更改Nginx中的标头名称(用于基本身份验证)或Aspnetcore(用于JWT)

时间:2018-10-26 06:12:24

标签: nginx asp.net-core jwt

我遇到了一个难题。我的问题是我在jwt中使用asp.net core 2.0网站。当JWT传递令牌时,它具有标头名称作为Authentication,现在我需要添加Nginx的HTTP Basic Auth,它也使用相同的标头。登录后Nginx显示403,因为它覆盖了标题。

我需要尽可能更改JWT标头或Nginx标头。

2 个答案:

答案 0 :(得分:1)

我的问题已解决

您需要设置重写OnMessageReceived事件:

https://github.com/aspnet/AspNetCore/issues/3728

答案 1 :(得分:0)

我在Startup.ConfigureServices中解决了这个问题

[[1 2 3] 
 [4 5 6] 
 [7 8 9]]

然后在Startup.Configure 

var appSettings = appSettingsSection.Get<AppSettings>();
        var key = Encoding.ASCII.GetBytes(appSettings.Secret);
        services.AddAuthentication(x =>
        {
            x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        })

        .AddJwtBearer(x =>
        {
            x.Events = new JwtBearerEvents()
            {
                OnMessageReceived = context =>
                {
                    var header = context.HttpContext.Request.Headers["custom-header"].ToString();

                    if (!string.IsNullOrEmpty(header) && header.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
                    {
                        context.Token = header.Substring("Bearer ".Length).Trim();
                    }

                    return Task.CompletedTask;
                }
            };
            x.RequireHttpsMetadata = false;
            x.SaveToken = true;
            x.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(key),
                ValidateIssuer = false,
                ValidateAudience = false
            };
        });
相关问题
最新问题