C# .NETCore2.2中的自定义JWT令牌验证
我正在尝试使用自定义验证来验证JWT令牌。令牌是在我自己的API之外的另一个API中生成的,但我有一种方法可以根据服务对其进行验证 我不知道缺少了什么。。。我不断得到401代码,即使我的验证是正确的 编辑:添加了令牌验证参数,并添加了关于令牌验证的精度 以下是我目前的代码: Startup.csC# .NETCore2.2中的自定义JWT令牌验证,c#,.net,asp.net-core,jwt,customization,C#,.net,Asp.net Core,Jwt,Customization,我正在尝试使用自定义验证来验证JWT令牌。令牌是在我自己的API之外的另一个API中生成的,但我有一种方法可以根据服务对其进行验证 我不知道缺少了什么。。。我不断得到401代码,即使我的验证是正确的 编辑:添加了令牌验证参数,并添加了关于令牌验证的精度 以下是我目前的代码: Startup.cs services.AddAuthentication(options => { var tokenValidationParameters =
services.AddAuthentication(options =>
{
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
ValidateIssuerSigningKey = false
};
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})//.AddCustomAuthenticationBearer();
.AddJwtBearer(options =>
{
options.SecurityTokenValidators.Clear();
options.SecurityTokenValidators.Add(new CustomJwtSecurityTokenHandler(_configuration));
options.TokenValidationParameters = tokenValidationParameters;
options.SaveToken = false;
options.Events = new JwtBearerEvents
{
OnTokenValidated = context =>
{
context.Success();
return Task.CompletedTask;
}
};
});
public void Configure(IApplicationBuilder app, IHostingEnvironment env, IApiVersionDescriptionProvider provider)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
//else
//{
// // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
// app.UseHsts();
//}
//app.UseHttpsRedirection();
app.UseAuthentication();
app.UseMvc();
app.UseSwagger();
app.UseSwaggerUI(options =>
{
foreach (var description in provider.ApiVersionDescriptions)
{
options.SwaggerEndpoint($"/swagger/{description.GroupName}/swagger.json", description.GroupName.ToUpperInvariant());
}
});
}
CustomJwtSecurityTokenHandler
public class CustomJwtSecurityTokenHandler : ISecurityTokenValidator
{
public bool CanValidateToken => true;
public int MaximumTokenSizeInBytes { get; set; } = TokenValidationParameters.DefaultMaximumTokenSizeInBytes;
private readonly JwtSecurityTokenHandler _tokenHandler;
private readonly string _fcAuthUrl;
public CustomJwtSecurityTokenHandler(IConfiguration configuration)
{
_tokenHandler = new JwtSecurityTokenHandler();
_fcAuthUrl = configuration["Authentication:BaseUri"];
}
public bool CanReadToken(string securityToken)
{
return _tokenHandler.CanReadToken(securityToken);
}
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters,
out SecurityToken validatedToken)
{
var jwt = _tokenHandler.ReadJwtToken(securityToken);
var accessToken = jwt.Claims.FirstOrDefault(c => c.Type == "auth_token")?.Value;
if (accessToken == null)
{
validatedToken = null;
return null;
}
var task = IsTokenValid(accessToken);
task.Wait();
if (task.Result)
{
validatedToken = new JsonWebToken(securityToken);
return new ClaimsPrincipal();
}
validatedToken = null;
return null;
}
private async Task<bool> IsTokenValid(string accessToken)
{
// My validation here
// Simple http call to authentication service to validate token
}
}
公共类CustomJwtSecurityTokenHandler:ISecurityTokenValidator
{
公共bool CanValidateToken=>true;
public int MaximumTokenSizeInBytes{get;set;}=TokenValidationParameters.DefaultMaximumTokenSizeInBytes;
私有只读JwtSecurityTokenHandler\u tokenHandler;
私有只读字符串\u fcAuthUrl;
公共CustomJwtSecurityTokenHandler(IConfiguration配置)
{
_tokenHandler=新的JwtSecurityTokenHandler();
_fcAuthUrl=配置[“身份验证:BaseUri”];
}
public bool CanReadToken(字符串securityToken)
{
return\u tokenHandler.CanReadToken(securityToken);
}
public ClaimsPrincipal ValidateToken(字符串securityToken、TokenValidationParameters、validationParameters、,
out SecurityToken validatedToken(已验证完毕)
{
var jwt=_tokenHandler.ReadJwtToken(securityToken);
var accessToken=jwt.Claims.FirstOrDefault(c=>c.Type==“auth_token”)?.Value;
if(accessToken==null)
{
validatedToken=null;
返回null;
}
var task=IsTokenValid(accessToken);
task.Wait();
if(task.Result)
{
validatedToken=新的JsonWebToken(securityToken);
返回新的ClaimsPrincipal();
}
validatedToken=null;
返回null;
}
专用异步任务IsTokenValid(字符串accessToken)
{
//我的确认在这里
//对身份验证服务的简单http调用以验证令牌
}
}
以下是我在一次通话中的记录:
2020-02-21 16:12:58.194+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Hosting.Internal.WebHost][Information]请求启动HTTP/1.1 GET
2020-02-21 16:12:58.458+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler][Information]已成功验证令牌
2020-02-21 16:12:58.485+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Routing.EndpointMiddleware][Information]执行端点“NotificationCenter.Api.Controller.TranslationController.GetStandardTranslations(NotificationCenter.Api)”
2020-02-21 16:12:58.522+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker][Information]与“{action=\'GetStandardTranslations\”,controller='Translation\”匹配的路由。在控制器“NotificationCenter.Api.controller.TranslationController”(“NotificationCenter.Api”)上执行签名为“System.Threading.Tasks.Task`1[NotificationCenter.BusinessLogic.DTOs.Responses.TranslationResponsedTo]GetStandardTranslations()的控制器操作
2020-02-21 16:12:58.538+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Authorization.DefaultAuthorizationService][Information]授权失败
2020-02-21 16:12:58.540+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker][Information]在筛选器“Microsoft.AspNetCore.Mvc.Authorization.Authorization.AuthorizeFilter”处对请求的授权失败
2020-02-21 16:12:58.547+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Mvc.ChallengeResult][Information]使用身份验证方案执行ChallengeResult([])
2020-02-21 16:12:58.557+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler][Information]身份验证方案:“承载人”受到质疑
2020-02-21 16:12:58.562+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker][Information]在32.8311ms中执行了操作“NotificationCenter.Api.Controllers.TranslationController.GetStandardTranslations(NotificationCenter.Api)”
2020-02-21 16:12:58.585+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Routing.EndpointMiddleware][Information]执行端点“NotificationCenter.Api.Controller.TranslationController.GetStandardTranslations(NotificationCenter.Api)”
2020-02-21 16:12:58.628+01:00[0HLTMS23C48IQ:00000001][[Microsoft.AspNetCore.Hosting.Internal.WebHost][Information]请求在433.6413ms 401中完成
什么是
tokenValidationParameters
?这非常关键,您还删除了IsTokenValid
的内容,这似乎也是相关的代码。嘿,我添加了相关的代码。IsTokenValid只是对我们的身份验证服务的HTTP调用。什么是tokenValidationParameters
?这非常关键,您还删除了IsTokenValid
的内容,这似乎也是相关的代码。嘿,我添加了相关的代码。IsTokenValid只是对我们的身份验证服务的HTTP调用。