[英]JWT authentication based on the Parameter in Multi-tenant Asp.net Core web site
I am using JWT based authentication in my .net core 2.1 web site. 我在.net core 2.1网站上使用基于JWT的身份验证。 Currently this works fine.
目前这工作正常。 Now, I have to make one API multi-tenant and each tenant will have it's own secret key.
现在,我必须创建一个API多租户,每个租户都有自己的密钥。 The tenant Id will be passed as parameter to the API.
租户ID将作为参数传递给API。
[Authorize]
[HttpGet("tenant/{id}")]
public async Task<IActionResult> GetInfo(string id)
{
}
Each tenant will sign the JWT and will add to Authorization header. 每个租户都将签署JWT并将添加到Authorization标头。 I am not able to think of a way to change IssuerSigningKey based on the parameter.
我无法想到根据参数更改IssuerSigningKey的方法。 I tried following:
我试过以下:
Validating the JWT inside the API by making it [ AllowAonymus
]. 通过将其
AllowAonymus
[ AllowAonymus
]来验证API中的JWT。 This works but I have end up writing all the JWT validating code. 这有效但我最终编写了所有JWT验证代码。
Implementing ISecurityTokenValidator
实现
ISecurityTokenValidator
I can implement ISecurityTokenValidator
to validate the token and using this in startup configuration something like this: 我可以实现
ISecurityTokenValidator
来验证令牌并在启动配置中使用它,如下所示:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
{
options.SecurityTokenValidators.Clear();
options.SecurityTokenValidators.Add(new JWTSecurityTokenValidator());
});
And implemented my own class to validate the token. 并实现了我自己的类来验证令牌。
public class JWTSecurityTokenValidator : ISecurityTokenValidator
{
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
// Implement the logic
}
}
But again I end up doing heavy lifting. 但我又一次做了很重的事。 Also, I am not able to access the parameter "tenantId" in the ValidateToken.
此外,我无法访问ValidateToken中的参数“tenantId”。
3.Using IssuerSigningKeyResolver
: I can implement a delegate: 3.使用
IssuerSigningKeyResolver
:我可以实现委托:
IEnumerable<SecurityKey> IssuerSigningKeyResolver(string token, SecurityToken securityToken, string kid, TokenValidationParameters validationParameters)
Again I don't's have access to the "tenantId" parameter to choose the appropriate key. 同样,我无法访问“tenantId”参数来选择适当的密钥。
Is there elegant solution to choosing IssuerSigningKey
based on the parameter so that I don't need to write my own logic to validate JWT? 是否有基于参数选择
IssuerSigningKey
的优雅解决方案,这样我就不需要编写自己的逻辑来验证JWT了? Or only option is to go with first option? 或者只有选择是第一个选项?
You can use DI to pass IHttpContextAccessor
instance into your JWTSecurityTokenValidator
and get value of IHttpContextAccessor.HttpContext
property. 您可以使用DI将
IHttpContextAccessor
实例传递到JWTSecurityTokenValidator
并获取IHttpContextAccessor.HttpContext
属性的值。
From .Net Core 2.1 , you can register using extension : 从.Net Core 2.1,您可以使用扩展名注册:
services.AddHttpContextAccessor();
Then in your custom JWTSecurityTokenValidator
, modify to inject the IHttpContextAccessor
: 然后在您的自定义
JWTSecurityTokenValidator
,修改以注入IHttpContextAccessor
:
private readonly IHttpContextAccessor _httpContextAccessor;
public JWTSecurityTokenValidator(IHttpContextAccessor httpContextAccessor) {
_httpContextAccessor = httpContextAccessor;
}
Modify the registration in Startup.cs
: 修改
Startup.cs
的注册:
options.SecurityTokenValidators.Clear();
options.SecurityTokenValidators.Add(new JWTSecurityTokenValidator(services.BuildServiceProvider().GetService<IHttpContextAccessor>()));
So that in ValidateToken
method ,you can read the parameter from _httpContextAccessor.HttpContext
, according to how you pass the parameter , read it from query string or path : 因此,在
ValidateToken
方法中,您可以从_httpContextAccessor.HttpContext
读取参数,根据您传递参数的方式,从查询字符串或路径中读取它:
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
var xx = _httpContextAccessor.HttpContext.Request;
........
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.