带有授权标头和不记名令牌的 Blazor 导航
[英]Blazor navigation with authorization header and bearer token
问题描述
I want to create HealthChecks portal via HealthChecksUI but with limited access with authorization.
我想通过HealthChecksUI创建 HealthChecks 门户,但授权访问受限。
Also I using Blazor to accomplish authorization dialog creation and receiving access token.我还使用Blazor来完成授权对话框的创建和接收访问令牌。
So I configuring HealthChecksUI:所以我配置 HealthChecksUI:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
//...
app.UseEndpoints(endpointsBuilder =>
{
//...
endpointsBuilder.MapHealthChecksUI(setup =>
{
setup.UIPath = "/portal";
setup.ApiPath = "/portal/api";
setup.WebhookPath = "/portal/webhooks";
setup.ResourcesPath = "/portal/resources";
}).RequireAuthorization(); // This means access to '/portal' route will be limited by authorization.
//...
}
//...
}
I using bearer token in HTTP Authorization header for authorization while performing any request.我在执行任何请求时在HTTP Authorization 标头中使用不记名令牌进行授权。
Next let's check authorization work:接下来让我们检查授权工作:
GET request from POSTMAN with valid bearer token to '/portal' route passing successfully. POSTMAN 的GET 请求带有有效的不记名令牌到“/portal”路由成功传递。 Also, if I change token then I recieve 401 Unauthorized error.另外,如果我更改令牌,则会收到 401 Unauthorized 错误。 So it's seems authorization system working correctly.所以看起来授权系统工作正常。
Next step will be using authorization dialog to perform token receiving and redirecting to portal page.下一步将使用授权对话框来执行令牌接收和重定向到门户页面。
Code below it's just a simple authorize function using in .razor page下面的代码只是在 .razor 页面中使用的一个简单的授权功能
private async Task SubmitAsync()
{
var (authorizationSuccessful, accessToken) = await authorizationService.AuthorizeAsync(authorizationData).ConfigureAwait(false);
if (authorizationSuccessful)
{
navigationManager.NavigateTo("/portal", true);
}
else
{
throw new UnauthorizedAccessException("Incorrect login or password");
}
}
So problem is:所以问题是:
When authorization passing ( authorizationSuccessful is true ) and navigation performing, I get to '/portal' page without any authorization data, so I get 401 Unauthorized error.当授权通过( authorizationSuccessful为true )和导航执行时,我在没有任何授权数据的情况下进入“/portal”页面,因此我收到 401 Unauthorized 错误。
The question is:问题是:
How can I pass received bearer token ( accessToken ) through NavigateTo method in Authorization HTTP Header to accomplish authorized access to '/portal' page?如何通过Authorization HTTP 标头中的NavigateTo方法传递收到的不记名令牌( accessToken )以完成对“/portal”页面的授权访问? Is it even possible?甚至有可能吗?
1 个解决方案
解决方案1
1 已采纳 2020-03-11 12:57:31
Unfortunately, it's not possible to accomplish this task that way.不幸的是,以这种方式完成这项任务是不可能的。
According to tries to do something like this using JS only ( this and this ), it can't be done with plain JS.根据尝试仅使用 JS( this和this )来做这样的事情,它不能用普通的 JS 来完成。
So we have just few options here:所以我们在这里只有几个选择:
Share authorization token through cookies通过 cookie 共享授权令牌
Cookies are browser-based shared storage, so check access token from here possible right after navigation. Cookie 是基于浏览器的共享存储,因此可以在导航后立即从此处检查访问令牌。
Send authorization token through query通过查询发送授权令牌
NavigateTo method can be used with query parameters like this: NavigateTo方法可以与这样的查询参数一起使用:
navigationManager.NavigateTo($"/portal?token={accessToken}", true);
So we can check access token from query parameters directly.所以我们可以直接从查询参数中检查访问令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.