问题
In the latest update of Azure Mobile Apps, support for custom authentication was finally added, ref: https://azure.microsoft.com/en-us/blog/azure-mobile-apps-november-2015-update.
They have included a snippet for issuing a JWT-token, but my question is how would I use this in my app for authenticating requests?
I guess I need to add a custom token handler in my WebApiConfig, but I can't find any docs on the subject.
回答1:
- Turn on App Service Authentication
- Add Microsoft.Azure.Mobile.Server.Login NuGet package
- Create custom authentication endpoint
- Configure service to require authentication
- Use token on client
Please check this out for more details. This article explains it steps by step.
http://www.newventuresoftware.com/blog/custom-authentication-with-azure-mobile-apps/
回答2:
I eventually figured this out myself.
If anyone is wondering, this actually "just works". I looked into the source code and the only validation being done is based on the JWT-token encryption key, the "Audience"-setting and the "Issuer"-setting. You can just add the [Authorize] attribute to the controller or method and the pipeline takes care of the rest.
If custom claims are needed, they can be added to the MobileAppLoginHandler.CreateToken call and extracted from the User-object. I made my own extension method on IPrincipal to get a custom object with the properties I needed in the same manner as the built-in providers.
来源:https://stackoverflow.com/questions/33827015/how-to-implement-custom-authentication-in-an-azure-mobile-app