Header 中自定义字段的 Bearer Token

Question

My endpoint uses a token to authorize the execution but the header "Authorization" field is used for the gateway token.我的端点使用令牌来授权执行，但 header“授权”字段用于网关令牌。 I'd like to set a different header key to pass and read the token in my endpoints and avoid conflicts.我想设置一个不同的 header 密钥来传递和读取我端点中的令牌并避免冲突。

This is my controller code:这是我的 controller 代码：

        [HttpPost]
        [ApiVersion("1.0")]
        [ProducesResponseType(typeof(ErrorMessageDto), 500)]
        [Authorize(AuthenticationSchemes = "Bearer")]
        [ProducesResponseType(typeof(NavMenuItemReturnDto), 201)]
        public IActionResult CreateNavMenuItem(NavMenuItemUpdateCreateDto newNavMenuItem)
        {
            try
            {
                return StatusCode(201, _navMenuItemsBL.CreateNewNavMenuItem(newNavMenuItem).Result);
            }
            catch (Exception ex)
            {
                return StatusCode(500, new ErrorMessageDto { Error = ex.Message });
            }
        }

This is my startup code:这是我的启动代码：

 services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddJwtBearer("Bearer", options =>
                {
                    options.Authority = Configuration.GetSection("JwtAuthority").Get<string>();

                    options.TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateIssuerSigningKey = false,
                        ValidateAudience = false,
                        RequireExpirationTime = false,
                        ValidateLifetime = false,
                        ValidateIssuer = false,
                    };
                });

Any suggestions?有什么建议么？ Thanks for the help谢谢您的帮助

Answer 1

Could you achieve what you are after with adding Multiple Authentication Schemas?您能否通过添加多个身份验证模式来实现您的目标？

An Example is below:一个例子如下：

    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(options =>
        {
            options.Audience = "https://localhost:5000/";
            options.Authority = "https://localhost:5000/identity/";
        })
        .AddJwtBearer("AzureAD", options =>
        {
            options.Audience = "https://localhost:5000/";
            options.Authority = "https://login.microsoftonline.com/eb971100-6f99-4bdc-8611-1bc8edd7f436/";
        });
}

Only one JWT bearer authentication is registered with the default authentication scheme JwtBearerDefaults.AuthenticationScheme.默认认证方案JwtBearerDefaults.AuthenticationScheme只注册了一个JWT承载认证。 Additional authentication has to be registered with a unique authentication scheme.必须使用唯一的身份验证方案注册其他身份验证。

The next step is to update the default authorization policy to accept both authentication schemes.下一步是更新默认授权策略以接受两种身份验证方案。 For example:例如：

        services.AddAuthorization(options =>
        {
            var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(
                JwtBearerDefaults.AuthenticationScheme,
                "AzureAD");
            defaultAuthorizationPolicyBuilder = 
                defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
            options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
        });

As the default authorization policy is overridden, it's possible to use the [Authorize] attribute in controllers.由于默认授权策略被覆盖，因此可以在控制器中使用 [Authorize] 属性。 The controller then accepts requests with JWT issued by the first or second issuer.然后 controller 接受第一或第二发行人发出的带有 JWT 的请求。

Now you have the default, and AzureAD现在您有了默认值和 AzureAD

Header 中自定义字段的 Bearer Token

问题描述

1 个解决方案

解决方案1
0 2021-09-29 10:48:39

Header 中自定义字段的 Bearer Token

问题描述

1 个解决方案

解决方案1 0 2021-09-29 10:48:39

解决方案1
0 2021-09-29 10:48:39