我有一个应用程序,其中我在jwt令牌中使用身份,并且我必须通过api验证令牌。所以我写了一个自定义的授权过滤器,但是它抛出了
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException
我假设如果过滤器是从AuthorizeAttribute继承的,并且请求具有Authorization标头,则它将尝试验证令牌。我做错了什么还是应该使用动作过滤器? 这是过滤器:
public class AuthFilter : AuthorizeAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationFilterContext context)
{
if (context.HttpContext.Request.Headers.ContainsKey("Authorization"))
{
var jwtToken = context.HttpContext.Request.Headers["Authorization"].ToString();
jwtToken = jwtToken.Replace("Bearer ", "");
try
{
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(@"urlToCheck");
request.Method = "GET";
request.Headers[HttpRequestHeader.Authorization] = jwtToken;
request.Headers.Add("Access-Control-Allow-Credentials", "true");
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
var resp = string.Empty;
using (var sr = new StreamReader(response.GetResponseStream()))
resp = sr.ReadToEnd();
context.Result = new RedirectResult(context.HttpContext.Request.Path);
response.Close();
}
catch (Exception ex)
{
throw ex;
}
}
}
}