我一直关注this文章,以在.net Core 3 Web服务中实现基于令牌的授权。
我希望能够在每个操作/控制器上方添加一个TokenAuthorization属性,在调用该操作时需要访问令牌。
我创建了一个设置块来包含一个可以检查的访问令牌:
"AuthorizationSettings": {
"AccessToken": "MY_TOKEN"
}
我的StartUp.cs具有依赖项_authorizationSettings,并使用以下代码添加授权:
private readonly AuthorizationSettings _authorizationSettings;
public StartUp(AuthorizationSettings authorizationSettings)
{
_authorizationSettings = authorizationSettings;
}
public void ConfigureService(IServiceCollection services)
{
services.AddAuthorization(options =>
options.AddPolicy("TokenRequired", policy =>
policy.Requirements.Add(new TokenAuthorizationRequirement(_authorizationSettings.AccessToken))));
}
public class TokenAuthorizationRequirement: IAuthorizationRequirement
{
private string AccessToken { get; set; }
public TokenAuthorizationRequirement(string accessToken)
{
AccessToken = accessToken;
}
}
在我的AccessTokenAuthorizationHandler中,我想将与请求一起发送的访问令牌与TokenAuthorizationRequirement上的访问令牌进行比较,但似乎无法处理当前请求。
public class TokenAuthorizationHandler : AuthorizationHandler<TokenAuthorizationRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, TokenAuthorizationRequirement requirement)
{
//HOw to check the accesstoken in the request with the one in the requirement?
}
}