Token Based Authentication in Web API 2如何实现？

原文地址：http://www.c-sharpcorner.com/uploadfile/736ca4/token-based-authentication-in-web-api-2/ Introduction This article explains the OWIN OAuth 2.0 Authorization and how to implement an OAuth 2.0 Authorization server using the OWIN OAuth middleware. The OAuth 2.0 Authorization framwork is defined in RFC 6749. It enables third-party applications to obtain limited access to HTTP services, either on behalf of a resource owner by producing a desired effect on approval interaction between the resource owner and the HTTP service or by allowing the third-party application to obtain access on its own behalf. Now let us talk about how OAuth 2.0 works. It supports the following two (2) different authentication variants: Three-Legged Two-Legged Three-Legged Approach: In this approach, a resource owner (user) can assure a third-party client (mobile applicant) about the identity, using a content provider (OAuthServer) without sharing any credentials to the third-party client. Two-Legged Approach:This approach is known as a typical client-server approach where the client can directly authenticate the user with the content provider. Multiple classes are in OAuth Authorization OAuth Authorization can be done using the following two classes: IOAuthorizationServerProvider OAuthorizationServerOptions IOAuthorizationServerProvider It extends the abstract AuthenticationOptions from Microsoft.Owin.Security and is used by the core server options such as: Enforcing HTTPS Error detail level Token expiry Endpoint paths We can use the IOAuthorizationServerProvider class to control the security of the data contained in the access tokens and authorization codes. System.Web will use machine key data protection, whereas HttpListener will rely on the Data Protection Application Programming Interface (DPAPI). We can see the various methods in this class. OAuthorizationServerOptions IOAuthAuthorizationServerProvider is responsible for processing events raised by the author