我目前在Xamarin.Forms中构建了我的第一个移动应用程序。该应用程序有一个Facebook登录,并在用户登录后,我存储的是Facebook标记,因为我想用它作为承载令牌来验证任何针对API的进一步请求。如何在asp.net核心2中验证facebook web api
该API是一个.NET核心2.0项目,我很努力获得认证工作。
在我的Xamarin.Forms应用程序中,facebook令牌被设置为带有以下代码的载体令牌;
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", UserToken);
据我所知,这正确地设置请求标头中的不记名令牌。 我已经跟我的一位同事谈过这件事了,他让我看看Identityserver4应该支持这一点。但就目前而言,我决定不这样做,因为对我来说,在这一刻,实施这个是开销。所以我决定留下这个想法,使用Facebook令牌作为不记名令牌并验证它。
对我来说,下一步是找到一种方法来验证传入的持票人令牌与Facebook以检查它是否(仍然)有效。 所以我为我的API项目配置了启动,如下所示;
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddFacebook(o =>
{
o.AppId = "MyAppId";
o.AppSecret = "MyAppSecret";
});
services.AddMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
//Enable authentication
app.UseAuthentication();
//Enable support for default files (eg. default.htm, default.html, index.htm, index.html)
app.UseDefaultFiles();
//Configure support for static files
app.UseStaticFiles();
app.UseMvc();
}
}
但是,当我使用邮递员做请求和测试,如果一切正常工作,我收到以下错误;
InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found.
我在这里做错了什么?
编辑: 在同时,如果一直忙着试图找到解决方案。在Google上阅读很多内容之后,似乎添加AuthorizationHandler是目前的方式。从那里开始,我可以向Facebook发送请求以检查令牌是否有效。我已将以下代码添加到我的ConfigureServices方法中;
public void ConfigureServices(IServiceCollection services)
{
//Other code
services.AddAuthorization(options =>
{
options.AddPolicy("FacebookAuthentication", policy => policy.Requirements.Add(new FacebookRequirement()));
});
services.AddMvc();
}
而且我创建了一个FacebookRequirement,它可以帮助我处理政策;
public class FacebookRequirement : AuthorizationHandler<FacebookRequirement>, IAuthorizationRequirement
{
private readonly IHttpContextAccessor contextAccessor;
public FacebookRequirement(IHttpContextAccessor contextAccessor)
{
this.contextAccessor = contextAccessor;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FacebookRequirement requirement)
{
//var socialConfig = new SocialConfig{Facebook = new SocialApp{AppId = "MyAppId", AppSecret = "MyAppSecret" } };
//var socialservice = new SocialAuthService(socialConfig);
//var result = await socialservice.VerifyFacebookTokenAsync()
var httpContext = contextAccessor.HttpContext;
if (httpContext != null && httpContext.Request.Headers.ContainsKey("Authorization"))
{
var token = httpContext.Request.Headers.Where(x => x.Key == "Authorization").ToList();
}
context.Succeed(requirement);
return Task.FromResult(0);
}
}
现在我遇到的问题是,我不知道在哪里得到IHttpContextAccessor。这是被注入某种方式?我甚至在正确的道路上解决这个问题?
纠正我,如果我错了,但这意味着,在您的服务的每一个请求,你向Facebook发出一个请求。这听起来不太有效。 – Stilgar