当前位置：首页 > news >正文

C# OAuth2密码模式接口鉴权

news 来源：原创 2025/6/15 16:34:57

项目场景：

asp.netFramework webApi
C# OAuth2密码模式接口鉴权

1.安装必要 NuGet 包

Install-Package Microsoft.Owin.Security.OAuth
Install-Package Microsoft.Owin.Host.SystemWeb
Install-Package Microsoft.AspNet.WebApi.Owin

2. 配置 OAuth 授权服务器

public class CustomOAuthProvider : OAuthAuthorizationServerProvider
{// 验证客户端（可在此处校验 client_id/client_secret）public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context){context.Validated();return Task.CompletedTask;}// 密码模式核心：验证用户名密码public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context){// 1. 验证用户凭证（实际项目中替换为数据库验证）if (!ValidateUser(context.UserName, context.Password)){context.SetError("invalid_grant", "用户名或密码错误");return;}// 2. 创建身份声明var identity = new ClaimsIdentity(context.Options.AuthenticationType);identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));identity.AddClaim(new Claim(ClaimTypes.Role, "User")); // 添加角色// 3. 创建附加数据（可选）var props = new AuthenticationProperties(new Dictionary<string, string>{{ "client_id", context.ClientId ?? string.Empty }});// 4. 生成令牌var ticket = new AuthenticationTicket(identity, props);context.Validated(ticket);}private bool ValidateUser(string username, string password){// 实际项目：此处查询数据库验证用户return username == "admin" && password == "123456"; // 示例硬编码}
}

3. 配置 OWIN Startup 类 (Startup.cs)

[assembly: OwinStartup(typeof(YourNamespace.Startup))]
namespace YourNamespace
{public class Startup{public void Configuration(IAppBuilder app){// 配置 WebAPIvar config = new HttpConfiguration();WebApiConfig.Register(config);// 配置 OAuth 服务器ConfigureOAuth(app);// 启用 WebAPIapp.UseWebApi(config);}public void ConfigureOAuth(IAppBuilder app){var oAuthOptions = new OAuthAuthorizationServerOptions{AllowInsecureHttp = true, // 开发环境允许 HTTPTokenEndpointPath = new PathString("/token"), // 令牌端点地址AccessTokenExpireTimeSpan = TimeSpan.FromHours(1), // 令牌有效期Provider = new CustomOAuthProvider() // 使用自定义提供程序};// 启用授权服务器app.UseOAuthAuthorizationServer(oAuthOptions);// 启用 Bearer Token 认证app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());}}
}

4. 保护 API 控制器

[Authorize] // 要求认证
[RoutePrefix("api/protected")]
public class ProtectedController : ApiController
{[HttpGet][Route("data")]public IHttpActionResult GetSecureData(){var userName = User.Identity.Name; // 获取当前用户return Ok($"安全数据，用户: {userName}");}
}