This repository has been archived by the owner on Nov 1, 2023. It is now read-only.
expect an example about oauth #76
Comments
When a user is authorize, you'll have to add a claim to the identity store, like userId or whatever you use to uniquely identify your clients. Then you can override the public class OAuthThrottlingMiddleware : ThrottlingMiddleware
{
protected override RequestIdentity SetIdentity(IOwinRequest request)
{
var userId = "anon";
if(request.Context.User.Identity.IsAuthenticated)
{
//get userId from identity claim
}
return new RequestIdentity()
{
ClientKey = userId,
ClientIp = base.GetClientIp(request).ToString(),
Endpoint = request.RequestUri.AbsolutePath.ToLowerInvariant()
};
}
} |
Remove that constructor and build your Policy outside the OAuthThrottlingMiddleware: public class Startup
{
public void Configuration(IAppBuilder appBuilder)
{
var oauthPolicy = BuildPolicyFromDB();
appBuilder.Use(typeof(OAuthThrottlingMiddleware),
oauthPolicy,
new PolicyMemoryCacheRepository(),
new MemoryCacheRepository(),
null,
null);
}
} |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Thanks a lot
When client got accessToken they do need appkey with any request, So how can I limit the request before valiate accessToken?
I am going to use it in my product envirment, so could you help me? thanks
The text was updated successfully, but these errors were encountered: