承载令牌WEB API asp.net核心,无需重定向 [英] Bearer token WEB API asp.net core without redirection
问题描述
我是asp.net核心的新手.我正在尝试使用jwt身份验证和来自Google,Facebook等的OpenOauth来制作小型Web服务.
I'm new to asp.net core. I'm trying to make a small web service using jwt authentication and OpenOauth from Google , Facebook, ...
我已经阅读了这篇文章: https://stormpath.com/blog/token-authentication-asp-net-core
I've read this post : https://stormpath.com/blog/token-authentication-asp-net-core
这篇文章是关于在ASP.Net核心中使用jwt进行身份验证的,但是,我还想验证用户是否在系统中被禁用或处于活动状态.
This post is about authenticating with jwt in ASP.Net core, but, I also want to verify whether the user is disabled or active in my system.
我的数据库有一个包含4列的表:Id,名称,密码,状态(0-禁用| 1-有效).
My db has one table with 4 columns: Id, Name, Password, Status (0 - Disabled | 1 - Active).
我如何归档我的目标?
有人可以帮我吗?
P/S:我已经在google中搜索了asp.net中有关jwt的完整教程,但是内容很少.赞赏用于身份验证流程的完整源代码.
P/S : I've searched google for complete tutorials about jwt in asp.net but there were so little. Full source code for authentication flow is appreciated.
推荐答案
我测试了三种方法(它们有效,但我不知道哪种方法正确).
There are three way i tested(they worked, but i don't know which one is correct way).
首先使用OnTokenValidated
事件:
OnTokenValidated = async (ctx) =>
{
if(user is disabled)
{
ctx.Response.Headers.Append(
HeaderNames.WWWAuthenticate,
ctx.Options.Challenge);
ctx.SkipToNextMiddleware();
}
}
第二个在jwt中间件之后使用Use
方法:
Second is using Use
method after jwt middleware:
app.Use(async (context, next) =>
{
var auth = await context.Authentication.AuthenticateAsync("Bearer");
if (auth.Identity.IsAuthenticated && user is disabled)
{
context.Response.Headers.Append(
HeaderNames.WWWAuthenticate,
"Bearer");
}
await next();
});
最后一次使用SecurityTokenValidators
:
public class CustomSecurityTokenValidator : JwtSecurityTokenHandler
{
public CustomSecurityTokenValidator()
{
}
public override ClaimsPrincipal ValidateToken(string securityToken,
TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
var principal = base.ValidateToken(securityToken, validationParameters, out validatedToken);
if(user is disabled)
{
throw new SecurityTokenNotYetValidException();
}
else
{
return principal;
}
}
}
..... in Startup.cs ...........
var options = new JwtBearerOptions()
{
//....
}
options.SecurityTokenValidators.Clear();
options.SecurityTokenValidators.Add(new CustomTokenValidator());
app.UseJwtBearerAuthentication(options);
这篇关于承载令牌WEB API asp.net核心,无需重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!