zoukankan      html  css  js  c++  java
  • 购物车Demo,前端使用AngularJS,后端使用ASP.NET Web API(3)--Idetity,OWIN前后端验证

    chsakell分享了前端使用AngularJS,后端使用ASP.NET Web API的购物车案例,非常精彩,这里这里记录下对此项目的理解。


    文章:
    http://chsakell.com/2015/01/31/angularjs-feat-web-api/
    http://chsakell.com/2015/03/07/angularjs-feat-web-api-enable-session-state/

    源码:
    https://github.com/chsakell/webapiangularjssecurity

    本系列共三篇,本篇是第三篇。


    购物车Demo,前端使用AngularJS,后端使用ASP.NET Web API(1)--后端
    购物车Demo,前端使用AngularJS,后端使用ASP.NET Web API(2)--前端,以及前后端Session
    购物车Demo,前端使用AngularJS,后端使用ASP.NET Web API(3)--Idetity,OWIN前后端验证

    这里会涉及到三方面的内容:

    1、ASP.NET Identity & Entity Framework

    ● Identity User
    ● User Mnager

    2、OWIN Middleware

    ● Authorization Server
    ● Bearer Auhentication

    3、AngularJS

    ● Generate Tokens
    ● Creae authorized requests


    1、ASP.NET Identity & Entity Framework

    首先安装Microsoft ASP.NET Identity EntityFramework。

    添加一个有关用户的领域模型,继承IdentityUser。

    public class AppStoreUser : IdentityUser
    {
        ...
    }

    配置用户,继承EntityTypeConfiguration<T>

    public class AppStoreUserConfiguraiton : EntityTypeConfiguration<AppStoreUser>
    {
        public AppStoreUserConfiguration()
        {
            ToTable("Users");
        }
    }

    然后让上下文继承Identity特有的上下文类。

    public class StoreContext : IdentityDbContext<AppStoreUser>
    {
        public StoreContext() : base("StoreContext", thrwoIfVISchema: false)
        {
            protected override void OnModelCreating(DbModelBuilder modelBuilder)
            {
                modelBuilder.Entity<IdentityUserLogin>().HasKey<string>(l => l.UserId);
                modelBuilder.Entity<IdentityRole>().HasKey<string>(r => r.Id);
                modelBuilder.Entity<IdentityUserRole>().HasKey(r => new { r.RoleId, r.UserId });
    
                modelBuilder.Configurations.Add(new AppStoreUserConfiguration());
                modelBuilder.Configurations.Add(new CategoryConfiguration());
                modelBuilder.Configurations.Add(new OrderConfiguration());
            }      
        }
    }

    继承Identity的UserManager类:

    public class AppStoreUserManager : UserManager<AppStoreUser>
    {
        public AppStoreUserManager(IUserStore<AppStoreUser> store) : base(store)
        {}
    }

    2、OWIN Middleware

    在NuGet中输入owin,确保已经安装如下组件:

    Microsoft.Owin.Host.SystemWeb
    Microsoft.Owin
    Microsoft ASP.NET Web API 2.2 OWIN
    Microsoft.Owin.Security
    Microsoft.Owin.Security.OAth
    Microsoft.Owin.Security.Cookies (optional)
    Microsoft ASP.NET Identity Owin
    OWIN

    在项目根下创建Startup.cs部分类。

    [assembly: OwinStartup(typeof(Store.Startup))]
    namespace Store
    {
        public partial class Startup
        {
            public void Configuration(IAppBuilder app)
            {
                ConfigureStoreAuthentication(app);
            }
        }
    }

    在App_Start中创建Startup.cs部分类。

    //启用OWIN的Bearer Token Authentication
    public partial class Startup
    {
        public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
    
        public static string PublicClientId { get; private set; }
    
        public void ConfigureStoreAuthentication(IAppBuilder app)
        {
            // User a single instance of StoreContext and AppStoreUserManager per request
            app.CreatePerOwinContext(StoreContext.Create);
            app.CreatePerOwinContext<AppStoreUserManager>(AppStoreUserManager.Create);
    
            // Configure the application for OAuth based flow
            PublicClientId = "self";
            OAuthOptions = new OAuthAuthorizationServerOptions
            {
                TokenEndpointPath = new PathString("/Token"),
                Provider = new ApplicationOAuthProvider(PublicClientId),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(10),
                AllowInsecureHttp = true
            };
    
            app.UseOAuthBearerTokens(OAuthOptions);
        }
    }

    在Identity用户管理类中添加如下代码:

    public class AppStoreUserManager : UserManager<AppStoreUser>
    {
        public AppStoreUserManager(IUserStore<AppStoreUser> store)
            : base(store)
        {
        }
    
        public static AppStoreUserManager Create(IdentityFactoryOptions<AppStoreUserManager> options, IOwinContext context)
        {
            var manager = new AppStoreUserManager(new UserStore<AppStoreUser>(context.Get<StoreContext>()));
    
            // Configure validation logic for usernames
            manager.UserValidator = new UserValidator<AppStoreUser>(manager)
            {
                AllowOnlyAlphanumericUserNames = false,
                RequireUniqueEmail = true
            };
    
            // Password Validations
            manager.PasswordValidator = new PasswordValidator
            {
                RequiredLength = 6,
                RequireNonLetterOrDigit = false,
                RequireDigit = false,
                RequireLowercase = true,
                RequireUppercase = true,
            };
    
            var dataProtectionProvider = options.DataProtectionProvider;
            if (dataProtectionProvider != null)
            {
                manager.UserTokenProvider = new DataProtectorTokenProvider<AppStoreUser>(dataProtectionProvider.Create("ASP.NET Identity"));
            }
    
            return manager;
        }
    
        public async Task<ClaimsIdentity> GenerateUserIdentityAsync(AppStoreUser user, string authenticationType)
        {
            var userIdentity = await CreateIdentityAsync(user, authenticationType);
    
            return userIdentity;
        }
    }

    当在API中需要获取用户的时候,就会调用以上的代码,比如:

    Request.GetOwinContext().GetUserManager<AppStoreUserManager>();

    为了能够使用OWIN的功能,还需要实现一个OAuthAuthorizationServerProvider。

    public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider
    {
        private readonly string _publicClientId;
    
        public ApplicationOAuthProvider(string publicClientId)
        {
            if (publicClientId == null)
            {
                throw new ArgumentNullException("publicClientId");
            }
    
            _publicClientId = publicClientId;
        }
    
        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
        {
            var userManager = context.OwinContext.GetUserManager<AppStoreUserManager>();
    
            AppStoreUser user = await userManager.FindAsync(context.UserName, context.Password);
    
            if (user == null)
            {
                context.SetError("invalid_grant", "Invalid username or password.");
                return;
            }
    
            ClaimsIdentity oAuthIdentity = await userManager.GenerateUserIdentityAsync(user, OAuthDefaults.AuthenticationType);
            AuthenticationProperties properties = new AuthenticationProperties(); 
            AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
            context.Validated(ticket);
        }
    
        public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
        {
            if (context.ClientId == null)
            {
                context.Validated();
            }
    
            return Task.FromResult<object>(null);
        }
    }


    OWIN这个中间件的工作原理大致是:

    →对Token的请求过来
    →OWIN调用以上的GrantResourceOwnerCredentials方法
    →OAuthAuthorizationServerProvider获取UerManager的实例
    →OAuthAuthorizationServerProvider创建access token
    →OAuthAuthorizationServerProvider创建access token给响应
    →Identity的UserManager检查用户的credentials是否有效
    →Identity的UserManager创建ClaimsIdentity

    接着,在WebApiConfig中配置,让API只接受bearer token authentication。

    public static class WebApiConfig
    {
        public static void Register(HttpConfiguration config)
        {
            // Web API configuration and services
            // Configure Web API to use only bearer token authentication.
            config.SuppressDefaultHostAuthentication();
            config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
    
            // Web API routes
            config.MapHttpAttributeRoutes();
    
        }
    }

    在需要验证的控制器上加上Authorize特性。

    [Authorize]
    public class OrdersController : ApiController
    {}

    AccountController用来处理用户的相关事宜。

    [Authorize]
    [RoutePrefix("api/Account")]
    public class AccountController : ApiController
    {
        //private const string LocalLoginProvider = "Local";
        private AppStoreUserManager _userManager;
    
        public AccountController()
        {
        }
    
        public AccountController(AppStoreUserManager userManager,
            ISecureDataFormat<AuthenticationTicket> accessTokenFormat)
        {
            UserManager = userManager;
            AccessTokenFormat = accessTokenFormat;
        }
    
        public AppStoreUserManager UserManager
        {
            get
            {
                return _userManager ?? Request.GetOwinContext().GetUserManager<AppStoreUserManager>();
            }
            private set
            {
                _userManager = value;
            }
        }
    
        public ISecureDataFormat<AuthenticationTicket> AccessTokenFormat { get; private set; }
    
    
        // POST api/Account/Register
        [AllowAnonymous]
        [Route("Register")]
        public async Task<IHttpActionResult> Register(RegistrationModel model)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }
    
            var user = new AppStoreUser() { UserName = model.Email, Email = model.Email };
    
            IdentityResult result = await UserManager.CreateAsync(user, model.Password);
    
            if (!result.Succeeded)
            {
                return GetErrorResult(result);
            }
    
            return Ok();
        }
    
    
        protected override void Dispose(bool disposing)
        {
            if (disposing && _userManager != null)
            {
                _userManager.Dispose();
                _userManager = null;
            }
    
            base.Dispose(disposing);
        }
    
        #region Helpers
    
        private IAuthenticationManager Authentication
        {
            get { return Request.GetOwinContext().Authentication; }
        }
    
        private IHttpActionResult GetErrorResult(IdentityResult result)
        {
            if (result == null)
            {
                return InternalServerError();
            }
    
            if (!result.Succeeded)
            {
                if (result.Errors != null)
                {
                    foreach (string error in result.Errors)
                    {
                        ModelState.AddModelError("", error);
                    }
                }
    
                if (ModelState.IsValid)
                {
                    // No ModelState errors are available to send, so just return an empty BadRequest.
                    return BadRequest();
                }
    
                return BadRequest(ModelState);
            }
    
            return null;
        }
        #endregion
    }

    3、AngularJS

    在前端,把token相关的常量放到主module中去。

    angular.module('gadgetsStore')
        .constant('gadgetsUrl', 'http://localhost:61691/api/gadgets')
        .constant('ordersUrl', 'http://localhost:61691/api/orders')
        .constant('categoriesUrl', 'http://localhost:61691/api/categories')
        .constant('tempOrdersUrl', 'http://localhost:61691/api/sessions/temporders')
        .constant('registerUrl', '/api/Account/Register')
        .constant('tokenUrl', '/Token')
        .constant('tokenKey', 'accessToken')
        .controller('gadgetStoreCtrl', function ($scope, $http, $location, gadgetsUrl, categoriesUrl, ordersUrl, tempOrdersUrl, cart, tokenKey) {

    提交订单的时候需要把token写到headers的Authorization属性中去。

    $scope.sendOrder = function (shippingDetails) {
        var token = sessionStorage.getItem(tokenKey);
        console.log(token);
    
        var headers = {};
        if (token) {
            headers.Authorization = 'Bearer ' + token;
        }
    
        var order = angular.copy(shippingDetails);
        order.gadgets = cart.getProducts();
        $http.post(ordersUrl, order, { headers: { 'Authorization': 'Bearer ' + token } })
        .success(function (data, status, headers, config) {
            $scope.data.OrderLocation = headers('Location');
            $scope.data.OrderID = data.OrderID;
            cart.getProducts().length = 0;
            $scope.saveOrder();
            $location.path("/complete");
        })
        .error(function (data, status, headers, config) {
            if (status != 401)
                $scope.data.orderError = data.Message;
            else {
                $location.path("/login");
            }
        }).finally(function () {
        });
    }

    在主module中增加登出和注册用户的功能。

    $scope.logout = function () {
        sessionStorage.removeItem(tokenKey);
    }
    $scope.createAccount = function () {
        $location.path("/register");
    }

    当然还需要添加对应的路由:

     $routeProvider.when("/login", {
            templateUrl: "app/views/login.html"
        });
    $routeProvider.when("/register", {
            templateUrl: "app/views/register.html"
        });

    再往主module中添加一个controller,用来处理用户账户相关事宜。

    angular.module("gadgetsStore")
        .controller('accountController', function ($scope, $http, $location, registerUrl, tokenUrl, tokenKey) {
    
        $scope.hasLoginError = false;
        $scope.hasRegistrationError = false;
    
        // Registration
        $scope.register = function () {
    
            $scope.hasRegistrationError = false;
            $scope.result = '';
    
            var data = {
                Email: $scope.registerEmail,
                Password: $scope.registerPassword,
                ConfirmPassword: $scope.registerPassword2
            };
    
            $http.post(registerUrl, JSON.stringify(data))
                    .success(function (data, status, headers, config) {
                        $location.path("/login");
                    }).error(function (data, status, headers, config) {
                        $scope.hasRegistrationError = true;
                        var errorMessage = data.Message;
                        console.log(data);
                        $scope.registrationErrorDescription = errorMessage;
    
                        if (data.ModelState['model.Email'])
                            $scope.registrationErrorDescription += data.ModelState['model.Email'];
    
                        if (data.ModelState['model.Password'])
                            $scope.registrationErrorDescription += data.ModelState['model.Password'];
    
                        if (data.ModelState['model.ConfirmPassword'])
                            $scope.registrationErrorDescription += data.ModelState['model.ConfirmPassword'];
    
                        if (data.ModelState[''])
                            $scope.registrationErrorDescription +=  data.ModelState[''];
    
                    }).finally(function () {
                    });
        }
    
        $scope.login = function () {
            $scope.result = '';
    
            var loginData = {
                grant_type: 'password',
                username: $scope.loginEmail,
                password: $scope.loginPassword
            };
    
            $http({
                method: 'POST',
                url: tokenUrl,
                data: $.param(loginData),
                headers: {
                    'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'
                }
            }).then(function (result) {
                console.log(result);
                $location.path("/submitorder");
                sessionStorage.setItem(tokenKey, result.data.access_token);
                $scope.hasLoginError = false;
                $scope.isAuthenticated = true;
            }, function (data, status, headers, config) {
                $scope.hasLoginError = true;
                $scope.loginErrorDescription = data.data.error_description;
            });
    
        }
    
    });

    有关登录页:

    <div ng-controller="accountController">
        <form role="form">
             <input name="email" type="email" ng-model="loginEmail" autofocus="">
             <input  name="password" type="password" ng-model="loginPassword" value="">
             
             <div ng-show="hasLoginError">
                <a href="#" ng-bind="loginErrorDescription"></a>
             </div>
             
             <a href="" ng-click="login()">Login</a>
             <a href="" ng-click="createAccount()">Create account</a>
        </form>
    </div>

    有关注册页:

    <div ng-controller="accountController">
        <form role="form">
            <input name="email" type="email" ng-model="registerEmail" autofocus="">
            <input name="password" type="password" ng-model="registerPassword" value="">
            <input name="confirmPassword" type="password" ng-model="registerPassword2" value="">
            
            <div ng-show="hasRegistrationError">
               <a href="#" ng-bind="registrationErrorDescription"></a>
            </div>
            <a href="" ng-click="register()">Create account</a
        </form>
    </div>

    在购物车摘要区域添加一个登出按钮。

    <a href="" ng-show="isUserAuthenticated()" ng-click="logout()">Logout</a>

    最后可以把账户相关封装在一个服务中。

    angular.module("gadgetsStore")
        .service('accountService', function ($http, registerUrl, tokenUrl, tokenKey) {
    
            this.register = function (data) {
                var request = $http.post(registerUrl, data);
    
                return request;
            }
    
            this.generateAccessToken = function (loginData) {
                var requestToken = $http({
                    method: 'POST',
                    url: tokenUrl,
                    data: $.param(loginData),
                    headers: {
                        'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'
                    }
                });
    
                return requestToken;
            }
    
            this.isUserAuthenticated = function () {
                var token = sessionStorage.getItem(tokenKey);
    
                if (token)
                    return true;
                else
                    return false;
            }
    
            this.logout = function () {
                sessionStorage.removeItem(tokenKey);
            }
    
        });

    把有关订单相关,封装在storeService.js中:

    angular.module("gadgetsStore")
        .service('storeService', function ($http, gadgetsUrl, categoriesUrl, tempOrdersUrl, ordersUrl, tokenKey) {
    
            this.getGadgets = function () {
                var request = $http.get(gadgetsUrl);
    
                return request;
            }
    
            this.getCategories = function () {
                var request = $http.get(categoriesUrl);
    
                return request;
            }
    
            this.submitOrder = function (order) {
                var token = sessionStorage.getItem(tokenKey);
                console.log(token);
    
                var headers = {};
                if (token) {
                    headers.Authorization = 'Bearer ' + token;
                }
    
                var request = $http.post(ordersUrl, order, { headers: { 'Authorization': 'Bearer ' + token } });
    
                return request;
            }
    
            this.saveTempOrder = function (currentProducts) {
                var request = $http.post(tempOrdersUrl, currentProducts);
    
                return request;
            }
    
            this.loadTempOrder = function () {
                var request = $http.get(tempOrdersUrl);
    
                return request;
            }
    
        });

    本系列结束

  • 相关阅读:
    软件系统架构演变
    PL/SQL语法
    ambari安装指南
    手把手带你使用JS-SDK自定义微信分享效果
    微信公众平台无法使用支付宝收付款的解决方案
    php创建含文件夹的zip文件
    捣鼓TinyMCE 粘贴图片并上传+Django后台
    捣鼓TinyMCE粘贴图片并上传+Flask后台
    关于Java 中Integer 和Long对象 对比的陷阱(简单却容易犯的错误)
    Java东西太多,记录一些知识点
  • 原文地址:https://www.cnblogs.com/darrenji/p/4959721.html
Copyright © 2011-2022 走看看