{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 倾城 Initia 的问题《How to build secured api using ServiceStack as res》','https://www.manongdao.com/q-1329247.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have build a OAuth2.0 Authorization server using dotnetopenauth that will manage authentication, authorization, and assign accessToken to the caller. The caller will use the access token to access the api (webservices) at resource server. If follow the sample provided by dotnetopenauth in Resource Server, api that builded using WCF can be authenticated by OAuthAuthorizationManager
If using ServiceStack to build my api in Resource Server, how to build the authentication process that verify the incoming api request based on assigned OAuth2.0 access token? The functionality should similar to OAuthAuthorizationManager in the dotnetopenid sample and not based on login session.
Just some update
I didn't use the
AuthenticateAttributeorRequiredRoleAttributefromServiceStack.ServiceInterface.I create 2 custom
RequestFilterAttributeto replace the functions provided byAuthenticateAttributeandRequiredRoleAttribute.In each custom
RequestFilterAttribute'sExecutemethod, I'm using method in dotnetopenauth to verify the access token.The code for the access token verification as following, reference the relevant documentation from both servicestack and dotnetopenauth for more info. ResourceServer is class from dotnetopenauth
If the
ipisnullthen not authenticated, if notnull, the incoming request is valid and can use theipto check the role e.g.ip.IsInRole(requiredRole)I'm not sure this is the correct way to do the checking or not, but it's works for me. Any better solution are welcome.