问题描述

我有一个基于Web的API应用当前设置使用的惊人Thinktecture IdentityModel 4.5。

I have a Web API based application currently set up using the amazing Thinktecture IdentityModel 4.5.

它设置了基于声明的身份，接受对Authorization头发送的基本身份验证凭据。 JavaScript客户端保存返回会话令牌，并包括其通过的会话 pceded作为该计划授权头$ P $使用这个后续的请求。

It is set up for claims-based authentication, accepting a Basic auth credential sent in on the Authorization header. The javascript client saves the returned session token and uses this for subsequent requests by including it in the Authorization header preceded by Session as the scheme.

JavaScript客户端也节省了令牌的cookie，检索如果窗口关闭并重新打开迅速，或当新窗口打开prevent不必重新验证用户。该cookie被命名为 sessionToken ，它的价值是实际的令牌。

The javascript client also saves the token to a cookie, for retrieval if the window is closed and reopened quickly, or when new windows are opened to prevent the user having to re-authenticate. The cookie is named sessionToken and it's value is the actual token.

这一切奇妙的作品很好。

It all works wonderfully well.

问题是我有一个链接到一个直接地址（/ API /控制器/ ID / pdfdocument），并打开它在新窗口中的应用程序页面上的链接（目标：_blank）。因此，有没有办法，包括在该请求的授权头。然而，cookie将被转移了正确的会话仍处于活动状态。

The problem is I have a link on the app page that links to a direct address (/api/controller/id/pdfdocument) and opens it in a new window (target: _blank). Therefore there is no way to include the Authorization header in this request. However, the cookie is transferred over correctly as the session is still active.

我试图映射添加到收藏AuthenticationConfig.Mappings增加对从cookie收集令牌支持，但是我只是无法得到正确的配置得到这个工作，并没有带能够找到任何其他资源联机。我假设有一些非常简单的，需要得到固定。

I have tried to add a mapping to the AuthenticationConfig.Mappings collection to add support for collecting the token from the cookie, however I just can't get the configuration right to get this working, and havn't been able to find any other resources online. I'm assuming there's something very simple that needs to get fixed.

我的code：

    private static AuthenticationConfiguration CreateAuthenticationConfiguration()
    {
        var sessionTokenConfiguration = new SessionTokenConfiguration();
        sessionTokenConfiguration.EndpointAddress = "/Authenticate";
        sessionTokenConfiguration.DefaultTokenLifetime = new TimeSpan(1, 0, 0);

        var authenticationConfig = new AuthenticationConfiguration
        {
            ClaimsAuthenticationManager = _authenticationManager,
            RequireSsl = false,
            EnableSessionToken = true,
            SessionToken = sessionTokenConfiguration,
            SendWwwAuthenticateResponseHeaders = false
        };

        var securityTokenHandler = new Thinktecture.IdentityModel.Tokens.Http.BasicAuthenticationWithRoleSecurityTokenHandler(_userService.ValidateUser, _userService.GetRolesForUser);
        securityTokenHandler.RetainPassword = false;
        var realm = "localhost";

        var authorizationMapping = new AuthenticationOptionMapping
        {
            Options = AuthenticationOptions.ForAuthorizationHeader(scheme: "Basic"),
            TokenHandler = new System.IdentityModel.Tokens.SecurityTokenHandlerCollection { securityTokenHandler },
            Scheme = AuthenticationScheme.SchemeAndRealm("Basic", realm)
        };
        authenticationConfig.AddMapping(authorizationMapping);

        var cookieMapping = new AuthenticationOptionMapping
        {
            Options = AuthenticationOptions.ForCookie("sessionToken"),
            TokenHandler = new System.IdentityModel.Tokens.SecurityTokenHandlerCollection { securityTokenHandler },
            Scheme = AuthenticationScheme.SchemeOnly(scheme: "Session")
        };
        authenticationConfig.AddMapping(cookieMapping);

        //authenticationConfig.AddBasicAuthentication(_userService.ValidateUser, _userService.GetRolesForUser);

        return authenticationConfig;
    }

那么这个配置被应用，像这样：

This configuration is then applied like so:

HttpConfiguration config;
var authenticationConfig = CreateAuthenticationConfiguration();
config.MessageHandlers.Add(new AuthenticationHandler(authenticationConfig));

这是饼干看起来像在请求头是什么：

And this is what the cookie looks like in the request header:

Cookie: sessionToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjEzNzM2NDA5NjgsImlzcyI6InNlc3Npb24gaXNzdWVyIiwiYXVkIjoiaHR0cDovL3Nlc3Npb24udHQvIiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZSI6ImEiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL2F1dGhlbnRpY2F0aW9ubWV0aG9kIjoiaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93cy8yMDA4LzA2L2lkZW50aXR5L2F1dGhlbnRpY2F0aW9ubWV0aG9kL3Bhc3N3b3JkIiwiaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93cy8yMDA4LzA2L2lkZW50aXR5L2NsYWltcy9hdXRoZW50aWNhdGlvbmluc3RhbnQiOiIyMDEzLTA3LTEyVDEzOjU2OjA4LjA5N1oiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJBZG1pbmlzdHJhdG9yIiwiSWQiOiIyIn0.UlPeD9HzduQfwHE7NuXi9eMVo40hypi_LBK-f76VYFI; username=a

任何帮助AP最多preciated！

Any help most appreciated!

推荐答案

所以等待了几分钟，没有收到回复，并拼命地需要这个功能，我一头扎进Thinktecture IdentityModel 4.5源$ C ​​$ C，看看发生了什么事情后，似乎这个功能实际上并不支持。它不仅是不支持，但是从它的外观的cookie映射实际上没有落实。

So after waiting a few minutes and receiving no replies and desperately needing this functionality I dived into the Thinktecture IdentityModel 4.5 source code to see what was going on and it seems this feature is not actually supported. Not only is it not supported but from the looks of it cookie mapping is not actually implemented.

我分叉库，并提出了一些小的改动，以便此功能：

I forked the repository and made a few small changes to allow for this feature:https://github.com/ibraheemhlaiyil/Thinktecture.IdentityModel.45

和发送Thinktecture如此多米尼克·拜尔在拉要求：

and sent Dominick Baier of Thinktecture this in a pull request:https://github.com/thinktecture/Thinktecture.IdentityModel.45/pull/95

Cookie的使用有它的缺点，似乎Thinktecture试图远离他们尽可能的，但我不能拿出一个不同的解决我的问题 - 需要打开一个新的一个JavaScript客户端Web应用程序窗口/标签和维持新窗口/标签的认证会话。

Cookie usage has it's disadvantages, and it seems Thinktecture are trying to stay away from them as far as possible, however I could not come up with a different solution to my problem - a javascript client web applications that needs to open a new window/tab and maintain the authenticated session in the new window/tab.

如果您想要使用此功能，您只需设置 SessionTokenConfiguration 对象的新的 CookieName 属性。 IdentityModel使用 HeaderName 属性来确定来查找身份验证数据包头其中。以同样的方式，如果 CookieName 属性设置这个决定了cookie的名称抬头的认证数据，如果没有认证数据是在标头中找到。

If you want to use this feature, you simply set the new CookieName property on the SessionTokenConfiguration object. IdentityModel uses the HeaderName property to determine which header to look up for authentication data. In the same way, if the CookieName property is set this determines which cookie name is looked up for authentication data if no authentication data was found on the header.

在下面的例子中，验证数据寻找名为饼干的 sessionToken 的，如果没有验证数据上发现的授权的头。

In the example below, authentication data is looked for on the cookie named sessionToken if no authentication data is found on the Authorization header.

    private static AuthenticationConfiguration CreateAuthenticationConfiguration()
    {

        var authenticationConfig = new AuthenticationConfiguration
        {
            ClaimsAuthenticationManager = _authenticationManager,
            RequireSsl = false,
            SendWwwAuthenticateResponseHeaders = false,
            EnableSessionToken = true,
            SessionToken = new SessionTokenConfiguration
            {
                EndpointAddress = "/Authenticate",
                DefaultTokenLifetime = new TimeSpan(1, 0, 0),
                HeaderName = "Authorization",
                CookieName = "sessionToken",
                SigningKey = CryptoRandom.CreateRandomKey(32)
            }
        };

        authenticationConfig.AddBasicAuthentication(_userService.ValidateUser, _userService.GetRolesForUser);

        return authenticationConfig;
    }

与之前一样，此配置您的应用程序中应用像这样启动：

As before, this configuration is applied like so during your application start up:

HttpConfiguration config;
var authenticationConfig = CreateAuthenticationConfiguration();
config.MessageHandlers.Add(new AuthenticationHandler(authenticationConfig));

Cookie身份验证数据具有完全相同的形式在Authorization头发送的数据，因此，如果发送cookie的应该是这样的：

The cookie authentication data has the exact same form as the data sent in the Authorization header, so if sent, the cookie should look like:

Cookie: sessionToken=Session eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjEzNzM2NDA5NjgsImlzcyI6InNlc3Npb24gaXNzdWVyIiwiYXVkIjoiaHR0cDovL3Nlc3Npb24udHQvIiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZSI6ImEiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL2F1dGhlbnRpY2F0aW9ubWV0aG9kIjoiaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93cy8yMDA4LzA2L2lkZW50aXR5L2F1dGhlbnRpY2F0aW9ubWV0aG9kL3Bhc3N3b3JkIiwiaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93cy8yMDA4LzA2L2lkZW50aXR5L2NsYWltcy9hdXRoZW50aWNhdGlvbmluc3RhbnQiOiIyMDEzLTA3LTEyVDEzOjU2OjA4LjA5N1oiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJBZG1pbmlzdHJhdG9yIiwiSWQiOiIyIn0.UlPeD9HzduQfwHE7NuXi9eMVo40hypi_LBK-f76VYFI

希望有人认为这有点用！

Hope someone finds this of some use!

这篇关于Thinktecture IdentityModel AuthenticationConfiguration映射饼干 - 怎么样？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！