您的位置: 首页  >  技术问答  >  Handle AuthorizeAttribute答案

Handle AuthorizeAttribute答案

分类: 技术问答 2022-07-06 12:19:24
问题描述:

我确实创建了自定义AuthorizeAttribute,它应该能够处理Jwt不记名的令牌,但问题是 - 现在我收到所有答案,包括200和401在Ok状态,我应该如何更改以便接收正确的http状态码?下面是如何AuthorizeAttribute样子:Handle AuthorizeAttribute答案

public class JwtAuthorizeAttribute : AuthorizeAttribute 
    { 
     private readonly string role; 

     public JwtAuthorizeAttribute() 
     { 
     } 

     public JwtAuthorizeAttribute(string role) 
     { 
      this.role = role; 
     } 

     protected override bool IsAuthorized(HttpActionContext actionContext) 
     { 
      var jwtToken = new JwtToken(); 
     string json = String.Empty; 
     var ctx = actionContext.Request.GetRequestContext(); 
     if (ctx.Principal.Identity.IsAuthenticated) return true; 
     if (actionContext.Request.Headers.Contains("Authorization")) 
     { 
      try 
      { 
       IJsonSerializer serializer = new JsonNetSerializer(); 
       IDateTimeProvider provider = new UtcDateTimeProvider(); 
       IJwtValidator validator = new JwtValidator(serializer, provider); 
       IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); 
       IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); 
       json = decoder.Decode(actionContext.Request.Headers.Authorization.Parameter, SiteGlobal.Secret, verify: true); 
       jwtToken = JsonConvert.DeserializeObject<JwtToken>(json); 
       if (jwtToken.aud != SiteGlobal.Audience || jwtToken.iss != SiteGlobal.Issuer || role != jwtToken.role) 
       { 
        return false; 
       } 
      } 
      catch (TokenExpiredException) 
      { 
       return false; 
      } 
      catch (SignatureVerificationException) 
      { 
       return false; 
      } 
     } 
     else 
     { 
      return false; 
     } 
     var identity = new ClaimsIdentity("JWT"); 
     identity.AddClaim(new Claim(ClaimTypes.Name, jwtToken.unique_name)); 
     identity.AddClaim(new Claim(ClaimTypes.Role, jwtToken.role)); 
     identity.AddClaim(new Claim("user_id", jwtToken.user_id.ToString())); 
     actionContext.Request.GetRequestContext().Principal = new ClaimsPrincipal(identity); 
     return true; 
     } 
    }

这是怎么控制的样子:

[JwtAuthorize("Admin")] 
[HttpGet] 
[ResponseType(typeof(CatalogueListDto))] 
public async Task<IHttpActionResult> Get() 
    { 
    var result = await _catalogueService.GetCatalogues(); 
    if (result == null) return BadRequest(ActionAnswer.Failed.CatalogueNotFound); 
    return Ok(result); 
    }
+0

你是什么意思“在控制器中处理它”?关键是不必在控制器中处理它。 – Crowcoder

+0

@Crowcoder,问题是我收到错误信息在好的状态,而不是我想收到适当的服务器状态。 –

+1

您可能想要编辑该问题以包含错误,发生了什么以及发生了什么问题。 – Crowcoder

我按照过去一些教程也有类似的属性。如果授权,我没有回复真实,但我返回这个:

return base.IsAuthorized(actionContext);

也许这是值得一检查,如果这会返回您正确的状态代码。

相关推荐