Cómo usar OAuthAuthorizationServerProvider con Web API
He seguido algunos tutoriales para la autenticación de API web con OWIN. La mayoría de estos tutoriales personalizan OAuthAuthorizationServerProvider. Sin embargo, cuando depuro "F11" no se alcanza la clase OAuthAuthorizationServerProvider
private void ConfigureAuth(IAppBuilder app)
{
//
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
});
//
app.UseExternalSignInCookie(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ExternalCookie);
OAuthAuthorizationServerOptions authorizationServerOption = new OAuthAuthorizationServerOptions()
{
/*
* for demo only
* to enforce the Token retrieval over SSL (any non-https requests for requesting the Token will be denied)
* set AllowInsecureHttp = false
*/
// AllowInsecureHttp = true,
// Add token to the API dir
//TokenEndpointPath = new PathString("/token"),
//
//Provider = new AWOAuthServerProvider(),
// For test only 1 Day token expiry
//AccessTokenExpireTimeSpan = TimeSpan.FromDays(1)
};
authorizationServerOption.AllowInsecureHttp = true;
authorizationServerOption.TokenEndpointPath = new PathString("/token");
/*break point*/
authorizationServerOption.Provider = new AWOAuthServerProvider();
authorizationServerOption.AccessTokenExpireTimeSpan = TimeSpan.FromDays(1);
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(authorizationServerOption);
// Token Generation
app.UseOAuthAuthorizationServer(authorizationServerOption);
//Token Consumption
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
});
}
¿Cómo puedo usar o llamar al método al lado de la clase OAuthAuthorizationServerProvider?
public class AWOAuthServerProvider : OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication
(OAuthValidateClientAuthenticationContext context)
{
await Task.FromResult(context.Validated());
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (!ValidCredential(context.Password,context.UserName))
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
identity.AddClaim(new Claim("username", context.UserName));
context.Validated(identity);
}
Este es un método auxiliar para la credencial válida de Active Directory
private bool ValidCredential (String password,String username)
{
string[] NTId = { "", "" };
string netDomain = "";
string netUserName = "";
bool isValid = false;
//
// context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
/*****************************************************************************************/
if (username.Equals(null) || username.Equals(""))
{
//Request client Network username
try
{
NTId = (HttpContext.Current.Request.LogonUserIdentity.Name)
.Replace(@"\\", @"\")
.Split('\\');
}
// error
catch (Exception e)
{
return false;
}
}
if (NTId.Length == 2)
{
netDomain = NTId[0];
netUserName = NTId[1];
}
try
{
using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, netDomain))
{
isValid = principalContext.ValidateCredentials(netUserName, password);
}
}
// error
catch (Exception e)
{
return false;
}
return isValid;
}
Thinks