基于多租户Asp.net核心网站中的参数的JWT身份验证
[英]JWT authentication based on the Parameter in Multi-tenant Asp.net Core web site
问题描述
I am using JWT based authentication in my .net core 2.1 web site. 
我在.net core 2.1网站上使用基于JWT的身份验证。 Currently this works fine. 目前这工作正常。 Now, I have to make one API multi-tenant and each tenant will have it's own secret key. 现在,我必须创建一个API多租户,每个租户都有自己的密钥。 The tenant Id will be passed as parameter to the API. 租户ID将作为参数传递给API。
[Authorize]
[HttpGet("tenant/{id}")]
public async Task<IActionResult> GetInfo(string id)
{
}
Each tenant will sign the JWT and will add to Authorization header. 每个租户都将签署JWT并将添加到Authorization标头。 I am not able to think of a way to change IssuerSigningKey based on the parameter. 我无法想到根据参数更改IssuerSigningKey的方法。 I tried following: 我试过以下:
Validating the JWT inside the API by making it [
AllowAonymus].通过将其AllowAonymus[AllowAonymus]来验证API中的JWT。 This works but I have end up writing all the JWT validating code.这有效但我最终编写了所有JWT验证代码。 Implementing
ISecurityTokenValidator实现ISecurityTokenValidator
I can implement ISecurityTokenValidator to validate the token and using this in startup configuration something like this: 我可以实现ISecurityTokenValidator来验证令牌并在启动配置中使用它,如下所示:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
{
options.SecurityTokenValidators.Clear();
options.SecurityTokenValidators.Add(new JWTSecurityTokenValidator());
});
And implemented my own class to validate the token. 并实现了我自己的类来验证令牌。
public class JWTSecurityTokenValidator : ISecurityTokenValidator
{
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
// Implement the logic
}
}
But again I end up doing heavy lifting. 但我又一次做了很重的事。 Also, I am not able to access the parameter "tenantId" in the ValidateToken. 此外,我无法访问ValidateToken中的参数“tenantId”。
3.Using IssuerSigningKeyResolver : I can implement a delegate: 3.使用IssuerSigningKeyResolver :我可以实现委托:
IEnumerable<SecurityKey> IssuerSigningKeyResolver(string token, SecurityToken securityToken, string kid, TokenValidationParameters validationParameters)
Again I don't's have access to the "tenantId" parameter to choose the appropriate key. 同样,我无法访问“tenantId”参数来选择适当的密钥。
Is there elegant solution to choosing IssuerSigningKey based on the parameter so that I don't need to write my own logic to validate JWT? 是否有基于参数选择IssuerSigningKey的优雅解决方案,这样我就不需要编写自己的逻辑来验证JWT了? Or only option is to go with first option? 或者只有选择是第一个选项?
1 个解决方案
解决方案1
3 已采纳 2019-08-13 06:30:44
You can use DI to pass IHttpContextAccessor instance into your JWTSecurityTokenValidator and get value of IHttpContextAccessor.HttpContext property. 您可以使用DI将IHttpContextAccessor实例传递到JWTSecurityTokenValidator并获取IHttpContextAccessor.HttpContext属性的值。
From .Net Core 2.1 , you can register using extension : 从.Net Core 2.1,您可以使用扩展名注册:
services.AddHttpContextAccessor();
Then in your custom JWTSecurityTokenValidator , modify to inject the IHttpContextAccessor : 然后在您的自定义JWTSecurityTokenValidator ,修改以注入IHttpContextAccessor :
private readonly IHttpContextAccessor _httpContextAccessor;
public JWTSecurityTokenValidator(IHttpContextAccessor httpContextAccessor) {
_httpContextAccessor = httpContextAccessor;
}
Modify the registration in Startup.cs : 修改Startup.cs的注册:
options.SecurityTokenValidators.Clear();
options.SecurityTokenValidators.Add(new JWTSecurityTokenValidator(services.BuildServiceProvider().GetService<IHttpContextAccessor>()));
So that in ValidateToken method ,you can read the parameter from _httpContextAccessor.HttpContext , according to how you pass the parameter , read it from query string or path : 因此,在ValidateToken方法中,您可以从_httpContextAccessor.HttpContext读取参数,根据您传递参数的方式,从查询字符串或路径中读取它:
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
var xx = _httpContextAccessor.HttpContext.Request;
........
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.