ASP.NET Web API Authorization using Tokens
Planning real world REST API
http://blog.developers.ba/post/2012/03/03/ASPNET-Web-API-Authorization-using-Tokens.aspx
When you try to plan how to build real world REST API like other major players like Facebook or Foursquare have you will soon realize that all major players use OAuth 2.0 .
ASP.NET Web API comes with support for authorize attribute and that’s nice, but for real world API I want to support token based approach.
OAuth 2.0 Server
For supporting token based approach you must have some kind of server that will issue tokens. Building token server can be complex and most major players have implemented OAuth 2.0 server based on draft 10 OAuth documentation.
We hope that Microsoft will provide us with their own OAuth 2.0 server for free in final version of ASP.NET MVC 4.
Meanwhile I will just assume that you already have your own OAuth 2.0 server.
Building ActionFilterAttribute
I have solved my problem with authorization by implementing RequireAuthorize ActionFilterAttribute. This attribute also have scope property. Scope property is used for limiting access to your REST API.
You just need to decorate controllers or actions in controllers with this attribute and optionally set required scope for accessing these actions.
Here is RequireAuthorizeAtribute:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
public class RequireAuthorization : ActionFilterAttribute { public string Scope { get ; set ; } public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { string [] scope = null ; if (! string .IsNullOrEmpty(Scope)) { scope = Scope.Split( new [] { "," }, StringSplitOptions.RemoveEmptyEntries); } string query = actionContext.Request.RequestUri.Query; string accessToken = HttpUtility.ParseQueryString(query).Get( "accessToken" ); // we first check for valid token if (accessToken != null ) { IAccessTokenValidator accessTokenValidator = new AccessTokenValidator(); bool validToken = accessTokenValidator.ValidateToken(accessToken, scope); if (!validToken) { var response = new HttpResponseMessage { Content = new StringContent( "This token is not valid, please refresh token or obtain valid token!" ), StatusCode = HttpStatusCode.Unauthorized }; throw new HttpResponseException(response); } } else { var response = new HttpResponseMessage { Content = new StringContent( "You must supply valid token to access method!" ), StatusCode = HttpStatusCode.Unauthorized }; throw new HttpResponseException(response); } base .OnActionExecuting(actionContext); } } |
And here is AccessTokenValidator class:
1
2
3
4
5
6
7
8
9
10
11
12
|
public class AccessTokenValidator : IAccessTokenValidator { public bool ValidateToken( string token, string [] scope) { // replace this logic with dataBase access to table with tokens if (token != "someToken" ) { return false ; } return true ; } } |
ASP.NET Web API Authorization using Tokens的更多相关文章
- Implement JSON Web Tokens Authentication in ASP.NET Web API and Identity 2.1 Part 3 (by TAISEER)
http://bitoftech.net/2015/02/16/implement-oauth-json-web-tokens-authentication-in-asp-net-web-api-an ...
- Authentication and Authorization in ASP.NET Web API
You've created a web API, but now you want to control access to it. In this series of articles, we ...
- ASP.NET Web API Claims Authorization with ASP.NET Identity 2.1 Part 5 (by TAISEER)
https://www.cnblogs.com/KimmyLee/p/6430474.html https://www.cnblogs.com/rocketRobin/p/9077523.html h ...
- 购物车Demo,前端使用AngularJS,后端使用ASP.NET Web API(3)--Idetity,OWIN前后端验证
原文:购物车Demo,前端使用AngularJS,后端使用ASP.NET Web API(3)--Idetity,OWIN前后端验证 chsakell分享了前端使用AngularJS,后端使用ASP. ...
- [转] JSON Web Token in ASP.NET Web API 2 using Owin
本文转自:http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/ ...
- JSON Web Token in ASP.NET Web API 2 using Owin
In the previous post Decouple OWIN Authorization Server from Resource Server we saw how we can separ ...
- 对一个前端使用AngularJS后端使用ASP.NET Web API项目的理解(2)
chsakell分享了一个前端使用AngularJS,后端使用ASP.NET Web API的项目. 源码: https://github.com/chsakell/spa-webapi-angula ...
- ASP.NET Web API 2 external logins with Facebook and Google in AngularJS app
转载:http://bitoftech.net/2014/08/11/asp-net-web-api-2-external-logins-social-logins-facebook-google-a ...
- 在ASP.NET Web API 2中使用Owin OAuth 刷新令牌(示例代码)
在上篇文章介绍了Web Api中使用令牌进行授权的后端实现方法,基于WebApi2和OWIN OAuth实现了获取access token,使用token访问需授权的资源信息.本文将介绍在Web Ap ...
随机推荐
- css 优先级
css优先级的四大原则: 原则一: 继承不如指定 如果某样式是继承来的永远不如具体指定的优先级高.例子1:CODE:<style type="text/css"> &l ...
- JIRA官方:JIRA源代码集成
防火墙后的Git 使用Atlassian Stash创建和管理Git存储库,设置细粒度的权限并在代码上协作.这一切—安全.快速.可靠,更重要的是,可以部署在防火墙后面.JIRA问题关键字自动将JIRA ...
- matlab-----均值滤波函数的实现
均值滤波的原理是对图像以一个区域(方形,圆形)等为模板,对该区域内的数据求平均后赋值给区域的中心 这种滤波方式原理简单,但是在滤波的同时会造成图像模糊. 本文将尝试对matlab中的filter2() ...
- poj 1940 Wine Trading in Gergovia_贪心
在一条街上有许多房屋,每间屋子里都住着人,并且都是做葡萄酒生意的商人,他们每天都要决定买卖多少瓶葡萄酒.有趣的地方是,供需总是完美地一致.商人总是能买到自己需要的葡萄酒,并且,他们从来不介意是从哪个商 ...
- Lining Up(在一条直线上的最大点数目,暴力)
Lining Up Time Limit: 2000/1000 MS (Java/Others) Memory Limit: 65536/32768 K (Java/Others) Total ...
- 【STL】算法 — partial_sort
partial_sort接受一个middle迭代器,使序列中的middle-first个最小元素以递增顺序排序.置于[first, middle)内.以下是測试代码: #include <ios ...
- CCTF-PWN1&&PWN3
CCTF-PWN1&&PWN3 PWN1比较有意思,在得到输入的数据后使用shutdown将标准输入,标准输出和标准错误关闭了读写功能的读.也就是不能进行交互了,要保证一次输入就能拿到 ...
- BS常用方法备忘
在B/S项目开发过程中总结的一些常用方法,如:常量.验证方法.服务器控件方法.html控件方法等. ///******************* 说明 ************************ ...
- 华为S5700基础配置----备份和恢复配置文件
一:备份配置文件 设备作为FTP服务器,用户PC作为FTP客户端 # 配置设备的FTP功能及FTP用户信息. <HUAWEI> system-view [HUAWEI] ftp serve ...
- CSS3中轻松实现渐变效果
background: -moz-linear-gradient(top, #8fa1ff, #3757fa); /* Firefox */ background: -webkit-gradient( ...