如何从 JWT 令牌 .NET 4.5 读取声明
How to read Claims from JWT Token .NET 4.5
我无法从 Bearer JWT 令牌中读取令牌声明。登录正常,http 请求带有一个有效的 jwt 令牌到后端。
该应用程序在 IIS7 上自行托管。
这是我在服务器端的代码:
SecurityConfig.cs
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromHours(24),
Provider = new AuthorizationServerProvider() ,
AccessTokenFormat = new JwtFormat(TimeSpan.FromHours(24))
});
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
AuthorizationServerProvider.cs
ClaimsIdentity id = new ClaimsIdentity(context.Options.AuthenticationType);
id.AddClaim(new Claim(InosysClaimTypes.UserId, Convert.ToString(appContext.UserId)));
id.AddClaim(new Claim(InosysClaimTypes.Username, context.UserName));
id.AddClaim(new Claim(InosysClaimTypes.Password, context.Password));
id.AddClaim(new Claim(InosysClaimTypes.FirNr, Convert.ToString(appContext.FirmenNummer)));
id.AddClaim(new Claim(InosysClaimTypes.FirNdl, Convert.ToString(appContext.Niederlassung)));
id.AddClaim(new Claim(InosysClaimTypes.Bereich, Convert.ToString(appContext.Bereich)));
id.AddClaim(new Claim(InosysClaimTypes.Sprache, Convert.ToString(appContext.Sprache)));
id.AddClaim(new Claim(InosysClaimTypes.SchiffNummern, appContext.SchiffNummern == null ? "" : string.Join(",", appContext.SchiffNummern)));
id.AddClaim(new Claim(InosysClaimTypes.Geschaeftsjahr, Convert.ToString(appContext.Geschaeftsjahr)));
var principal = new ClaimsPrincipal(id);
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
context.Validated(id);
在 ApiController 中,我尝试像这样获取调用者的有效负载信息:
ClaimsIdentity identity = User.Identity as ClaimsIdentity;
if (identity != null)
{
appContext.UserId = Convert.ToInt32(identity.FindFirst(InosysClaimTypes.UserId).Value);
appContext.Username = identity.FindFirst(InosysClaimTypes.Username).Value;
}
即调试的身份变量:
identity
我不知道你的 AuthorizationServerProvider.cs 出了什么问题,
但是从您在请求中提供 jwt 令牌的那一刻起 header 我认为它会以这种方式工作。
我在接受 JWT 授权的每个控制器上使用 AuthorizeAttribute 处理 Header 以设置请求的当前委托人。
public class JwtAuthentication : AuthorizeAttribute
{
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var authHeader=actionContext.Request.Headers.Authorization;
if (authHeader!=null&& !String.IsNullOrWhiteSpace(authHeader.Parameter))
System.Threading.Thread.CurrentPrincipal = JwtAuthenticationHandler.GetPrincipal(authHeader.Parameter);
return ClientAuthorize.Authorize(Roles);
}
}
用法
[JwtAuthentication(Roles = "User")]
public class ChatBotController : ApiController
{}
请注意,我在 visual studio 2017 年从线程中读取当前主体时遇到了一些问题。
如果您仍然遇到问题,您可能会看看。
ClaimsPrincipal.Current Visual Studio 2017 different behavior
我需要做的就是在 JWTFormat 中实现取消保护功能 class
public AuthenticationTicket Unprotect(string protectedText)
{
try
{
var handler = new JwtSecurityTokenHandler();
AppContext = new AppContext(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString)
{
EventLogPriority = Properties.Settings.Default.EventLogPriority
};
SecurityToken validToken;
_validationParameters.IssuerSigningKey = new SymmetricSecurityKey(TextEncodings.Base64Url.Decode(Secret));
ClaimsPrincipal principal = handler.ValidateToken(protectedText, _validationParameters, out validToken);
var validJwt = validToken as JwtSecurityToken;
if (validJwt == null)
{
throw new ArgumentException("Invalid JWT");
}
ClaimsIdentity identity = principal.Identities.FirstOrDefault();
return new AuthenticationTicket(identity, new AuthenticationProperties());
}
catch (SecurityTokenException ex)
{
var msg = new HttpResponseMessage(HttpStatusCode.Unauthorized) { ReasonPhrase = "Access Token is manipulated" };
throw new HttpResponseException(msg);
}
}
我无法从 Bearer JWT 令牌中读取令牌声明。登录正常,http 请求带有一个有效的 jwt 令牌到后端。 该应用程序在 IIS7 上自行托管。 这是我在服务器端的代码:
SecurityConfig.cs
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromHours(24),
Provider = new AuthorizationServerProvider() ,
AccessTokenFormat = new JwtFormat(TimeSpan.FromHours(24))
});
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
AuthorizationServerProvider.cs
ClaimsIdentity id = new ClaimsIdentity(context.Options.AuthenticationType);
id.AddClaim(new Claim(InosysClaimTypes.UserId, Convert.ToString(appContext.UserId)));
id.AddClaim(new Claim(InosysClaimTypes.Username, context.UserName));
id.AddClaim(new Claim(InosysClaimTypes.Password, context.Password));
id.AddClaim(new Claim(InosysClaimTypes.FirNr, Convert.ToString(appContext.FirmenNummer)));
id.AddClaim(new Claim(InosysClaimTypes.FirNdl, Convert.ToString(appContext.Niederlassung)));
id.AddClaim(new Claim(InosysClaimTypes.Bereich, Convert.ToString(appContext.Bereich)));
id.AddClaim(new Claim(InosysClaimTypes.Sprache, Convert.ToString(appContext.Sprache)));
id.AddClaim(new Claim(InosysClaimTypes.SchiffNummern, appContext.SchiffNummern == null ? "" : string.Join(",", appContext.SchiffNummern)));
id.AddClaim(new Claim(InosysClaimTypes.Geschaeftsjahr, Convert.ToString(appContext.Geschaeftsjahr)));
var principal = new ClaimsPrincipal(id);
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
context.Validated(id);
在 ApiController 中,我尝试像这样获取调用者的有效负载信息:
ClaimsIdentity identity = User.Identity as ClaimsIdentity;
if (identity != null)
{
appContext.UserId = Convert.ToInt32(identity.FindFirst(InosysClaimTypes.UserId).Value);
appContext.Username = identity.FindFirst(InosysClaimTypes.Username).Value;
}
即调试的身份变量: identity
我不知道你的 AuthorizationServerProvider.cs 出了什么问题, 但是从您在请求中提供 jwt 令牌的那一刻起 header 我认为它会以这种方式工作。
我在接受 JWT 授权的每个控制器上使用 AuthorizeAttribute 处理 Header 以设置请求的当前委托人。
public class JwtAuthentication : AuthorizeAttribute
{
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var authHeader=actionContext.Request.Headers.Authorization;
if (authHeader!=null&& !String.IsNullOrWhiteSpace(authHeader.Parameter))
System.Threading.Thread.CurrentPrincipal = JwtAuthenticationHandler.GetPrincipal(authHeader.Parameter);
return ClientAuthorize.Authorize(Roles);
}
}
用法
[JwtAuthentication(Roles = "User")]
public class ChatBotController : ApiController
{}
请注意,我在 visual studio 2017 年从线程中读取当前主体时遇到了一些问题。 如果您仍然遇到问题,您可能会看看。 ClaimsPrincipal.Current Visual Studio 2017 different behavior
我需要做的就是在 JWTFormat 中实现取消保护功能 class
public AuthenticationTicket Unprotect(string protectedText)
{
try
{
var handler = new JwtSecurityTokenHandler();
AppContext = new AppContext(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString)
{
EventLogPriority = Properties.Settings.Default.EventLogPriority
};
SecurityToken validToken;
_validationParameters.IssuerSigningKey = new SymmetricSecurityKey(TextEncodings.Base64Url.Decode(Secret));
ClaimsPrincipal principal = handler.ValidateToken(protectedText, _validationParameters, out validToken);
var validJwt = validToken as JwtSecurityToken;
if (validJwt == null)
{
throw new ArgumentException("Invalid JWT");
}
ClaimsIdentity identity = principal.Identities.FirstOrDefault();
return new AuthenticationTicket(identity, new AuthenticationProperties());
}
catch (SecurityTokenException ex)
{
var msg = new HttpResponseMessage(HttpStatusCode.Unauthorized) { ReasonPhrase = "Access Token is manipulated" };
throw new HttpResponseException(msg);
}
}