.net core webapi jwt 更为清爽的认证详解(2)

public class UseJwtMiddleware { private readonly RequestDelegate _next; private JwtConfig _jwtConfig =new JwtConfig(); private IJwt _jwt; public UseJwtMiddleware(RequestDelegate next, IConfiguration configration,IJwt jwt) { _next = next; this._jwt = jwt; configration.GetSection("Jwt").Bind(_jwtConfig); } public Task InvokeAsync(HttpContext context) { if (_jwtConfig.IgnoreUrls.Contains(context.Request.Path)) { return this._next(context); } else { if (context.Request.Headers.TryGetValue(this._jwtConfig.HeadField, out Microsoft.Extensions.Primitives.StringValues authValue)) { var authstr = authValue.ToString(); if (this._jwtConfig.Prefix.Length > 0) { authstr = authValue.ToString().Substring(this._jwtConfig.Prefix.Length+1, authValue.ToString().Length -(this._jwtConfig.Prefix.Length+1)); } if (this._jwt.ValidateToken(authstr, out Dictionary<string, string> Clims)) { foreach (var item in Clims) { context.Items.Add(item.Key, item.Value); } return this._next(context); } else { context.Response.StatusCode = 401; context.Response.ContentType = "application/json"; return context.Response.WriteAsync("{\"status\":401,\"statusMsg\":\"auth vaild fail\"}"); } } else { context.Response.StatusCode = 401; context.Response.ContentType = "application/json"; return context.Response.WriteAsync("{\"status\":401,\"statusMsg\":\"auth vaild fail\"}"); } } } }

7.中间件暴露出去

public static class UseUseJwtMiddlewareExtensions { /// <summary> /// 权限检查 /// </summary> /// <param></param> /// <returns></returns> public static IApplicationBuilder UseJwt(this IApplicationBuilder builder) { return builder.UseMiddleware<UseJwtMiddleware>(); } }

8.在Startup.Configure中使用中间件:

app.UseJwt();

以1的配置为例:

除了请求 /auth/getToken 不需要加头信息外,其他的请求一律要求头信息中必须带着

userless:prefix (从Auth/GetToken中获取到的token)

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wdswfs.html