自定义 AuthenticationHandler 在 Asp.Net Core 3 中不工作
Custom AuthenticationHandler not working in Asp.Net Core 3
我不确定 Asp.Net 核心 2.2 是否会发生同样的情况,但当我升级到最新的 Asp.net 核心 3 版本时会发生这种情况。所以,我的问题是我创建了一个自定义 AuthenticationHandler,如下所示:
public class PlatformAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
public PlatformAuthenticationHandler(
IOptionsMonitor<AuthenticationSchemeOptions> options,
ILoggerFactory logger,
UrlEncoder encoder,
ISystemClock clock)
: base(options, logger, encoder, clock)
{
}
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
var sessionTokenStr = Request.Headers[Headers.SessionToken];
var userTokenStr = Request.Headers[Headers.UserToken];
if (string.IsNullOrEmpty(sessionTokenStr) ||
Guid.TryParse(sessionTokenStr, out var sessionToken))
{
return AuthenticateResult.Fail("Session token should be present and in GUID format");
}
if (string.IsNullOrEmpty(userTokenStr) ||
Guid.TryParse(userTokenStr, out var userToken))
{
return AuthenticateResult.Fail("User token should be present and in GUID format");
}
//... and so on...
}
}
在我的启动过程中 class 我注册身份验证如下:
collection.AddAuthentication(PlatformScheme.HeaderScheme)
.AddScheme<AuthenticationSchemeOptions, PlatformAuthenticationHandler>(PlatformScheme.HeaderScheme, null);
collection.AddAuthorization();
还有配置方法:
public void Configure(
IApplicationBuilder app)
{
app.UseDeveloperExceptionPage();
app.UseMiddleware<ErrorHandlerMiddleware>();
app.UseCors();
//app.UseMiddleware<SessionBuilderMiddleware>();
app.UseCoreFoundation();//custom library
app.UseStaticFiles();
app.UseStatusCodePages();
app.UseAuthentication();
app.UseAuthorization();
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/PlatformApi/swagger.json", "Platform Api");
c.RoutePrefix = "";
});
}
我有一个简单的操作如下:
[HttpGet(UrlPath + "claims")]
[Authorize]
public Task<IDictionary<string, object>> GetClaims(bool refresh)
{
return _authenticationProvider.GetClaimsAsync(refresh);
}
在调试时我可以看到我 return AuthenticateResult.Fail("Session token should be present and in GUID format"); 并且下一步它进入 GetClaims 方法。为什么会这样? - 如果我 return 处理程序失败,那不是应该阻止我之后访问该方法吗?
你的中间件顺序有问题
app.UseRouting();
app.UseCors();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints => {
endpoints.MapControllers();
});
UseAuthentication() 和 UseAuthorization() 应放在 UseRouting() 之后和 UseEndpoints() 之前,如 docs.
中所述
我不确定 Asp.Net 核心 2.2 是否会发生同样的情况,但当我升级到最新的 Asp.net 核心 3 版本时会发生这种情况。所以,我的问题是我创建了一个自定义 AuthenticationHandler,如下所示:
public class PlatformAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
public PlatformAuthenticationHandler(
IOptionsMonitor<AuthenticationSchemeOptions> options,
ILoggerFactory logger,
UrlEncoder encoder,
ISystemClock clock)
: base(options, logger, encoder, clock)
{
}
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
var sessionTokenStr = Request.Headers[Headers.SessionToken];
var userTokenStr = Request.Headers[Headers.UserToken];
if (string.IsNullOrEmpty(sessionTokenStr) ||
Guid.TryParse(sessionTokenStr, out var sessionToken))
{
return AuthenticateResult.Fail("Session token should be present and in GUID format");
}
if (string.IsNullOrEmpty(userTokenStr) ||
Guid.TryParse(userTokenStr, out var userToken))
{
return AuthenticateResult.Fail("User token should be present and in GUID format");
}
//... and so on...
}
}
在我的启动过程中 class 我注册身份验证如下:
collection.AddAuthentication(PlatformScheme.HeaderScheme)
.AddScheme<AuthenticationSchemeOptions, PlatformAuthenticationHandler>(PlatformScheme.HeaderScheme, null);
collection.AddAuthorization();
还有配置方法:
public void Configure(
IApplicationBuilder app)
{
app.UseDeveloperExceptionPage();
app.UseMiddleware<ErrorHandlerMiddleware>();
app.UseCors();
//app.UseMiddleware<SessionBuilderMiddleware>();
app.UseCoreFoundation();//custom library
app.UseStaticFiles();
app.UseStatusCodePages();
app.UseAuthentication();
app.UseAuthorization();
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/PlatformApi/swagger.json", "Platform Api");
c.RoutePrefix = "";
});
}
我有一个简单的操作如下:
[HttpGet(UrlPath + "claims")]
[Authorize]
public Task<IDictionary<string, object>> GetClaims(bool refresh)
{
return _authenticationProvider.GetClaimsAsync(refresh);
}
在调试时我可以看到我 return AuthenticateResult.Fail("Session token should be present and in GUID format"); 并且下一步它进入 GetClaims 方法。为什么会这样? - 如果我 return 处理程序失败,那不是应该阻止我之后访问该方法吗?
你的中间件顺序有问题
app.UseRouting();
app.UseCors();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints => {
endpoints.MapControllers();
});
UseAuthentication() 和 UseAuthorization() 应放在 UseRouting() 之后和 UseEndpoints() 之前,如 docs.