ASP.NET 具有自定义身份验证类型的核心 JWT
ASP.NET Core JWT with Custom Authentication Type
有没有办法为 HTTP 授权配置身份验证类型 header?例如:“Token”而不是“Bearer”?
考虑以下激活身份验证并使用名为“令牌”的自定义方案配置 JWT 的扩展方法:
let jwtScheme = "Token"
type IServiceCollection with
member this.AddJwtAuthentication (JwtSecret jwtSecret : JwtSecret) =
this.AddAuthentication(jwtScheme)
.AddJwtBearer(jwtScheme, jwtScheme, fun jwt ->
jwt.RequireHttpsMetadata <- false
jwt.SaveToken <- true
let key = Encoding.ASCII.GetBytes jwtSecret
let validationParams = TokenValidationParameters()
validationParams.IssuerSigningKey <- SymmetricSecurityKey(key)
validationParams.ValidateIssuerSigningKey <- true
validationParams.ValidateIssuer <- false
validationParams.ValidateAudience <- false
jwt.TokenValidationParameters <- validationParams)
|> ignore
this
此请求(使用 Bearer 身份验证类型)已处理 成功:
GET /user HTTP/1.1
Host: https://localhost:5001/api
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9zaWQiOiIxIiwibmFtZWlkIjoicGltIiwibmJmIjoxNTk0NzUxMTA1LCJleHAiOjE1OTUzNTU5MDUsImlhdCI6MTU5NDc1MTEwNX0.G3P7JR97rKG9ckX9UD0kHtZ8sNWOKYsJDrFY5bz3RqE
未处理此请求(使用 Token 身份验证类型)成功:
GET /user HTTP/1.1
Host: https://localhost:5001/api
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Authorization: Token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9zaWQiOiIxIiwibmFtZWlkIjoicGltIiwibmJmIjoxNTk0NzUxMTA1LCJleHAiOjE1OTUzNTU5MDUsImlhdCI6MTU5NDc1MTEwNX0.G3P7JR97rKG9ckX9UD0kHtZ8sNWOKYsJDrFY5bz3RqE
解决方案是插入 JwtBearerEvents 并删除 Token 前缀(如果存在):
this.AddAuthentication(jwtScheme)
.AddJwtBearer(jwtScheme, fun jwt ->
let events = JwtBearerEvents()
events.OnMessageReceived <- (fun ctx ->
let authHeader = ctx.HttpContext.Request.Headers.["Authorization"].ToArray()
match Array.tryHead authHeader with
| None -> ()
| Some header ->
match header.StartsWith("Token ", StringComparison.OrdinalIgnoreCase) with
| false -> ()
| true ->
ctx.Token <- header.Substring("Token ".Length).Trim()
Task.CompletedTask)
jwt.Events <- events
// Rest of options ...)
|> ignore
有没有办法为 HTTP 授权配置身份验证类型 header?例如:“Token”而不是“Bearer”?
考虑以下激活身份验证并使用名为“令牌”的自定义方案配置 JWT 的扩展方法:
let jwtScheme = "Token"
type IServiceCollection with
member this.AddJwtAuthentication (JwtSecret jwtSecret : JwtSecret) =
this.AddAuthentication(jwtScheme)
.AddJwtBearer(jwtScheme, jwtScheme, fun jwt ->
jwt.RequireHttpsMetadata <- false
jwt.SaveToken <- true
let key = Encoding.ASCII.GetBytes jwtSecret
let validationParams = TokenValidationParameters()
validationParams.IssuerSigningKey <- SymmetricSecurityKey(key)
validationParams.ValidateIssuerSigningKey <- true
validationParams.ValidateIssuer <- false
validationParams.ValidateAudience <- false
jwt.TokenValidationParameters <- validationParams)
|> ignore
this
此请求(使用 Bearer 身份验证类型)已处理 成功:
GET /user HTTP/1.1
Host: https://localhost:5001/api
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9zaWQiOiIxIiwibmFtZWlkIjoicGltIiwibmJmIjoxNTk0NzUxMTA1LCJleHAiOjE1OTUzNTU5MDUsImlhdCI6MTU5NDc1MTEwNX0.G3P7JR97rKG9ckX9UD0kHtZ8sNWOKYsJDrFY5bz3RqE
未处理此请求(使用 Token 身份验证类型)成功:
GET /user HTTP/1.1
Host: https://localhost:5001/api
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Authorization: Token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9zaWQiOiIxIiwibmFtZWlkIjoicGltIiwibmJmIjoxNTk0NzUxMTA1LCJleHAiOjE1OTUzNTU5MDUsImlhdCI6MTU5NDc1MTEwNX0.G3P7JR97rKG9ckX9UD0kHtZ8sNWOKYsJDrFY5bz3RqE
解决方案是插入 JwtBearerEvents 并删除 Token 前缀(如果存在):
this.AddAuthentication(jwtScheme)
.AddJwtBearer(jwtScheme, fun jwt ->
let events = JwtBearerEvents()
events.OnMessageReceived <- (fun ctx ->
let authHeader = ctx.HttpContext.Request.Headers.["Authorization"].ToArray()
match Array.tryHead authHeader with
| None -> ()
| Some header ->
match header.StartsWith("Token ", StringComparison.OrdinalIgnoreCase) with
| false -> ()
| true ->
ctx.Token <- header.Substring("Token ".Length).Trim()
Task.CompletedTask)
jwt.Events <- events
// Rest of options ...)
|> ignore