Warm tip: This article is reproduced from stackoverflow.com, please click
asp.net-web-api2 authorization c# oauth-2.0 owin

Is it possible to access the clientId from an authToken (RequestContext) in WebAPI 2

发布于 2020-04-13 10:10:39

I have implemented Oauth with my WebAPI 2 application and there are several applications access the API. Once authenticated, after making a request whilst sending across the auth token, I can access the user as follows: 

var currentUser = RequestContext.Principal;

When logging in, the clientId was set as follows: 

context.OwinContext.Set<AppClient>("oauth:client", client);

Is there a way to access that client Id? I want to restrict certain actions / controllers to certain clients. Is there a way to do this?

I have tried getting the client as follows: 

var client = Request.GetOwinContext().Get<string>("oauth:client");

but this is not working.

Questioner
trees_are_great
Viewed
65
分享
Nkosi 2017-08-14 22:29

When logging in you can set a claim on the identity in the GrantResourceOwnerCredentials

identity.AddClaim(new Claim("oauth:client", client));

That way it is available once the User Principal's Identity has be set.

You can create an extension method to extract it conveniently 

public static class GenericIdentityExtensions {
    const string ClientIdentifier = "oauth:client";

    /// <summary>
    /// Set the client id claim
    /// </summary>
    /// <param name="identity"></param>
    /// <returns></returns>
    public static bool SetClientId(this IIdentity identity, string clientId) {
        if (identity != null) {
            var claimsIdentity = identity as ClaimsIdentity;
            if (claimsIdentity != null) {
                claimsIdentity.AddClaim(new Claim(ClientIdentifier, clientId));
                return true;
            }
        }
        return false;
    }        

    /// <summary>
    /// Return the client id claim
    /// </summary>
    /// <param name="identity"></param>
    /// <returns></returns>
    public static string GetClientId(this IIdentity identity) {
        if (identity != null) {
            var claimsIdentity = identity as ClaimsIdentity;
            if (claimsIdentity != null) {
                return claimsIdentity.FindFirstOrEmpty(ClientIdentifier);
            }
        }
        return string.Empty;
    }
    /// <summary>
    /// Retrieves the first claim that is matched by the specified type if it exists, String.Empty otherwise.
    /// </summary>
    public static string FindFirstOrEmpty(this ClaimsIdentity identity, string claimType) {
        var claim = identity.FindFirst(claimType);
        return claim == null ? string.Empty : claim.Value;
    }
}

So now once you have the the user principal you can extract the client id from the claims.

var currentUser = RequestContext.Principal;
var client = currentUser.Identity.GetClientId();

Related issues

1
OAuth2
2
Centralize user role verification in laravel
3
Multi tenancy ASP.NET core
4
Azure AD App Service Authorization for a Blazor App in Azure App Svc
5
Allow everyone in RoleBinding for a namespace
6
In wso2 IS XACML policy how to validate role and its permissions
7
Files.ReadWrite ROPC MS Graph API 403 Error Though Scope shows correct authorization
8
Q: OAuth2 for Imgur giving me over capacity status 500 error
9
Creating an event via the Google Calendar API- authorization problem
10
Docker build unable to access ADO artifacts