我在asp中创建了自定义身份验证中间件。 净核心项目,并注册如下:
public class MyAuthenticationMidleware { private readonly RequestDelegate _next; public ConnectAuthenticationMidleware(RequestDelegate next) { _next = next; } public async Task Invoke(HttpContext context) { if (!UserIsAuthenticated()) { context.Response.StatusCode = 401; return; } ... await _next.Invoke(context); } } public static class MyAuthenticationMidlewareExtensions { public static IApplicationBuilder UseMyAuthentication(this IApplicationBuilder builder) { return builder.UseMiddleware<MyAuthenticationMidleware>(); } }在初创公司:
public void Configure(...) { app.UseStaticFiles(); app.UseMyAuthentication(); app.UseMvc(); }这工作正常 - 为每个请求运行身份验证中间件。 如果未对用户进行身份验证,则返回401。 否则,将调用特定的mvc操作。
我试图做的是阻止身份验证中间件运行某些特定的操作。 我使用MapWhen方法创建另一个扩展方法并使用它如下:
public static class MyAuthenticationMidlewareExtensions { public static IApplicationBuilder UseMyAuthentication(this IApplicationBuilder builder) { return builder.UseMiddleware<MyAuthenticationMidleware>(); } public static IApplicationBuilder UseMyAuthenticationWhen(this IApplicationBuilder builder, Func<HttpContext, bool> predicate) { return builder.MapWhen(predicate, applicationBuilder => applicationBuilder.UseMyAuthentication()); } } public void Configure(...) { app.UseStaticFiles(); app.UseMyAuthenticationWhen(context => context.Request.Path != "xyz"); app.UseMvc(); }不幸的是,这不能按预期工作。 仅当路径不同于“xyz”时才调用中间件,但似乎它短接整个链 - 没有调用mvc特定的操作或过滤器。
可能我对MapWhen理解不正确。 有没有办法得到我想要的结果?
I created my custom authentication middleware in asp. net core project, and registered it as shown below:
public class MyAuthenticationMidleware { private readonly RequestDelegate _next; public ConnectAuthenticationMidleware(RequestDelegate next) { _next = next; } public async Task Invoke(HttpContext context) { if (!UserIsAuthenticated()) { context.Response.StatusCode = 401; return; } ... await _next.Invoke(context); } } public static class MyAuthenticationMidlewareExtensions { public static IApplicationBuilder UseMyAuthentication(this IApplicationBuilder builder) { return builder.UseMiddleware<MyAuthenticationMidleware>(); } }In Startup:
public void Configure(...) { app.UseStaticFiles(); app.UseMyAuthentication(); app.UseMvc(); }This works correctly - authentication middleware is run for each request. If user is not authenticated, 401 is returned. Otherwise specific mvc action is invoked.
What I tried to do was to prevent the authentication middleware from running for some specific actions. I used MapWhen method to create another extension method and used it as follows:
public static class MyAuthenticationMidlewareExtensions { public static IApplicationBuilder UseMyAuthentication(this IApplicationBuilder builder) { return builder.UseMiddleware<MyAuthenticationMidleware>(); } public static IApplicationBuilder UseMyAuthenticationWhen(this IApplicationBuilder builder, Func<HttpContext, bool> predicate) { return builder.MapWhen(predicate, applicationBuilder => applicationBuilder.UseMyAuthentication()); } } public void Configure(...) { app.UseStaticFiles(); app.UseMyAuthenticationWhen(context => context.Request.Path != "xyz"); app.UseMvc(); }Unfortunately, this doesn't work as expected. The middleware is invoked only when path is different than "xyz", but it seems that it short-circuts the whole chain - no mvc specific actions or filters are invoked.
Probably my understanding of MapWhen is incorrect. Is there any way to get the result I want?
最满意答案
MapWhen用于分隔中间件管道。 如果要将mvc用于branced管道,则需要单独添加。 所以你应该使用.UseMvc(); 在扩展方法如下:
public static IApplicationBuilder UseMyAuthenticationWhen(this IApplicationBuilder builder, Func<HttpContext, bool> predicate) { return builder.MapWhen(predicate, applicationBuilder => { applicationBuilder.UseMyAuthentication(); applicationBuilder.UseMvc(); }); }但是我不会按你的方式去。 对于身份验证中间件,我将在asp.net数据存储的asp.net核心中实现我自己的中间件,如基于简单令牌的身份验证/授权,并使用Authorize属性进行授权mvc操作。
MapWhen is used to seperate middleware pipeline. If you want to use mvc for branced pipeline you need to add separetely. So you should use .UseMvc(); in extension method like below:
public static IApplicationBuilder UseMyAuthenticationWhen(this IApplicationBuilder builder, Func<HttpContext, bool> predicate) { return builder.MapWhen(predicate, applicationBuilder => { applicationBuilder.UseMyAuthentication(); applicationBuilder.UseMvc(); }); }However i wouldn't go with your way. For authentication middleware i would implement my own middleware like Simple token based authentication/authorization in asp.net core for Mongodb datastore and use Authorize attribute for authorization mvc actions.
更多推荐
发布评论