Fatal编程技术网
  • csharp/
  • C# .NETCore2.2中的自定义JWT令牌验证

C# .NETCore2.2中的自定义JWT令牌验证

c# .net asp.net-core jwt

C# .NETCore2.2中的自定义JWT令牌验证,c#,.net,asp.net-core,jwt,customization,C#,.net,Asp.net Core,Jwt,Customization,我正在尝试使用自定义验证来验证JWT令牌。令牌是在我自己的API之外的另一个API中生成的,但我有一种方法可以根据服务对其进行验证 我不知道缺少了什么。。。我不断得到401代码,即使我的验证是正确的 编辑:添加了令牌验证参数,并添加了关于令牌验证的精度 以下是我目前的代码: Startup.cs services.AddAuthentication(options => { var tokenValidationParameters =

我正在尝试使用自定义验证来验证JWT令牌。令牌是在我自己的API之外的另一个API中生成的,但我有一种方法可以根据服务对其进行验证

我不知道缺少了什么。。。我不断得到401代码,即使我的验证是正确的

编辑:添加了令牌验证参数,并添加了关于令牌验证的精度

以下是我目前的代码:

Startup.cs

services.AddAuthentication(options =>
            {
               var tokenValidationParameters = new TokenValidationParameters
               {
                   ValidateIssuer = false,
                   ValidateAudience = false,
                   ValidateIssuerSigningKey = false
               };

                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            })//.AddCustomAuthenticationBearer();

                .AddJwtBearer(options =>
            {
                options.SecurityTokenValidators.Clear();
                options.SecurityTokenValidators.Add(new CustomJwtSecurityTokenHandler(_configuration));
                options.TokenValidationParameters = tokenValidationParameters;
                options.SaveToken = false;
                options.Events = new JwtBearerEvents
                {
                    OnTokenValidated = context =>
                    {
                        context.Success();
                        return Task.CompletedTask;
                    }
                };
            });

public void Configure(IApplicationBuilder app, IHostingEnvironment env, IApiVersionDescriptionProvider provider)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            //else
            //{
            //    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
            //    app.UseHsts();
            //}

            //app.UseHttpsRedirection();
            app.UseAuthentication();
            app.UseMvc();

            app.UseSwagger();
            app.UseSwaggerUI(options =>
            {
                foreach (var description in provider.ApiVersionDescriptions)
                {
                    options.SwaggerEndpoint($"/swagger/{description.GroupName}/swagger.json", description.GroupName.ToUpperInvariant());
                }
            });
        }
CustomJwtSecurityTokenHandler

public class CustomJwtSecurityTokenHandler : ISecurityTokenValidator
    {
        public bool CanValidateToken => true;
        public int MaximumTokenSizeInBytes { get; set; } = TokenValidationParameters.DefaultMaximumTokenSizeInBytes;

        private readonly JwtSecurityTokenHandler _tokenHandler;
        private readonly string _fcAuthUrl;

        public CustomJwtSecurityTokenHandler(IConfiguration configuration)
        {
            _tokenHandler = new JwtSecurityTokenHandler();
            _fcAuthUrl = configuration["Authentication:BaseUri"];
        }

        public bool CanReadToken(string securityToken)
        {
            return _tokenHandler.CanReadToken(securityToken);
        }

        public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters,
            out SecurityToken validatedToken)
        {
            var jwt = _tokenHandler.ReadJwtToken(securityToken);
            var accessToken = jwt.Claims.FirstOrDefault(c => c.Type == "auth_token")?.Value;

            if (accessToken == null)
            {
                validatedToken = null;
                return null;
            }

            var task = IsTokenValid(accessToken);
            task.Wait();
            if (task.Result)
            {
                validatedToken = new JsonWebToken(securityToken);
                return new ClaimsPrincipal();
            }

            validatedToken = null;
            return null;
        }

        private async Task<bool> IsTokenValid(string accessToken)
        {
            // My validation here
            // Simple http call to authentication service to validate token
        }
    }

公共类CustomJwtSecurityTokenHandler:ISecurityTokenValidator
{
公共bool CanValidateToken=>true;
public int MaximumTokenSizeInBytes{get;set;}=TokenValidationParameters.DefaultMaximumTokenSizeInBytes;
私有只读JwtSecurityTokenHandler\u tokenHandler;
私有只读字符串\u fcAuthUrl;
公共CustomJwtSecurityTokenHandler(IConfiguration配置)
{
_tokenHandler=新的JwtSecurityTokenHandler();
_fcAuthUrl=配置[“身份验证:BaseUri”];
}
public bool CanReadToken(字符串securityToken)
{
return\u tokenHandler.CanReadToken(securityToken);
}
public ClaimsPrincipal ValidateToken(字符串securityToken、TokenValidationParameters、validationParameters、,
out SecurityToken validatedToken(已验证完毕)
{
var jwt=_tokenHandler.ReadJwtToken(securityToken);
var accessToken=jwt.Claims.FirstOrDefault(c=>c.Type==“auth_token”)?.Value;
if(accessToken==null)
{
validatedToken=null;
返回null;
}
var task=IsTokenValid(accessToken);
task.Wait();
if(task.Result)
{
validatedToken=新的JsonWebToken(securityToken);
返回新的ClaimsPrincipal();
}
validatedToken=null;
返回null;
}
专用异步任务IsTokenValid(字符串accessToken)
{
//我的确认在这里
//对身份验证服务的简单http调用以验证令牌
}
}
以下是我在一次通话中的记录:

2020-02-21 16:12:58.194+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Hosting.Internal.WebHost][Information]请求启动HTTP/1.1 GET

2020-02-21 16:12:58.458+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler][Information]已成功验证令牌

2020-02-21 16:12:58.485+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Routing.EndpointMiddleware][Information]执行端点“NotificationCenter.Api.Controller.TranslationController.GetStandardTranslations(NotificationCenter.Api)”

2020-02-21 16:12:58.522+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker][Information]与“{action=\'GetStandardTranslations\”,controller='Translation\”匹配的路由。在控制器“NotificationCenter.Api.controller.TranslationController”(“NotificationCenter.Api”)上执行签名为“System.Threading.Tasks.Task`1[NotificationCenter.BusinessLogic.DTOs.Responses.TranslationResponsedTo]GetStandardTranslations()的控制器操作

2020-02-21 16:12:58.538+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Authorization.DefaultAuthorizationService][Information]授权失败

2020-02-21 16:12:58.540+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker][Information]在筛选器“Microsoft.AspNetCore.Mvc.Authorization.Authorization.AuthorizeFilter”处对请求的授权失败

2020-02-21 16:12:58.547+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Mvc.ChallengeResult][Information]使用身份验证方案执行ChallengeResult([])

2020-02-21 16:12:58.557+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler][Information]身份验证方案:“承载人”受到质疑

2020-02-21 16:12:58.562+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker][Information]在32.8311ms中执行了操作“NotificationCenter.Api.Controllers.TranslationController.GetStandardTranslations(NotificationCenter.Api)”

2020-02-21 16:12:58.585+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Routing.EndpointMiddleware][Information]执行端点“NotificationCenter.Api.Controller.TranslationController.GetStandardTranslations(NotificationCenter.Api)”

2020-02-21 16:12:58.628+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Hosting.Internal.WebHost][Information]请求在433.6413ms 401中完成

什么是
tokenValidationParameters
?这非常关键,您还删除了
IsTokenValid
的内容,这似乎也是相关的代码。嘿,我添加了相关的代码。IsTokenValid只是对我们的身份验证服务的HTTP调用。什么是
tokenValidationParameters
?这非常关键,您还删除了
IsTokenValid
的内容,这似乎也是相关的代码。嘿,我添加了相关的代码。IsTokenValid只是对我们的身份验证服务的HTTP调用。