Passing and verifying the OWIN Bearer token in Query String in WebAPI

前端未结

关注

 3  2044

悲&欢浪女

Short Version: I need to pass and verify the OWIN bearing token as a query parameter rather than in the request header.

How do I then get the method to authorized ba

相关标签:

3条回答

臣服心动

2020-12-31 03:36

I wrote about how that works here: http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/

0 讨论(0)
发布评论:

提交评论
- 加载中...

鱼传尺愫

2020-12-31 03:39

or do it like this

    app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
    {
        Authority = IdentityConfig.Authority,
        RequiredScopes = new[] { "api" },
        TokenProvider = new OAuthBearerAuthenticationProvider
        {
            OnRequestToken = ctx =>
            {
                if (String.IsNullOrWhiteSpace(ctx.Token) && ctx.Request.QueryString.HasValue)
                {
                    NameValueCollection parsedQuery = HttpUtility.ParseQueryString(ctx.Request.QueryString.Value);
                    ctx.Token = parsedQuery["access_token"];
                }

                return Task.FromResult(0);
            }
        }
    });

0 讨论(0)

执念已碎

2020-12-31 03:42

For completeness, here's another neat solution.

Extract:

app.Use(async (context, next) =>
{
    if (context.Request.QueryString.HasValue)
    {
        if (string.IsNullOrWhiteSpace(context.Request.Headers.Get("Authorization")))
        {
            var queryString = HttpUtility.ParseQueryString(context.Request.QueryString.Value);
            string token = queryString.Get("access_token");

            if (!string.IsNullOrWhiteSpace(token))
            {
                context.Request.Headers.Add("Authorization", new[] { string.Format("Bearer {0}", token) });
            }
        }
    }

    await next.Invoke();
});

0 讨论(0)