DotNetOpenAuth实践之WebApi资源服务器

系列目录：

DotNetOpenAuth实践系列（源码在这里）

上篇我们讲到WCF服务作为资源服务器接口提供数据服务，那么这篇我们介绍WebApi作为资源服务器，下面开始：

一、环境搭建

1、新建WebAPI项目



2、利用Nuget添加DotNetOpenAuth



注意：

Nuget里面的 NotNetOpenAuth 5.0.0 alpha3有bug，要到github(DotNetOpenAuth)里面下源码自己编译，用编译的dll替换掉Nuget引用的dll

3、把上次制作的证书文件拷贝的项目中



二、关键代码编写

1、公共代码

ResourceServerConfiguration

using System.Security.Cryptography.X509Certificates;

namespace WebApiResourcesServer.Code
{
public class ResourceServerConfiguration
{
public X509Certificate2 EncryptionCertificate { get; set; }
public X509Certificate2 SigningCertificate { get; set; }
}
}

Common.cs

namespace WebApiResourcesServer.Code
{
public class Common
{
public static ResourceServerConfiguration Configuration = new ResourceServerConfiguration();
}
}

Global.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using System.Web;
using System.Web.Http;
using System.Web.Mvc;
using System.Web.Optimization;
using System.Web.Routing;
using WebApiResourcesServer.Code;

namespace WebApiResourcesServer
{
public class WebApiApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
Common.Configuration = new ResourceServerConfiguration
{
EncryptionCertificate = new X509Certificate2(Server.MapPath("~/Certs/idefav.pfx"), "a"),
SigningCertificate = new X509Certificate2(Server.MapPath("~/Certs/idefav.cer"))
};
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
}
}
}

注意：

这里有个地方要注意，就是认证服务器上面用公钥加密，在资源服务器要用私钥解密，所以ResourceServeConfiguration里面传进去的证书是和认证服务器里面的是对调的

2、重写DelegatingHandler

using DotNetOpenAuth.OAuth2;
using System;
using System.Net.Http;
using System.Security.Cryptography;
using System.Security.Principal;
using System.Threading;
using System.Threading.Tasks;
using System.Web;

namespace WebApiResourcesServer.Code
{
public class OAuth2Handler : DelegatingHandler
{
private static async Task<IPrincipal> VerifyOAuth2(HttpRequestMessage httpDetails, params string[] requiredScopes)
{
// for this sample where the auth server and resource server are the same site,
// we use the same public/private key.
var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer((RSACryptoServiceProvider)Common.Configuration.SigningCertificate.PublicKey.Key, (RSACryptoServiceProvider)Common.Configuration.EncryptionCertificate.PrivateKey));
return await resourceServer.GetPrincipalAsync(httpDetails, requiredScopes: requiredScopes);
}

protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (request.Headers.Authorization != null && request.Headers.Authorization.Scheme == "Bearer")
{

var principal =VerifyOAuth2(request);

if (principal.Result != null)
{
HttpContext.Current.User = principal.Result;
Thread.CurrentPrincipal = principal.Result;
}

}

return base.SendAsync(request, cancellationToken);
}

}
}

3、App_Start/WebApiConfig.cs里面添加OAuthHandler

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web.Http;
using WebApiResourcesServer.Code;

namespace WebApiResourcesServer
{
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Web API 配置和服务
config.MessageHandlers.Add(new OAuth2Handler());
// Web API 路由
config.MapHttpAttributeRoutes();

config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}
}

4、设置要验证的接口



三、测试

打开解决方案属性，设置启动项目，启动认证服务器和WebApi资源服务器



利用Post工具访问认证服务器获取access_token



本次获取的Token的有效期为5分钟，超过5分钟要重新获取

用access_token范围WebAPI接口



我们手动改一下Token





下篇我们看一下Webform的ashx做的接口如何做资源服务器实现Authorization