我假设您要运行两个单独的ASP.NET应用程序。
您可以验证以下请求
WebApi
通过向
AuthServer
.
您可以创建一个自定义属性,它将完成此工作。
在WebApi项目中:
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.Primitives;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Security.Claims;
using System.Threading.Tasks;
namespace YourNamespace
{
public class YourCustomAttribute : TypeFilterAttribute
{
public YourCustomAuthAttribute(
: base(typeof(AuthFilter))
{
Arguments = new object[] {
// arguments gets passed to AuthFilter contructor,
};
}
}
public class AuthFilter : IAsyncAuthorizationFilter
{
private static readonly HttpClient http = new HttpClient();
public AuthFilter()
{
}
//Change it to fit your logic
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
var authorizationHeader = context.HttpContext.Request.Headers["Authtorization"];
if (authorizationHeader == StringValues.Empty)
{
context.Result = new UnauthorizedResult();
}
else
{
var response = await http.GetAsync(
"your AuthServer address/login/?token=" + authorizationHeader.ToString(),
HttpCompletionOption.ResponseHeadersRead //because we want only status code
);
if (response.StatusCode != System.Net.HttpStatusCode.OK)
{
context.Result = new ForbidResult();
}
}
}
}
}
假设您在
LoginController
在AuthServer项目中
[HttpGet]
public IActionResult ValidateToken(string token)
{
//your logic here
}
[Authorize]
.
也可以查看这个链接(我用了一些代码)
https://www.red-gate.com/simple-talk/dotnet/net-development/jwt-authentication-microservices-net/
演示了如何手动验证Jwt令牌。
Startup.cs
:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("AllowAllHeaders",
builder =>
{
builder.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod();
});
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, IServiceProvider serviceProvider)
{
app.UseCors("AllowAllHeaders");
}
