我在asp.net Web Api中使用JWT默认行为进行身份验证, 下面是oAuthProvider类中的代码:
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var emailAddress = context.UserName;
var password = context.Password;
User user = DbContext.User.Where(m => m.EmailAddress == emailAddress && m.IsDeleted == false).FirstOrDefault();
if (user != null)
{
string encryptedPassword = CryptoUtility.GetPasswordHash(password, user.SaltKey);
if (encryptedPassword == user.Password)
{
if (user.IsActive)
{
var claims = new List<Claim>()
{
new Claim(ClaimTypes.Sid, Convert.ToString(user.Id)),
new Claim(ClaimTypes.Name, user.FullName),
new Claim(ClaimTypes.Email, user.EmailAddress)
};
ClaimsIdentity oAuthIdentity = new ClaimsIdentity(claims,
DefaultAuthenticationTypes.ExternalBearer);
var properties = CreateProperties(user.FullName);
var ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
}
else
{
context.SetCustomError(JsonConvert.SerializeObject(new CommonModel()
{
StatusCode = (int)ApiStatus.AccountDisabled,
Message = "Sorry your account is inactive. Please contact your administrator",
Data = new { }
}));
}
}
else
{
context.SetCustomError(JsonConvert.SerializeObject(new CommonModel()
{
StatusCode = (int)ApiStatus.InvalidCredentials,
Message = "The user name or password is incorrect",
Data = new { }
}));
}
}
return Task.FromResult<object>(null);
}
我已经尝试了许多方法,但是无法从上述方法调用中更改JWT响应。 我得到的结果是这样的(在JWT中是默认设置),
{
"access_token": "eyJef4AiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9zaWQiOiIxIiwidW5pcXVlX25hbWUiOiJTYW12ZWRhbmEgVHJ1c3QiLCJlbWFpbCI6ImFkbWluQGRyY3N5c3RlbXMuY29tIiwiaXNzIjoiaHR0cDovL2NybS5zYW12ZWRhbmEub3JnLmluIiwiYXVkIjoiQW55IiwiZXhwIjoxNTM2MzA4OTg1LCJuYmYiOjE1MzYyMjI1ODV9.xBKt-WxVTzDyg1kYoynXGzDU-gl0l3vp9zeAQyHLPdE",
"token_type": "bearer",
"expires_in": 86399,
"userName": "Demo 1",
".issued": "Thu, 06 Sep 2018 08:29:45 GMT",
".expires": "Fri, 07 Sep 2018 08:29:45 GMT"
}
如何更改回复!