I've created a OData based web back-end using Web API 2. This works really well, using AuthorizeAttribute on controllers.
I'd like to be able to upload a files, via a standard html form and a submit.
We are passing the OAuth token, which would normally be passed in the header of an OData request, as a hidden input field.
Question: How do you validate this in the controller?
Then you need to un-protect the token, then from the "ticket" you check if there is principal and if it is authenticated (check property IsAuthenticated). Use the code below inside your controller:
string token = "Your token goes here";
Microsoft.Owin.Security.AuthenticationTicket ticket = Startup.OAuthBearerOptions.AccessTokenFormat.Unprotect(token);
来源:https://stackoverflow.com/questions/26533722/validate-oauth-bearer-token-with-form-post