-6ren">
gpt4 book ai didi

c# - ASP.Net Core JWT token 验证

转载 作者:行者123 更新时间:2023-12-04 10:04:45 24 4
gpt4 key购买 nike

我需要验证我在请求中收到的多个 token ,我遵循以下代码流

services.AddAuthentication()
.AddJwtBearer("Token1", options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = Issuer,
ValidateAudience = true,
ValidAudience = Audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Key)),
};
options.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
var Token = context.Request.Headers["UserCred1"].ToString();
context.Token = Token;
return Task.CompletedTask;
},
};
})
.AddJwtBearer("Token2", options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = Issuer,
ValidateAudience = true,
ValidAudience = Audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Key)),
};
options.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
var Token = context.Request.Headers["UserCred2"].ToString();
context.Token = Token;
return Task.CompletedTask;
},
};
});
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("Token1", "Token2")
.Build();
});

以上代码用作 OR 条件,例如 Token1 或 Token 2 身份验证有效然后返回成功。但对我来说,只有当“Token1”和“Token2”都有效时,我才需要考虑成功。

请让我知道你的想法。

最佳答案

But for me I need to consider success only when both "Token1" AND, "Token2" are valid.



为了验证这两个 token ,您可以编写一个自定义中间件来检查 Startup.cs 中的身份验证。

更改如下:

配置服务:
services.AddAuthentication()
.AddJwtBearer("Token1", options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = "YourValidIssuser",
ValidateAudience = true,
ValidAudience = "YourValidAudience",
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("YourIssuerSiningKey")),
};
options.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
var Token = context.Request.Headers["UserCred1"].ToString();
context.Token = Token;
return Task.CompletedTask;
},
};
})
.AddJwtBearer("Token2", options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = "YourValidIssuer",
ValidateAudience = true,
ValidAudience = "YourValidAudience",
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("YourIssuerSiningKey")),
};
options.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
var Token = context.Request.Headers["UserCred2"].ToString();
context.Token = Token;
return Task.CompletedTask;
},
};
});

配置:
app.Use(async (context, next) =>
{
var principal = new ClaimsPrincipal();

var result1 = await context.AuthenticateAsync("Token1");
if (!result1.Succeeded)
{
context.Response.StatusCode = 401;
return;
}

if (result1?.Principal != null)
{
principal.AddIdentities(result1.Principal.Identities);
}

var result2 = await context.AuthenticateAsync("Token2");
if (!result2.Succeeded)
{
context.Response.StatusCode = 401;
return;
}
if (result2?.Principal != null)
{
principal.AddIdentities(result2.Principal.Identities);
}

context.User = principal;
await next();
});

关于c# - ASP.Net Core JWT token 验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61646001/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com