[英]ASP.Net Core JWT Token validation
我需要驗證我在請求中收到的多個令牌,我遵循以下代碼流
services.AddAuthentication()
.AddJwtBearer("Token1", options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = Issuer,
ValidateAudience = true,
ValidAudience = Audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Key)),
};
options.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
var Token = context.Request.Headers["UserCred1"].ToString();
context.Token = Token;
return Task.CompletedTask;
},
};
})
.AddJwtBearer("Token2", options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = Issuer,
ValidateAudience = true,
ValidAudience = Audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Key)),
};
options.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
var Token = context.Request.Headers["UserCred2"].ToString();
context.Token = Token;
return Task.CompletedTask;
},
};
});
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("Token1", "Token2")
.Build();
});
上面的代碼用作 OR 條件,例如 Token1 或 Token 2 身份驗證有效,然后返回成功。 但對我來說,只有當“Token1”和“Token2”都有效時,我才需要考慮成功。
請讓我知道你的想法。
services.AddAuthorization(options =>
{
options.AddPolicy("RequireAllSchemes", policy =>
{
policy.AddAuthenticationSchemes("Token1");
policy.AddAuthenticationSchemes("Token2");
policy.RequireAuthenticatedUser();
policy.RequireAssertion(context =>
{
return context.User.Identities.Count() == 2;
});
});
});
為 controller 指定授權策略
[授權(策略 = “RequireAllSchemes”)] 公共 class 測試控制器:Controller
但對我來說,只有當“Token1”和“Token2”都有效時,我才需要考慮成功。
為了驗證這兩個令牌,您可以編寫一個自定義中間件來檢查 Startup.cs 中的身份驗證。
更改如下:
配置服務:
services.AddAuthentication()
.AddJwtBearer("Token1", options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = "YourValidIssuser",
ValidateAudience = true,
ValidAudience = "YourValidAudience",
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("YourIssuerSiningKey")),
};
options.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
var Token = context.Request.Headers["UserCred1"].ToString();
context.Token = Token;
return Task.CompletedTask;
},
};
})
.AddJwtBearer("Token2", options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = "YourValidIssuer",
ValidateAudience = true,
ValidAudience = "YourValidAudience",
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("YourIssuerSiningKey")),
};
options.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
var Token = context.Request.Headers["UserCred2"].ToString();
context.Token = Token;
return Task.CompletedTask;
},
};
});
配置:
app.Use(async (context, next) =>
{
var principal = new ClaimsPrincipal();
var result1 = await context.AuthenticateAsync("Token1");
if (!result1.Succeeded)
{
context.Response.StatusCode = 401;
return;
}
if (result1?.Principal != null)
{
principal.AddIdentities(result1.Principal.Identities);
}
var result2 = await context.AuthenticateAsync("Token2");
if (!result2.Succeeded)
{
context.Response.StatusCode = 401;
return;
}
if (result2?.Principal != null)
{
principal.AddIdentities(result2.Principal.Identities);
}
context.User = principal;
await next();
});
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.