如何在ASP.NET Web API中处理持有者令牌的缺失或到期
[英]How to handle the absence or expiration of bearer token in ASP.NET Web API
问题描述
I have an ASP.NET web API and I want to return a meaningful message instead of this exception in case if the token was expired or it wasn't provided in the request at all. 
我有一个ASP.NET Web API,我希望返回一个有意义的消息而不是此异常,以防令牌过期或根本没有在请求中提供。 This is the exception that I'm getting in this case. 这是我在这种情况下得到的例外。
{
"Message": "An error has occurred.",
"ExceptionMessage": "An error occurred when trying to create a controller of type 'SomeController'. Make sure that the controller has a parameterless public constructor.",
"ExceptionType": "System.InvalidOperationException",
"StackTrace": " at System.Web.Http.Dispatcher.DefaultHttpControllerActivator.Create(HttpRequestMessage request, HttpControllerDescriptor controllerDescriptor, Type controllerType)\r\n at System.Web.Http.Controllers.HttpControllerDescriptor.CreateController(HttpRequestMessage request)\r\n at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext()",
"InnerException": {
"Message": "An error has occurred.",
"ExceptionMessage": "Object reference not set to an instance of an object.",
"ExceptionType": "System.NullReferenceException",
"StackTrace": " at WebApi.Controllers.SomeController..ctor() in SomePath\\Controllers\\SomeController.cs:line 21\r\n at lambda_method(Closure )\r\n at System.Web.Http.Dispatcher.DefaultHttpControllerActivator.Create(HttpRequestMessage request, HttpControllerDescriptor controllerDescriptor, Type controllerType)"
}
}
I have tried like this and added a breakpoint, but it doesn't even reach it, so I'm not sure where should I write the code to handle this. 我试过这样并添加了一个断点,但它甚至没有达到它,所以我不知道我应该在哪里编写代码来处理它。
public override void OnAuthorization(HttpActionContext actionContext)
{
JsonHelper jsonHelper = new JsonHelper();
if (actionContext == null)
{
actionContext.Response = jsonHelper.setHttpResponseMessage(jsonHelper.setResponse(false, null, "Expired or Incorrect token."));
return;
}
}
Thanks in advance 提前致谢
1 个解决方案
解决方案1
0 已采纳 2019-05-02 11:44:20
Thanks to @Mark Wagoner comment, I saw this sentence in the exception which I didn't notice before 感谢@Mark Wagoner的评论,我在例外中看到了这句话,我之前没有注意到
in SomePath\\Controllers\\SomeController.cs:line 21
In the controller in line 21, there is this line: 在第21行的控制器中,有这一行:
...
string variable = ClaimsPrincipal.Current.FindFirst("SomeValue").Value;
public HttpResponseMessage Get()
{
...
And since the token wasn't provided here, then it's to be expected that the above line would through Object reference not set to an instance of an object exception. 并且由于此处未提供令牌,因此可以预期上述行将通过Object引用而不设置为对象异常的实例 。 I declared it outside the method because it is used in multiple methods. 我在方法之外声明它,因为它用于多种方法。 So, I removed it from there & declared it for each method and that solved my problem. 所以,我从那里删除它并为每个方法声明它,这解决了我的问题。
The thing that I didn't know is that the variables that I declare in the controller outside of the methods are declared first, then it starts executing the code in custom authorize CustomAuthorizeAttribute : AuthorizeAttribute class. 我不知道的事情是我首先声明我在方法之外的控制器中声明的变量,然后它开始执行自定义授权CustomAuthorizeAttribute : AuthorizeAttribute类中的代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.