我正在将ASP.NET MVC中的旧应用程序升级到具有ASP核心+角7的新版本。在旧应用程序中,我们有一个外部服务调用api,并在URL中发送auth令牌,因为它无法否则。
我拦截它以将令牌注入标头中,如下所示:
public class MvcApplication : System.Web.HttpApplication
{
protected void Application_PreSendRequestHeaders()
{
Response.Headers.Remove("X-Frame-Options");
Response.AddHeader("X-Frame-Options", "AllowAll");
}
private void Application_BeginRequest(object sender, EventArgs e)
{
var header = HttpContext.Current.Request;
var url = HttpContext.Current.Request.Url;
var Params = HttpContext.Current.Request.Params;
if (ReferenceEquals(null, HttpContext.Current.Request.Headers["Authorization"]))
{
var token = HttpContext.Current.Request.Params["access_token"];
if (!String.IsNullOrEmpty(token))
{
HttpContext.Current.Request.Headers.Add("Authorization", "Bearer " + token);
}
}
}
protected void Application_Start()
{
//DashboardConfig.RegisterService(RouteTable.Routes);
DevExtremeBundleConfig.RegisterBundles(BundleTable.Bundles);
C_Interface_Meta.IntialiserBdd();
ViewEngines.Engines.Clear();
ViewEngines.Engines.Add(new RazorViewEngine());
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
GlobalConfiguration.Configure(WebApiConfig.Register);
RouteConfig.RegisterRoutes(RouteTable.Routes);
//GlobalConfiguration.Configure(WebApiConfig.Register);
ASPxWebControl.CallbackError += Application_Error;
BundleConfig.RegisterBundles(BundleTable.Bundles);
DisableApplicationInsightsOnDebug();
}
/// <summary>
/// Disables the application insights locally.
/// </summary>
[Conditional("DEBUG")]
private static void DisableApplicationInsightsOnDebug()
{
TelemetryConfiguration.Active.DisableTelemetry = true;
}
public static void Register(HttpConfiguration config)
{
config.Filters.Add(new PrettyPrintFilterAttribute());
}
protected void Application_Error(object sender, EventArgs e)
{
Exception exception = HttpContext.Current.Server.GetLastError();
if (exception is HttpUnhandledException)
exception = exception.InnerException;
AddToLog(exception.Message, exception.StackTrace);
}
public static void AddToLog(string message, string stackTrace)
{
StringBuilder sb = new StringBuilder();
sb.AppendLine(DateTime.Now.ToLocalTime().ToString());
sb.AppendLine(message);
sb.AppendLine();
sb.AppendLine("Source File: " + HttpContext.Current.Request.RawUrl);
sb.AppendLine();
sb.AppendLine("Stack Trace: ");
sb.AppendLine(stackTrace);
for (int i = 0; i < 150; i++)
sb.Append("-");
sb.AppendLine();
HttpContext.Current.Application["Log"] += sb.ToString();
sb.AppendLine();
}
}
在有角度的ASP核心应用程序中执行此操作的等效方法是什么?经过大量搜索,我什么都没找到。
答案 0 :(得分:1)
OnMessageReceived
来动态设置令牌:public void ConfigureServices(IServiceCollection services)
{
// ...
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options=> {
options.TokenValidationParameters = new TokenValidationParameters{
// ValidIssuer, ValidAudience, IssuerSigningKey , ...
};
options.Events = new JwtBearerEvents() {
OnMessageReceived = async (context) =>{
// get bearer From Header/QueryString as you like
var bearer=context.HttpContext.Request.Query["access_token"].FirstOrDefault();
if(!String.IsNullOrEmpty(bearer)){
context.Token = bearer; // simply set the token
}
},
};
});
// other services ...
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
// register it before other middlewares that rely on this token
app.Use(async(context,next)=>{
var bearer = context.Request.Headers["Authorization"].FirstOrDefault();
if(bearer==null){
bearer=context.Request.Query["access_token"].FirstOrDefault();
if(!String.IsNullOrEmpty(bearer)){
context.Request.Headers.Add("Authorization", "Bearer " + bearer);
}
}
await next();
});
// other middlewares ...
app.UseMvc(...)//
}
答案 1 :(得分:0)
我认为您正在寻找angular interceptors,几乎没有什么共同之处。您想像这样注入令牌:
@Injectable()
export class AuthInterceptor implements HttpInterceptor {
constructor(private auth: AuthService) {}
intercept(req: HttpRequest<any>, next: HttpHandler) {
// Get the auth token from the service.
const authToken = this.auth.getAuthorizationToken();
// Clone the request and replace the original headers with
// cloned headers, updated with the authorization.
const authReq = req.clone({
headers: req.headers.set('Authorization', authToken)
});
// send cloned request with header to the next handler.
return next.handle(authReq);
}
}