OWIN中IIS主机的默认OAuth AccessTokenFormat实现是什么?

Web API 2 OWIN承载令牌认证 – AccessTokenFormat null?

默认/令牌端点工作正常,我可以从那里获得令牌,但我需要在票证上使用AccessTokenFormat.Protect方法为externalLogin生成accessToken。

基本上我的实现与这个实现几乎相同,我遇到了同样的问题,即AccessTokenFormat为null。 从文档中说:

用于保护访问令牌中包含的信息的数据格式。 如果应用程序未提供,则默认数据保护提供程序依赖于主机服务器。 IIS上的SystemWeb主机将使用ASP.NET机器密钥数据保护,而HttpListener和其他自托管服务器将使用DPAPI数据保护。 如果分配了不同的访问令牌提供程序或格式,则必须将兼容的实例分配给资源服务器的OAuthBearerAuthenticationOptions.AccessTokenProvider或OAuthBearerAuthenticationOptions.AccessTokenFormat属性。

在我看来,如果未分配AccessTokenFormat,主机将为其提供基本实现。 但我认为它不适用于此。 有没有办法找到ISecureDataFormatAccessTokenFormat的默认实现并手动将其分配给变量?

或者有没有人有其他想法如何解决这个问题?

更新:我获取katana的源代码并找到OAuthAuthorizationServerMiddleware类,从源代码我可以看到以下代码:

if (Options.AccessTokenFormat == null) { IDataProtector dataProtecter = app.CreateDataProtector( typeof(OAuthAuthorizationServerMiddleware).Namespace, "Access_Token", "v1"); Options.AccessTokenFormat = new TicketDataFormat(dataProtecter); } 

在我的Startup.Auth中,这是我的代码:

  static Startup() { PublicClientId = "self"; UserManagerFactory = () => new UserManager(new UserStore(new ApplicationDbContext())); OAuthOptions = new OAuthAuthorizationServerOptions() { TokenEndpointPath = new PathString("/Token"), AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory), AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), AllowInsecureHttp = true }; OAuthBearerOptions = new OAuthBearerAuthenticationOptions(); OAuthBearerOptions.AccessTokenFormat = OAuthOptions.AccessTokenFormat; OAuthBearerOptions.AccessTokenProvider = OAuthOptions.AccessTokenProvider; OAuthBearerOptions.AuthenticationMode = OAuthOptions.AuthenticationMode; OAuthBearerOptions.AuthenticationType = OAuthOptions.AuthenticationType; OAuthBearerOptions.Description = OAuthOptions.Description; OAuthBearerOptions.Provider = new CustomBearerAuthenticationProvider(); OAuthBearerOptions.SystemClock = OAuthOptions.SystemClock; } public void ConfigureAuth(IAppBuilder app) { // Configure the db context and user manager to use a single instance per request app.CreatePerOwinContext(ApplicationDbContext.Create); app.CreatePerOwinContext(ApplicationUserManager.Create); app.UseOAuthAuthorizationServer(OAuthOptions); // Enable the application to use bearer tokens to authenticate users app.UseOAuthBearerTokens(OAuthOptions); // Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider // Configure the sign in cookie app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { OnValidateIdentity = SecurityStampValidator.OnValidateIdentity( validateInterval: TimeSpan.FromMinutes(30), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) } }); // Use a cookie to temporarily store information about a user logging in with a third party login provider app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); 

}

我在WebApiConfig中也有以下内容

 // Web API configuration and services // Configure Web API to use only bearer token authentication. config.SuppressDefaultHostAuthentication(); config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType)); 

我不确定为什么app.UseOAuthAuthorizationServer(OAuthOptions); 没有设置accessTokenFormat

我不确定为什么它没有正确设置,但我拿出代码并将其分配给我自己。 这是我的最终工作代码如下:

  public void ConfigureAuth(IAppBuilder app) { // Configure the db context and user manager to use a single instance per request app.CreatePerOwinContext(ApplicationDbContext.Create); app.CreatePerOwinContext(ApplicationUserManager.Create); OAuthOptions = new OAuthAuthorizationServerOptions() { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory), AccessTokenFormat = new TicketDataFormat(app.CreateDataProtector( typeof(OAuthAuthorizationServerMiddleware).Namespace, "Access_Token", "v1")), RefreshTokenFormat = new TicketDataFormat(app.CreateDataProtector( typeof(OAuthAuthorizationServerMiddleware).Namespace, "Refresh_Token", "v1")), AccessTokenProvider = new AuthenticationTokenProvider(), RefreshTokenProvider = new AuthenticationTokenProvider(), AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), AllowInsecureHttp = true }; OAuthBearerOptions = new OAuthBearerAuthenticationOptions(); OAuthBearerOptions.AccessTokenFormat = OAuthOptions.AccessTokenFormat; OAuthBearerOptions.AccessTokenProvider = OAuthOptions.AccessTokenProvider; OAuthBearerOptions.AuthenticationMode = OAuthOptions.AuthenticationMode; OAuthBearerOptions.AuthenticationType = OAuthOptions.AuthenticationType; OAuthBearerOptions.Description = OAuthOptions.Description; OAuthBearerOptions.Provider = new CustomBearerAuthenticationProvider(); OAuthBearerOptions.SystemClock = OAuthOptions.SystemClock; app.UseOAuthAuthorizationServer(OAuthOptions); app.UseOAuthBearerAuthentication(OAuthBearerOptions); // Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider // Configure the sign in cookie app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { OnValidateIdentity = SecurityStampValidator.OnValidateIdentity( validateInterval: TimeSpan.FromMinutes(30), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) } }); // Use a cookie to temporarily store information about a user logging in with a third party login provider app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); }