我使用jwt令牌在我的应用程序上实现身份验证系统。
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = _configuration["Jwt:Issuer"],
ValidAudience = _configuration["Jwt:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Jwt:Token"]))
};
});
services.AddAuthorization();
控制器:
[HttpGet("info"), Authorize]
public async Task<JsonResult> Get()
{
return (await _userManager.FindByIdAsync(HttpContext?.User?.FindFirst(ClaimTypes.NameIdentifier)?.Value));
}
工作正常!但知道我想检查每个请求,如果用户仍然有效和/或活跃。 我不想添加策略,因为我想对每个请求进行此检查。你有什么想法?
尝试1:
services.AddAuthorization(option =>
option.DefaultPolicy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().AddRequirements( new ValidUserRequirement() ).Build()
);
#
public class ValidUserRequirement : IAuthorizationRequirement
{
public ValidUserRequirement()
{
}
}
public class ValidUserHandler : AuthorizationHandler<ValidUserRequirement>
{
private static IUserManager _userManager;
public ValidUserHandler(IUserManager userManager)
{
_userManager = userManager;
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, ValidUserRequirement requirement)
{
var userId = context.User.FindFirstValue( ClaimTypes.NameIdentifier );
var user = await _userManager.GetUserAsync(userId);
if(user != null)
{
context.Succeed(requirement);
}
}
}
但是我的ValidUserHandler从未调用过,响应始终是403。
答案 0 :(得分:0)
解决方案是将其添加到ConfigureService:
services.AddTransient<IAuthorizationHandler, ValidUserHandler>();