAuthorizationCodeReceivedAsync
}
})
End Sub
Private Shared Function OnAuthenticationFailedAsync(ByVal notification As AuthenticationFailedNotification(Of OpenIdConnectMessage, OpenIdConnectAuthenticationOptions)) As Task
notification.HandleResponse()
Dim redirect As String = "owinerror.aspx?errormessage=" & notification.Exception.Message
notification.Response.Redirect(redirect)
Return Task.FromResult(0)
End Function
Private Async Function OnAuthorizationCodeReceivedAsync(ByVal notification As AuthorizationCodeReceivedNotification) As Task
Dim idClient = ConfidentialClientApplicationBuilder.Create(clientId).WithTenantId(tenant).Build()
Dim scopes As String = OpenIdConnectScope.OpenIdProfile
Dim result = Await idClient.AcquireTokenByAuthorizationCode(scopes, notification.Code).ExecuteAsync()
Dim userToken As String = result.AccessToken
End Function
End Class
End Namespace
默认情况下,当您设置 SaveTokens = True 时,OpenIDConnect 会将令牌 (id/access/refresh) 传递给 cookie 处理程序,cookie 处理程序默认会将它们存储在会话 cookie 中。
要稍后访问令牌,您可以在控制器中使用以下方式访问它们:
string accessToken = await HttpContext.GetTokenAsync("access_token");
string idToken = await HttpContext.GetTokenAsync("id_token");
string refreshToken = await HttpContext.GetTokenAsync("refresh_token");
string tokenType = await HttpContext.GetTokenAsync("token_type");
string accessTokenExpire = await HttpContext.GetTokenAsync("expires_at");