.NET Core API 中的自定义授权过滤器 [英] Custom Authorization Filter in .NET Core API

问题描述

我想在使用我的核心 api 访问任何数据之前授权用户，所以我尝试使用 JWT 身份验证.我在使用 api 登录用户时成功生成了令牌并将该令牌保存在会话中的客户端，现在每当用户想要使用 api 访问任何数据时，我都会将该令牌发送到 api 中，并且我想验证该 JWT 令牌使用自定义授权过滤器.我创建了自定义授权过滤器并将其应用于我的 GetMenu api，我能够成功验证该令牌，但在授权过滤器中进行令牌验证后，它没有在我的 GetMenu api 上命中它.

I want to authorize users before accessing any data using my core api, so I tried is using JWT authentication. I have successfully generated token while signing in user using api and saved that token on client side in session, now whenever user wants to access any data using api, I'll send that token in header to api and I want to validate that JWT token using custom authorization filter. I have created custom authorization filter and applied it on my GetMenu api and I'm able to validate that token successfully but after token validation in authorization filter it is not hitting it on my GetMenu api.

这是我的 AccountController 代码:

[Filters.Authorization]
[AllowAnonymous]
[HttpPost]
[Route("GetMenu")]
public IActionResult GetMenu(string clientid, int rolecode, string repcode)
{
    //further process
}

这是我的过滤器.授权代码:

public class Authorization: AuthorizeAttribute, IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationFilterContext filterContext)
    {
        if (!ValidateToken(filterContext.HttpContext.Request.Headers["token"]))
        {
            filterContext.Result = new UnauthorizedResult();
        }
    }
}

我在 OnAuthorization 方法和 GetMenu api 上设置了断点.我正在通过邮递员调用我的 GetMenu api 进行测试，它成功地在 Filters.Authorization 中的 OnAuthorization 方法上点击它并验证我的 JWT 令牌并在邮递员中显示状态代码:200 但在成功令牌验证后，它应该进一步点击 GetMenu api数据处理，但它没有命中.可能是什么问题?我错过了什么?请帮忙.

I have breakpoints on OnAuthorization method and on GetMenu api. I'm calling my GetMenu api through postman to test, it is successfully hitting it on OnAuthorization method in Filters.Authorization and validating my JWT Token and displays Status Code: 200 in postman but after successful token validation it should hit on GetMenu api for further data processing but it is not hitting. What can be the issue? what am i missing? please help.

推荐答案

如果请求授权成功，则不应设置 filterContext.Result.

You should not set the filterContext.Result if the request is successfully authorize.

//
// Summary:
//     A context for authorization filters i.e. Microsoft.AspNetCore.Mvc.Filters.IAuthorizationFilter
//     and Microsoft.AspNetCore.Mvc.Filters.IAsyncAuthorizationFilter implementations.
public class AuthorizationFilterContext : FilterContext
{
    //
    // Summary:
    //     Gets or sets the result of the request. Setting Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext.Result
    //     to a non-null value inside an authorization filter will short-circuit the remainder
    //     of the filter pipeline.
    public virtual IActionResult Result { get; set; }
}

您只需要在失败时设置Result.

You only need to set Result when it's failed.

public class Authorization: AuthorizeAttribute, IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationFilterContext filterContext)
    {
        if (!ValidateToken(filterContext.HttpContext.Request.Headers["token"]))
        {
            filterContext.Result = new UnauthorizedResult();
        }
    }
}

这篇关于.NET Core API 中的自定义授权过滤器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！