首页 文章

Web API中的Decrypt Bearer Token

提问于
浏览
2

有没有办法在web api项目中读取/解密持票人令牌?

我的web api也托管SignalR集线器,这些集线器通过websocket从浏览器调用 . 与我正常的api调用不同,我无法在此处添加授权标头 . 虽然我可以在查询字符串中发送令牌并在SignalR集线器中读取它 .

默认情况下,令牌由owin解析为声明标识 . 我需要的是手动执行此操作 . 我该怎么办?

OAuthAuthorizationServerOptions serverOptions = new OAuthAuthorizationServerOptions()
    {
        AllowInsecureHttp = true,
        TokenEndpointPath = new PathString("/token"),
        AccessTokenExpireTimeSpan = TimeSpan.FromDays(Config.TokenLifetime),
        Provider = new AuthProvider()
    };

    // Token Generation
    app.UseStageMarker(PipelineStage.Authenticate); // wait for authenticate stage, so we get the windows principle for use with ntlm authentication
    app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
    app.UseOAuthAuthorizationServer(serverOptions);

1 回答

  • 2

    我假设在 Startup.cs 你有一个类似于这样的代码:

    var oAuthOpt = new OAuthBearerAuthenticationOptions
    {
        Provider = new OAuthTokenProvider(
            req => req.Query.Get("bearer_token"),
            req => req.Query.Get("access_token"),
            req => req.Query.Get("refresh_token"),
            req => req.Query.Get("token"),
            req => req.Headers.Get("X-Token"))
    };
    
    app.UseOAuthBearerAuthentication(OAuthOpt);
    
    app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
    {
        AllowInsecureHttp = true,
        TokenEndpointPath = new PathString(settings.TokenEndpointBasePath),
        AccessTokenExpireTimeSpan = Util.AccessTokenExpireTimeSpan,
        Provider = new AuthorizationServerProvider(new AuthenticationService()),
    });
    

    您需要做的是将 oAuthOpt 替换为 Startup.cs 中的公共静态字段,而不是在需要取消保护您的承载令牌时使用它 .

    对于SignalR,我正在创建一个Authorization属性,我将 oAuthOpt 用于解码令牌 .

    我是这样做的:

    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = false, AllowMultiple = false)]
    public sealed class AuthorizeHubAttribute : AuthorizeAttribute
    {
        public override bool AuthorizeHubConnection (HubDescriptor hubDescriptor, IRequest request)
        {
            var token = request.QueryString["Authorization"];
            var ticket = Startup.OAuthOpt.AccessTokenFormat.Unprotect(token);
            if ( ticket != null && ticket.Identity != null && ticket.Identity.IsAuthenticated )
            {
                request.Environment["server.User"] = new ClaimsPrincipal(ticket.Identity);
                return true;
            }
            else
                return false;
        }
    
        public override bool AuthorizeHubMethodInvocation (IHubIncomingInvokerContext hubIncomingInvokerContext, bool appliesToMethod)
        {
            var connectionId = hubIncomingInvokerContext.Hub.Context.ConnectionId;
            var environment = hubIncomingInvokerContext.Hub.Context.Request.Environment;
            var principal = environment["server.User"] as ClaimsPrincipal;
            if ( principal != null && principal.Identity != null && principal.Identity.IsAuthenticated )
            {
                hubIncomingInvokerContext.Hub.Context = new HubCallerContext(new Microsoft.AspNet.SignalR.Owin.ServerRequest(environment), connectionId);
                return true;
            }
            else
                return false;
        }
    }
    

    var ticket = Startup.OAuthOpt.AccessTokenFormat.Unprotect(token);

    该行是与 Startup.cs 的连接

相关问题