堆栈内存溢出
  简体   繁体   English

如何在 Aspnet Core 中的授权标头中存储 JWT 令牌

[英]How to store JWT Token in authorization header in Aspnet Core

 原文  2020-10-27 05:14:05       c#/ asp.net-core/ jwt/ openid-connect

问题描述

I have an "Auth Service" application in .Net Core which authenticates via a Challenge Request and then redirects back to the client application with a token.我在 .Net Core 中有一个“身份验证服务”应用程序,它通过质询请求进行身份验证,然后使用令牌重定向回客户端应用程序。

    [AllowAnonymous]
    [HttpGet("Login")]
    public IActionResult Login()
    {
        return Challenge(new AuthenticationProperties
        {
            RedirectUri = returnUrlQs
        }, OpenIdConnectDefaults.AuthenticationScheme);
    }

Currently I transmit the token through a HTTP cookie using the options.Events.OnAuthorizationCodeReceived OpenId Connect event.目前我使用options.Events.OnAuthorizationCodeReceived OpenId Connect 事件通过 HTTP cookie 传输令牌。 However the 4kb cookie length is too small and so I want to try move it to the authorization header.但是 4kb cookie 长度太小,所以我想尝试将它移动到授权标头。

I've tried setting the Response header but it's not received on the other side;我已经尝试设置 Response 标头,但没有在另一端收到它; on the client app.在客户端应用程序上。

Is this possible to achieve?这有可能实现吗?

Thanks for any help!谢谢你的帮助!

3 个解决方案

解决方案1
 4  2020-10-27 06:38:40

Setting request headers is the client's job, not the API's.设置请求标头是客户端的工作,而不是 API 的工作。 So your back-end can't set those.所以你的后端不能设置这些。 You'll need to return the token so that code on your front-end can get it and then assign it as a request header on future requests.您需要返回令牌,以便前端的代码可以获取它,然后将其分配为未来请求的请求标头。

Another option here might be to do the OpenID Connect authentication from your front-end application (depending on what your identity provider supports).此处的另一个选项可能是从您的前端应用程序执行 OpenID Connect 身份验证(取决于您的身份提供者支持的内容)。 This way it would get tokens and have the ability to refresh them, and your API could focus on just validating tokens in requests.通过这种方式,它将获得令牌并能够刷新它们,并且您的 API 可以专注于验证请求中的令牌。

解决方案2
 0  2020-10-27 07:36:49

Put your token inside the body of response and include [Authorize] attribute.将您的令牌放在响应正文中并包含 [Authorize] 属性。 eg:例如:

//in your api
[Authorize]
[HttpPost("update")]
private IActionResult update([FromBody] Model model){
//do some actions here
}

and in your client side, you store your token via session or any temporary storage then retrieve it if necessary and put it in your header.在您的客户端,您通过会话或任何临时存储存储您的令牌,然后在必要时检索它并将其放入您的标头中。 do something like this:做这样的事情:

  //in your client
  $.ajax({
  type: "POST",
  url: "/update",
  data: {someParameter: "some value"},
  contentType: "application/json; charset=utf-8",
  Authorization : "Bearer " + yourToken,
  dataType: "json",
  success: function(msg) {
    //some code
  }
});

i did not test this code but only to give you some idea.我没有测试这段代码,只是为了给你一些想法。

解决方案3
 0  2020-10-27 08:17:29

如果您对 4Kb 的限制有疑问,那么您应该节食我们的令牌并通过删除不必要的声明来减小其大小。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在aspnet.core web api中验证JWT令牌? - How to validate JWT Token in aspnet.core web api? aspnet核心jwt令牌作为get param - aspnet core jwt token as get param AspNet WebApi 核心 JWT 令牌未进行身份验证 - AspNet WebApi core JWT token not Authenticating 如何在 ASPNET Core MVC 中处理 JWT - How to handle JWT in ASPNET Core MVC JWT不记名令牌授权不起作用asp net core web api - JWT bearer token Authorization not working asp net core web api AspNet.Core、IdentityServer 4:在使用 JWT 不记名令牌与 SignalR 1.0 进行 websocket 握手期间未经授权 (401) - AspNet.Core, IdentityServer 4: Unauthorized (401) during websocket handshake with SignalR 1.0 using JWT bearer token 在 cookie 中存储 JWT 令牌后如何打破该 cookie 并在 ASP.NET Core 3.1 中获取信息 - After store JWT token in cookie how to break that cookie and get information in ASP.NET Core 3.1 .NET Core API-中间件是否在标头中设置了JWT承载令牌? - .NET Core API - does the middleware set the JWT bearer token in the header? 如何使用 JWT 令牌授权用户响应 asp net core web api。 何时使用授权标头不记名令牌? - How to use JWT token to authorize user from react to asp net core web api. When to use autorization header bearer token? C# 授权 JWT 令牌 - C# Authorization JWT token
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM