问题
I am trying to implement:
- An MVC Web API server to return content on-demand (REST Server)
- A Central authentication OAuth 2.0 server (for example OWIN)
- An Android end-user side Application
The Scenario is like this: Android application requests content on REST Server, if its token is expired, REST server makes a request on authentication server to identify the client. The REST server should be registered using its own [id,secret] on authentication server and then Android application should be informed to identify on central authentication server using end-user [username,password] and Android application [id,secret].
So REST server must be registered on authentication server using fixed [id,secret]. Android application must be registered on authentication server using fixed [id,secret] and end-user [username,password].
So the problem is most samples on the web use cookie based sessions that cannot be used via a REST server and a non-browser end user (at least it is not recommended). I did not find a clear example to explain the implementation of this scenario or even some part of this, all that I found were some beginner code snippets. Thanks for your help.
回答1:
I recommend you posts on Token Based Authentication and Enable OAuth Refresh Tokens from Taiseer Joudeh, wich teaches you step by step in the process to create a token based Authentication (mobile friendly, without cookies storage) and refreshtoken for managing token expiration.
Note: Don't be afraid if the post title talks about "AngularJS". You can skip this part.
来源:https://stackoverflow.com/questions/25659689/how-to-implement-an-owin-authentication-server-with-a-mvc-web-api-content-server