WebApi: Token

Is there any way to user both Token based authentication and Windows authentication in a web api application?

We have a "standard" web-api-application using token based (bearer) authentication.

The OAuth-Configuration looks like this:

OAuthOptions = new OAuthAuthorizationServerOptions {
     TokenEndpointPath = new PathString("/Token"),
     Provider = new ApplicationOAuthProvider(PublicClientId),
     AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
};
app.UseOAuthBearerTokens(OAuthOptions);

Everything works fine. When calling the "/Token"-endpoint you get your token and are authorized.

Now I want to add windows authentication, to enable "signle-sign-on" with the logged in user of the windows-os of the client calling the web-api.

What I did so far:

Changed the web.config and added

<system.web>
  <identity impersonate="true" />
  <validation validateIntegratedModeConfiguration="false" />
</system.web>

Now every Request is authenticated with the windows user, without using the token process.

So I added anoother provider, to log in with your windows identity and get a token:

app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions {
    TokenEndpointPath = new PathString("/IdentityToken"),
    Provider = new WindowsIdenityAuthorizationServerProvider(),
    AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
});

The provider should do almost the same as the ApplicationOAuthProvider that generates the token for a request with username and password, except the validation of the password. Unfortunatly, there is no user/identity set in the request against the "/IdentityToken"-endpoint.

Can anyone help me with this or am I completely on the wrong track?

链接地址: http://www.djcxy.com/p/22426.html

上一篇: ASP.NET 5中的Web API身份验证

下一篇: WebApi：令牌