我已经用WebAPI 2应用程序实现了Oauth,并且有几个应用程序可以访问API。验证通过后,在通过auth令牌发送请求的同时,可以按以下方式访问用户:
var currentUser = RequestContext.Principal;
登录时,clientId
设置如下:
context.OwinContext.Set<AppClient>("oauth:client", client);
有没有办法访问该客户端ID?我想将某些操作/控制器限制为某些客户端。有没有办法做到这一点?
我尝试过如下方式获取客户端:
var client = Request.GetOwinContext().Get<string>("oauth:client");
但这不起作用。
登录时,您可以在 GrantResourceOwnerCredentials
identity.AddClaim(new Claim("oauth:client", client));
这样,一旦设置了用户主体的身份,它便可用。
您可以创建扩展方法以方便地提取它
public static class GenericIdentityExtensions {
const string ClientIdentifier = "oauth:client";
/// <summary>
/// Set the client id claim
/// </summary>
/// <param name="identity"></param>
/// <returns></returns>
public static bool SetClientId(this IIdentity identity, string clientId) {
if (identity != null) {
var claimsIdentity = identity as ClaimsIdentity;
if (claimsIdentity != null) {
claimsIdentity.AddClaim(new Claim(ClientIdentifier, clientId));
return true;
}
}
return false;
}
/// <summary>
/// Return the client id claim
/// </summary>
/// <param name="identity"></param>
/// <returns></returns>
public static string GetClientId(this IIdentity identity) {
if (identity != null) {
var claimsIdentity = identity as ClaimsIdentity;
if (claimsIdentity != null) {
return claimsIdentity.FindFirstOrEmpty(ClientIdentifier);
}
}
return string.Empty;
}
/// <summary>
/// Retrieves the first claim that is matched by the specified type if it exists, String.Empty otherwise.
/// </summary>
public static string FindFirstOrEmpty(this ClaimsIdentity identity, string claimType) {
var claim = identity.FindFirst(claimType);
return claim == null ? string.Empty : claim.Value;
}
}
因此,一旦有了用户主体,就可以从声明中提取客户端ID。
var currentUser = RequestContext.Principal;
var client = currentUser.Identity.GetClientId();