AJBM Posted August 4, 2016 at 10:54 AM Report #597977 Posted August 4, 2016 at 10:54 AM Boas! A minha aplicação usa Cookies para o site e bearer token para API. Startup.Auth ... app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, ExpireTimeSpan = TimeSpan.FromDays(1), CookieHttpOnly = true }); OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions() { AllowInsecureHttp = true, TokenEndpointPath = new PathString("/token"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), Provider = new MyAuthServerProvider(), }; // Enable the application to use bearer tokens to authenticate users app.UseOAuthBearerTokens(OAuthServerOptions); ... WebApiConfig public static class WebApiConfig { public static void Register(HttpConfiguration config) { // Web API configuration and services // Configure Web API to use only bearer token authentication. config.SuppressDefaultHostAuthentication(); config.Filters.Add(new HostAuthenticationFilter("Bearer")); .... Eu estou a criar o meu AuthorizeAttribute, para o site (MVC) funcionou bem, para API estou com algumas dúvidas. APIAuthorization .... protected override bool IsAuthorized(HttpActionContext actionContext) { IPrincipal user = System.Web.HttpContext.Current.User; bool isAutorized = true; if (user == null || !user.Identity.IsAuthenticated) { isAutorized = false; } //verificar roles if (isAutorized) { isAutorized = (myRoles == null || myRoles.Any(r => user.IsInRole(r))); } return isAutorized; } ... actionContext só tenho acesso à propriedade RequestContext em debug, não sei o porque. AuthenticationType do user é ApplicationCookie, mas como é do lado da API não devia ser bearer token?
AJBM Posted September 8, 2016 at 07:31 PM Author Report #598746 Posted September 8, 2016 at 07:31 PM https://leastprivilege.com/2013/11/25/dissecting-the-web-api-individual-accounts-templatepart-1-overview/
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now