stackoom
  简体   繁体   中英

check user validation in Asp.net core with jwt authorization

 原文  2018-03-31 09:08:14       asp.net/ asp.net-web-api/ asp.net-core/ asp.net-identity/ access-token

Question

I implemented Microsoft Identity and JWT in my web api, a client can login and get a JWT token and store it in the application. since the expiration of the token the user can access the the server, but if I remove a user from my database, the removed user still has its token and can access the web api, how can I check the validation of the user?

2 answers

solution1
 2 ACCPTED  2018-03-31 09:27:52

One option is to validate the current user on the JwtBearerEvent OnTokenValidated event which will be triggered after every successful authentication

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(options => {

        options.Events = new JwtBearerEvents
            {
                OnTokenValidated = context =>
                {
                    var userService = ServiceProvider.GetService<IUserService>();
                    if(userService.IsUserRemoved(context.Principal.Identity.Name))
                        context.Fail("User is removed");

                    return Task.CompletedTask;
                }
            };
        });

Note: In this example I use ServiceProvider, to get the an instance of IUserService, which is stored in the Startup.cs class as a parameter. Initialized as ServiceProvider = services.BuildServiceProvider(); in the ConfigureServices method. The IUserService is a wrapper class where you need to implement the IsUserRemoved method which will operate on your user provider implementation.

solution2
 0  2018-03-31 12:41:33

Another option is to implement and register your own SecurityTokenValidator . To do so you need to create a class implemented ISecurityTokenValidator interface:

//using Microsoft.IdentityModel.Tokens

public class CustomValidator : ISecurityTokenValidator
{
   //interface implementation
   ...
}

and register it as an additional token validator via JwtBearerOptions.SecurityTokenValidators property :

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer( options => {

        options.SecurityTokenValidators.Add(new CustomValidator()) 
    });

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question JWT Authentication validation in asp.net core ASP.NET Core JWT Bearer Token Custom Validation Check jwt token when project start in ASP.NET Core Authorization in ASP.Net Core ASP.NET JWT authorization returns NotFound Adding user roles in runtime for ASP.NET Core API authorization JWT token validation in ASP.NET ASP.NET Core Sign In with JWT ASP.NET Core: JWT token with Scopes ASP.NET core 3 Customized authentication with jwt
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM