使用VS 2017 .Net 4.5.2
我有以下课程
public static class MyHttpClient
{
//fields
private static Lazy<Task<HttpClient>> _Client = new Lazy<Task<HttpClient>>(async () =>
{
var client = new HttpClient();
await InitClient(client).ConfigureAwait(false);
return client;
});
//properties
public static Task<HttpClient> ClientTask => _Client.Value;
//methods
private static async Task InitClient(HttpClient client)
{
//resey headers
client.DefaultRequestHeaders.Clear();
//Set base URL, NOT thread safe, which is why this method is only accessed via lazy initialization
client.BaseAddress = new Uri(ConfigurationManager.AppSettings["baseAddress"]);//TODO: get from web.config? File? DB?
//create new request to obtain auth token
var request = new HttpRequestMessage(HttpMethod.Post, "/ouath2/token"); //TODO: get from web.config? File? DB? prob consts
//Encode secret and ID
var byteArray = new UTF8Encoding().GetBytes($"{ConfigurationManager.AppSettings["ClientId"]}:{ConfigurationManager.AppSettings["ClientSecret"]}");
//Form data
var formData = new List<KeyValuePair<string, string>>();
formData.Add(new KeyValuePair<string, string>("grant_type", "refresh_token"));
formData.Add(new KeyValuePair<string, string>("refresh_token", ConfigurationManager.AppSettings["RefreshToken"]));
//set content and headers
request.Content = new FormUrlEncodedContent(formData);
request.Headers.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(byteArray));
//make request
var result = await HttpPost(request, client).ConfigureAwait(false);
//set bearer token
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", (string)result.access_token);
//TODO: error handle
}
private static async Task<dynamic> HttpPost(HttpRequestMessage formData, HttpClient client)
{
using (var response = await client.SendAsync(formData).ConfigureAwait(false))
{
response.EnsureSuccessStatusCode();//TODO: handle this
return await response.Content.ReadAsAsync<dynamic>().ConfigureAwait(false);
}
}
}
仍在进行中,但我遇到了障碍。
如果令牌只需要在应用程序生命周期中获取一次,这样可以正常工作,但是我正在谈论的API使用短期承载令牌(15分钟)。
由于我使用HttpClient作为静态来重用,我无法更改默认请求标头,因为它们不是线程安全的。但是我需要每15分钟申请一次承载令牌。
如何获得新的持有者令牌并在此特定情况下设置默认标头?
答案 0 :(得分:2)
更新:添加了SemaphoreSlim以“锁定”刷新事务
免责声明:未经测试,可能需要进行一些调整
注意1:信号量需要在try / catch / finaly块中,以确保在发生错误时释放。
注意2:此版本将对刷新令牌调用进行排队,这会在负载较高时显着降低性能。要解决此问题;使用bool指示器检查是否发生了刷新。这可能是一个静态的bool,例如
目标是仅在需要时使用刷新令牌。固定的时间间隔对您没有帮助,因为有一天,这个时间间隔可能会改变。处理此问题的正确方法是在403发生时重试。
您可以使用HttpClientHandler来处理您的HttpClient。
覆盖SendAsync,以处理并重试403。
为此,您需要constructor of httpclient:
从我的(半)头顶部,它必须是这样的:
HttpMessageHandler
public class MyHttpMessageHandler : HttpMessageHandler
{
private SemaphoreSlim sem = new SemaphoreSlim(1);
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var response = await base.SendAsync(request, cancellationToken);
//test for 403 and actual bearer token in initial request
if (response.StatusCode == HttpStatusCode.Unauthorized &&
request.Headers.Where(c => c.Key == "Authorization")
.Select(c => c.Value)
.Any(c => c.Any(p => p.StartsWith("Bearer"))))
{
//going to request refresh token: enter or start wait
await sem.WaitAsync();
//some typical stuff
var pairs = new List<KeyValuePair<string, string>>
{
new KeyValuePair<string, string>("grant_type", "refresh_token"),
new KeyValuePair<string, string>("refresh_token", yourRefreshToken),
new KeyValuePair<string, string>("client_id", yourApplicationId),
};
//retry do to token request
using ( var refreshResponse = await base.SendAsync(
new HttpRequestMessage(HttpMethod.Post,
new Uri(new Uri(Host), "Token"))
{
Content = new FormUrlEncodedContent(pairs)
}, cancellationToken))
{
var rawResponse = await refreshResponse.Content.ReadAsStringAsync();
var x = JsonConvert.DeserializeObject<RefreshToken>(rawResponse);
//new tokens here!
//x.access_token;
//x.refresh_token;
//to be sure
request.Headers.Remove("Authorization");
request.Headers.Add("Authorization", "Bearer " + x.access_token);
//headers are set, so release:
sem.Release();
//retry actual request with new tokens
response = await base.SendAsync(request, cancellationToken);
}
}
return response;
}
}
}
发送示例,使用SendAsync(也可能是GetAsync)等。
public async Task<int> RegisterAsync(Model model)
{
var response = await YourHttpClient
.SendAsync(new HttpRequestMessage(HttpMethod.Post, new Uri(BaseUri, "api/Foo/Faa"))
{
Content = new StringContent(
JsonConvert.SerializeObject(model),
Encoding.UTF8, "application/json")
});
var result = await response.Content.ReadAsStringAsync();
return 0;
}