我是asp核心的新手.我正在尝试使用jwt身份验证和来自Google,Facebook等的OpenOauth来制作小型Web服务.
I'm new to asp core. I'm trying to make a small web service using jwt authentication and OpenOauth from Google , Facebook, ...
我已经阅读了这篇文章: stormpath/blog/token-authentication-asp-net-core
I've read this post : stormpath/blog/token-authentication-asp-net-core
这篇文章是关于在ASP.Net核心中使用jwt进行身份验证的,但是,我还想验证用户是否在系统中被禁用或处于活动状态.
This post is about authenticating with jwt in ASP.Net core, but, I also want to verify whether the user is disabled or active in my system.
我的数据库有一个包含4列的表:Id,名称,密码,状态(0-禁用| 1-有效).
My db has one table with 4 columns: Id, Name, Password, Status (0 - Disabled | 1 - Active).
我如何归档我的目标?
有人可以帮我吗?
P/S:我已经在google中搜索了asp中有关jwt的完整教程,但是内容很少.赞赏用于身份验证流程的完整源代码.
P/S : I've searched google for complete tutorials about jwt in asp but there were so little. Full source code for authentication flow is appreciated.
推荐答案我测试了三种方法(它们有效,但我不知道哪种方法正确).
There are three way i tested(they worked, but i don't know which one is correct way).
首先使用OnTokenValidated事件:
OnTokenValidated = async (ctx) => { if(user is disabled) { ctx.Response.Headers.Append( HeaderNames.WWWAuthenticate, ctx.Options.Challenge); ctx.SkipToNextMiddleware(); } }第二个在jwt中间件之后使用Use方法:
Second is using Use method after jwt middleware:
app.Use(async (context, next) => { var auth = await context.Authentication.AuthenticateAsync("Bearer"); if (auth.Identity.IsAuthenticated && user is disabled) { context.Response.Headers.Append( HeaderNames.WWWAuthenticate, "Bearer"); } await next(); });最后一次使用SecurityTokenValidators:
public class CustomSecurityTokenValidator : JwtSecurityTokenHandler { public CustomSecurityTokenValidator() { } public override ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken) { var principal = base.ValidateToken(securityToken, validationParameters, out validatedToken); if(user is disabled) { throw new SecurityTokenNotYetValidException(); } else { return principal; } } } ..... in Startup.cs ........... var options = new JwtBearerOptions() { //.... } options.SecurityTokenValidators.Clear(); options.SecurityTokenValidators.Add(new CustomTokenValidator()); app.UseJwtBearerAuthentication(options);更多推荐
承载令牌WEB API asp.net核心,无需重定向
发布评论