public async Task Invoke(HttpContext context)
{
try
{
if (!context.Request.Headers.ContainsKey("Authorization"))
{
await _next(context);
}
else
{
string authHeader = context.Request.Headers["Authorization"].FirstOrDefault();
if (!string.IsNullOrEmpty(authHeader))
{
var token = authHeader.Split(' ');
if (token.Length > 1)
{
if (token[0].ToLower() == "bearer")
{
var jwtToken = new JwtSecurityToken(token[1]);
var paloadStr = JSONHelper.Seriallize(jwtToken.Payload);
JObject objs = JsonConvert.DeserializeObject <JObject>(paloadStr);
//颁发机构
if (_jwt.Issuer != objs["iss"].ToString())
{
throw new Exception("Token颁发机构异常");
}
//过期
if (DateTimeExtension.ConvertToCsharpTime(objs["exp"].ToSafeLong()) <= DateTime.Now)
{
throw new Exception("授权已过期");
}
List <Claim> claims = new List <Claim>();
foreach (var property in objs)
{
var claim = new Claim(property.Key.ToString(), property.Value.ToString());
claims.Add(claim);
}
var ci = new ClaimsIdentity();
ci.AddClaims(claims);
context.User.AddIdentity(ci);
await _next(context);
}
else
{
throw new Exception("无法识别的Authorization类型");
}
}
else
{
throw new Exception("Authorization值不符合规范");
}
}
}
}
catch (Exception exp)
{
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
await context.Response.WriteAsync(exp.Message, Encoding.UTF8);
}
}
public static void AddService(this IServiceCollection services, SysConfig systemConfig)
{
WebApiCompatShimMvcBuilderExtensions.AddWebApiConventions(services.AddMvc(opt =>
{
opt.UseCentralRoutePrefix(new RouteAttribute(systemConfig.Name));
}))
.SetCompatibilityVersion(CompatibilityVersion.Version_2_2)
.AddJsonOptions(x =>
{
//设置时间格式
x.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss";
//设置转换属性
//x.SerializerSettings.ContractResolver = new ContractResolverOverload();
});
services.AddCors(opt =>
{
opt.AddPolicy("any", builder =>
{
builder.AllowAnyOrigin() //允许任何来源的主机访问
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();//指定处理cookie
});
});
#region JWT认证
//JWT配置注入
services.Configure <JwtSettings>(opt =>
{
opt.Audience = systemConfig.JwtSettings.Audience;
opt.Expires = systemConfig.JwtSettings.Expires;
opt.Issuer = systemConfig.JwtSettings.Issuer;
opt.PrivateKey = systemConfig.JwtSettings.PrivateKey;
opt.PublicKey = systemConfig.JwtSettings.PublicKey;
opt.Secretkey = systemConfig.JwtSettings.Secretkey;
});
SysConfig systemConfig2 = systemConfig;
services.AddMicroService(systemConfig2);
//TODO 令牌过期后刷新,以及更改密码后令牌未过期的处理问题
services.AddAuthentication(opts =>
{
opts.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
opts.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(opts =>
{
opts.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
var header = context.Request.Headers["Authorization"].FirstOrDefault();
var jwtEntity = JwtEntity.GetJwtEntity(header);
if (jwtEntity != null)
{
if (DateTime.Now > DateTimeExtension.ConvertToCsharpTime(jwtEntity.Exp))
{
context.Fail("token已过期");
}
}
return(Task.CompletedTask);
}
};
opts.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(systemConfig.JwtSettings.Secretkey)),
ValidateIssuer = true,
ValidIssuer = systemConfig.JwtSettings.Issuer,
ValidateAudience = true,
ValidAudience = systemConfig.JwtSettings.Audience,
};
});
#endregion
}