在Asp.net Web服务中集成JWT

时间:2014-03-04 12:31:29

标签: asp.net-mvc authentication asp.net-web-api jwt

有人可以告诉我如何将JavaScript集成到默认的Web API项目中。

Here is the library

他们只是解释了如何使用NuGet安装库以及如何生成令牌。但是现在我如何将它与基于身份验证的系统集成?

到目前为止我的实施:

public class WebApiApplication : System.Web.HttpApplication
{
    protected void Application_Start()
    {
        AreaRegistration.RegisterAllAreas();
        GlobalConfiguration.Configure(WebApiConfig.Register);
        FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
        RouteConfig.RegisterRoutes(RouteTable.Routes);
        BundleConfig.RegisterBundles(BundleTable.Bundles);
        GlobalConfiguration.Configuration.Filters.Add(new **AuthFilterAttribute()**);
    }
}   


   public class TokenAuthenticationAttribute : System.Web.Http.Filters.ActionFilterAttribute
{
    public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        // In auth web method you should implement functionality of authentication
        // so that client app could be able to get token
        if (actionContext.Request.RequestUri.AbsolutePath.Contains("api/auth"))
        {
            return;
        }

        // Receive token from the client. Here is the example when token is in header:
        var token = **actionContext.Request.Headers["Token"];**

        // Put your secret key into the configuration
        var secretKey = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk";

        try
        {
            string jsonPayload = JWT.JsonWebToken.Decode(token, secretKey);
        }
        catch (JWT.SignatureVerificationException)
        {
            throw new HttpResponseException(HttpStatusCode.Unauthorized);
        }
    }
}

1 个答案:

答案 0 :(得分:2)

实施TokenAuthenticationAttribute并在全球注册:

Global.asax注册

GlobalConfiguration.Configuration.Filters.Add(new TokenAuthenticationAttribute());

<强> TokenAuthenticationAttribute 

public class TokenAuthenticationAttribute : System.Web.Http.Filters.ActionFilterAttribute
{
    public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        // In auth web method you should implement functionality of authentication
        // so that client app could be able to get token
        if (actionContext.Request.RequestUri.AbsolutePath.Contains("api/auth"))
        {
            return;
        }

        // Receive token from the client. Here is the example when token is in header:
        var token = actionContext.Request.Headers["Token"];

        // Put your secret key into the configuration
        var secretKey = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk";

        try
        {
            string jsonPayload = JWT.JsonWebToken.Decode(token, secretKey);
        }
        catch (JWT.SignatureVerificationException)
        {
            throw new HttpResponseException(HttpStatusCode.Unauthorized);
        }    
    }
}
相关问题
最新问题