堆栈内存溢出
  简体   繁体   English

如何使用asp.net核心api在标头中使用x-auth-token授权请求?

[英]How to authorize requests with x-auth-token in its header using asp.net core api?

 原文  2019-07-08 05:17:19       authentication/ jwt/ authorization/ asp.net-core-webapi

问题描述

I generated token included user info and her roles using asp.net core web api and get it at client, then put it in x-auth-token in request header. 我使用asp.net核心网络api生成了包含用户信息及其角色的令牌,并将其从客户端获取,然后将其放在请求标头中的x-auth-token中。 How cal I authorize user (with her roles) in asp.net api controllers and actions? 我如何在asp.net api控制器和操作中授权用户(及其角色)? My setting in startup.cs is like below but I can not catch request in my action! 我在startup.cs中的设置如下所示,但我无法在操作中捕获请求! 

var securityKey = Environment.GetEnvironmentVariable("SECURITY_KEY");
var symmetricSecurityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(securityKey));

services
    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
      options.TokenValidationParameters = new TokenValidationParameters()
              {
               ValidateIssuer = true,
               ValidateAudience = true,
               ValidateIssuerSigningKey = true,

               ValidIssuer = "shoniz.com",
               ValidAudience = "readers",
               IssuerSigningKey = symmetricSecurityKey
              };
    });

1 个解决方案

解决方案1
 0  2019-07-08 20:15:24

The code in your example is an settings of authentication (JWT scheme). 您的示例中的代码是身份验证设置(JWT方案)。 First, you have to add middleware, which will authenticate user. 首先,您必须添加中间件,该中间件将对用户进行身份验证。 This part of code should be present in Startup.cs ( Configure() method). 这部分代码应该出现在Startup.csConfigure()方法)。 

app.UseAuthentication();

Once this middleware is called, all the authentication schemes are taken into account. 调用此中间件后,将考虑所有身份验证方案。 When the authentication will success, HttpContext.User will be set (including all your issues claims). 身份验证成功后,将设置HttpContext.User (包括您所有的问题声明)。

The second part is authorization. 第二部分是授权。 The simplest way is to use [Authorize] attribute you can use as an annotation along with your action methods and controllers. 最简单的方法是使用[Authorize]属性,该属性可以与操作方法和控制器一起用作批注。 You can add custom role names or policy restriction. 您可以添加自定义角色名称或策略限制。 

[Authorize(Roles = "admin")]
public class CmsControllerBase : Controller
{
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Angular 8 - 如何向我的请求 header 添加 X-Auth-Token? - Angular 8 - How to add to my request header a X-Auth-Token? 授权属性无法阻止 ASP.Net Core 3.0 中的请求 Web API - Authorize attribute failing to block requests in ASP.Net Core 3.0 Web API Asp.net 核心 6 mvc:使用来自外部 API 的 JWT 令牌授权 controller 方法 - Asp.net core 6 mvc : Authorize controller methods with JWT token from external API 如何在Keyrock FIWARE中配置X-AUTH-TOKEN - How can I configure the X-AUTH-TOKEN in the keyrock FIWARE 在 Asp.net Core Web API 中在控制器的授权属性上设置请求的标头 - Set request's header on Authorize Attribute of the Controller in Asp.net Core Web API 如何在 Postman 中设置 X-Auth-Token? - How to set up X-Auth-Token in Postman? ASP.NET核心API-Cookie身份验证 - ASP.NET core API - cookie auth 如何使用asp.net web api在swagger ui的url头中传递访问令牌? - How to pass access token in url header of swagger ui using asp.net web api? 在WSO2 ESB中的http连接端点中设置X-Auth-Token标头 - Set X-Auth-Token header in http connection endpoint in WSO2 ESB 在ASP.NET Core中使用授权属性和自定义Cookie身份验证 - Using the Authorize Attribute with Custom Cookie Authentication in ASP.NET Core
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM