我有多种身份验证方案,以避免Identity Server和Azure Active Directory提供的令牌
public void ConfigureServices(IServiceCollection services)
{
//...
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = "https://localhost:5000/";
options.Audience = "api1";
options.Events = new JwtBearerEvents
{
OnTokenValidated = async context =>
{
TokenValidated(context);
},
OnAuthenticationFailed = context =>
{
context.Fail("error");
return Task.CompletedTask;
}
};
})
.AddJwtBearer(AzureADDefaults.BearerAuthenticationScheme, options =>
{
options.Audience = myAudience;
options.Authority = "https://login.microsoftonline.com/" + TenantId;
options.Events = new JwtBearerEvents
{
OnTokenValidated = async context =>
{
TokenValidated(context);
},
OnAuthenticationFailed = context =>
{
context.Fail("error");
return Task.CompletedTask;
}
};
});
}
我有一个用于授权API控制器的属性:
public void OnAuthorization(AuthorizationFilterContext context)
{
if (context.Filters.Any(item => item is IAllowAnonymousFilter))
{
return;
}
if (!isAuthorized(context))
{
//...
}
}
我的问题是执行的方式。如果我发送带有ADD提供的令牌的请求,则该请求首先到达第一个Bearer并转到OnAuthenticationFailed,因为它不是IS提供的。然后,执行转到OnAuthorization(),然后返回到第二个AddJwtBearer并输入OnTokenValidated()。
在执行属性的OnAuthorize之前,我需要解决第二个身份验证问题。
我该怎么做?