具有JWT授权的自定义中间件-IsAuthenticated = False

时间:2019-09-29 10:02:48

标签: c# asp.net asp.net-core asp.net-web-api

我编写了一个小的中间件代码(asp.net核心v2.2 + c#),该代码在执行对服务器的调用后运行,并且如果用户通过了身份验证,则运行一些逻辑。由于是WebAPI-身份验证是通过使用Bearer令牌完成的。

中间件的外观如下:

D

问题在于,即使请求已成功通过服务验证,表达式C仍会返回public class MyMiddleware { private readonly RequestDelegate _next; public MyMiddleware(RequestDelegate next) { _next = next; } public async Task Invoke(HttpContext httpContext) { await _next(httpContext).ConfigureAwait(false); // calling next middleware if (httpContext.User.Identity.IsAuthenticated) // <==================== Allways false { // Do my logics } } } // Extension method used to add the middleware to the HTTP request pipeline. public static class MyMiddlewareExtensions { public static IApplicationBuilder UseMyMiddleware(this IApplicationBuilder builder) { return builder.UseMiddleware<MyMiddleware>(); } }

我的httpContext.User.Identity.IsAuthenticated

false

我还检查了Startup.cs对象是否包含public void Configure(IApplicationBuilder app, IHostingEnvironment env) { // ... app.UseAuthentication(); app.UseRequestLocalization(new RequestLocalizationOptions { DefaultRequestCulture = new RequestCulture("en-US"), // Formatting numbers, dates, etc. SupportedCultures = new[] { new CultureInfo("en-US") }, // UI strings that we have localized. SupportedUICultures = supportedCultures, }); app.UseMvc(); app.UseMyMiddleware(ConfigurationManager.ApplicationName); } public void ConfigureServices(IServiceCollection services) { // ... services.AddAuthentication().AddJwtBearer(options => { // ... }); } 标头,并且确实如此。

为什么httpContext.Request对象似乎是未经授权的请求?

1 个答案:

答案 0 :(得分:1)

这是一个简单的演示,如下所示:

1。生成令牌:

[Route("api/[controller]")]
[ApiController]
public class LoginController : Controller
{
    private IConfiguration _config;

    public LoginController(IConfiguration config)
    {
        _config = config;
    }
    [AllowAnonymous]
    [HttpPost]
    public IActionResult Login([FromBody]UserModel login)
    {
        IActionResult response = Unauthorized();
        var user = AuthenticateUser(login);

        if (user != null)
        {
           var tokenString = GenerateJSONWebToken(user);
            response = Ok(new { token = tokenString });
        }

        return response;
    }

    private string GenerateJSONWebToken(UserModel userInfo)
    {
        var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
        var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
        var claims = new List<Claim>{
            new Claim(JwtRegisteredClaimNames.Sub, userInfo.Username),
            new Claim(JwtRegisteredClaimNames.Email, userInfo.EmailAddress),
            new Claim("DateOfJoing", userInfo.DateOfJoing.ToString("yyyy-MM-dd")),
            new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
        };
        var token = new JwtSecurityToken(_config["Jwt:Issuer"],
          _config["Jwt:Issuer"],
          claims: claims,
          expires: DateTime.Now.AddMinutes(30),
          signingCredentials: credentials);
        return new JwtSecurityTokenHandler().WriteToken(token);
    }
    private UserModel AuthenticateUser(UserModel login)
    {
        UserModel user = null;
        //Validate the User Credentials  
        //Demo Purpose, I have Passed HardCoded User Information  
        if (login.Username == "Jignesh")
        {
            user = new UserModel { Username = "Jignesh Trivedi", EmailAddress = "test.btest@gmail.com" };
        }
        return user;
    }
}

enter image description here 2.Startup.cs:

public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options =>
            {
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = true,
                    ValidateAudience = true,
                    ValidateLifetime = true,
                    ValidateIssuerSigningKey = true,
                    ValidIssuer = Configuration["Jwt:Issuer"],
                    ValidAudience = Configuration["Jwt:Issuer"],
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"]))
                };
            });
        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        //...
        app.UseMyMiddleware();

        app.UseAuthentication();
        app.UseHttpsRedirection();
        app.UseMvc();
    }

3.custom MyMiddleware(与您的相同)

4。授权api:

[HttpGet]
[Authorize]
public ActionResult<IEnumerable<string>> Get()
    {
        return new string[] { "High Time1", "High Time2", "High Time3", "High Time4", "High Time5" };                    
    }

5。结果: enter image description here

相关问题
最新问题