[英]How to add Bearer token to a request in ASP.NET CORE
我有一个由 Bearer 令牌保护的 API,将在 mvc 项目中使用。 我正在使用ClientFactory
在 mvc 中调用 API。 我从WeatherForecast
[HttpGet]
方法获取生成的令牌,并使用它来访问 Authorized PlayerController
方法。 它在 Postman 中运行良好,但是当我尝试在 mvc 中访问PlayerController
时,在运行调试器时它显示未经授权的响应!
这是在 mvc 项目中获取和使用生成的令牌的操作
private async Task<JWTToken> CreateToken()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:42045/weatherforecast");
var client = _clientFactory.CreateClient();
HttpResponseMessage response = await client.SendAsync(request);
var token = await response.Content.ReadAsStringAsync();
HttpContext.Session.SetString("JwToken", token);
return JsonConvert.DeserializeObject<JWTToken>(token);
}
public async Task<IActionResult> GetAllPlayers()
{
JWTToken token = null;
var strToken = HttpContext.Session.GetString("JwToken");
if (string.IsNullOrWhiteSpace(strToken))
{
token = await CreateToken();
}
else
{
token = JsonConvert.DeserializeObject<JWTToken>(strToken);
}
if (token == null || string.IsNullOrWhiteSpace(token.token) || token.expireAt <= DateTime.UtcNow)
{
token = await CreateToken();
}
List<Player> players = new List<Player>();
var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:42045/api/player");
var client = _clientFactory.CreateClient();
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token.token);
HttpResponseMessage response = await client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead);
if (response.StatusCode == System.Net.HttpStatusCode.OK)
{
var apiString = await response.Content.ReadAsStringAsync();
players = JsonConvert.DeserializeObject<List<Player>>(apiString);
}
return View(players);
}
这是WeatherForecast
controller 中的CreateToken
方法
[HttpGet]
public ActionResult<string> Get()
{
var rng = new Random();
var weathers = Enumerable.Range(1, 5).Select(index => new WeatherForecast
{
Date = DateTime.Now.AddDays(index),
TemperatureC = rng.Next(-20, 55),
Summary = Summaries[rng.Next(Summaries.Length)]
});
return Ok(new {
expireAt = DateTime.UtcNow.AddMinutes(15), token = CreateToken()
});
}
public string CreateToken()
{
var key = new SymmetricSecurityKey(System.Text.Encoding.ASCII.GetBytes(_configuration
.GetSection("AppSettings:Token").Value));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
var token = new JwtSecurityToken(
claims: new List<Claim>
{
new Claim("firstName", "Ahmad"),
new Claim("lastName", "Zooghii")
},
signingCredentials: creds,
expires: DateTime.UtcNow.AddMinutes(15)
);
return new JwtSecurityTokenHandler().WriteToken(token);
}
添加services.AddHttpClient();
在 startup.cs
而这段代码在 controller 中:
private readonly IHttpClientFactory _httpClientFactory;
public HomeController(IHttpClientFactory httpClientFactory)
{
_httpClientFactory = httpClientFactory;
}
public async Task<IActionResult> IndexAsync()
{
var httpClient = _httpClientFactory.CreateClient();
var token = "your_token";
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
HttpResponseMessage response = await httpClient.GetAsync("your_url");
return View();
}
======================Cors 政策========================
在 startup.cs -> ConfigureServices
方法中添加以下代码
services.AddCors(options =>
{
options.AddPolicy(name: "mypolicy",
builder =>
{
builder.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin();
});
});
添加app.UseCors("mypolicy");
在 startup.cs -> Configure
app.UseRouting();
线。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.