C# 如何避免在ASP.NET Web API 2中验证JWT令牌的样板代码?
我的所有REST API方法都以该代码开头,如下所示:C# 如何避免在ASP.NET Web API 2中验证JWT令牌的样板代码?,c#,asp.net,asp.net-web-api2,jwt,middleware,C#,Asp.net,Asp.net Web Api2,Jwt,Middleware,我的所有REST API方法都以该代码开头,如下所示: [HttpPost] [Route("Login")] public async Task<IHttpActionResult> Login(QueryModel q) { // get JWT Token string form HTTP Header string token = Request.Headers.GetValues("Authorization").FirstOrDefault();
[HttpPost]
[Route("Login")]
public async Task<IHttpActionResult> Login(QueryModel q)
{
// get JWT Token string form HTTP Header
string token = Request.Headers.GetValues("Authorization").FirstOrDefault();
// decode token
string json = Jose.JWT.Decode(token, JWTModel.secretForAccessToken);
JWTModel jwt = JsonConvert.DeserializeObject<JWTModel>(json);
// check if issued from my homepage.
if (!jwt.iss.Equals("my-home-page.com"))
{
return Content(
HttpStatusCode.Unauthorized,
"access token is not from here"
);
}
// check if it has valid about time
long now = (long)DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1)).TotalSeconds;
if (jwt.iat > now || jwt.exp < now)
{
// request refresh token
return Content(
HttpStatusCode.Unauthorized,
"outdated access token"
);
}
/* ... */
}
[HttpPost]
[路线(“登录”)]
公共异步任务登录(QueryModel q)
{
//从HTTP头获取JWT令牌字符串
字符串标记=Request.Headers.GetValues(“授权”).FirstOrDefault();
//解码令牌
字符串json=Jose.JWT.Decode(token,JWTModel.secretForAccessToken);
JWTModel jwt=JsonConvert.DeserializeObject(json);
//检查是否从我的主页发布。
如果(!jwt.iss.Equals(“my home page.com”))
{
返回内容(
HttpStatusCode。未经授权,
“访问令牌不是从这里来的”
);
}
//检查是否有关于时间的有效信息
long now=(long)DateTime.UtcNow.Subtract(new DateTime(1970,1,1)).TotalSeconds;
如果(jwt.iat>now | | jwt.exp(在Node.js中,我可以使用所谓的中间件来解决它。)我建议您查看
DelegatingHandler我建议您查看
DelegatingHandler我不使用OWIN,但DelegatingHandler看起来很酷。我要马上把它应用到我的代码上!我将报告结果。我终于通过使用
DelegatingHandlerDelegatingHandler