private async Task OnChallengeAsync(JwtBearerChallengeContext context)
{
_logger.LogDebug(string.Format(CultureInfo.InvariantCulture, LogMessages.MethodBegin, nameof(OnChallengeAsync)));
await s_onChallenge(context).ConfigureAwait(false);
_logger.LogDebug(string.Format(CultureInfo.InvariantCulture, LogMessages.MethodEnd, nameof(OnChallengeAsync)));
}
private static async Task OnChallengeAsync(JwtBearerChallengeContext context)
{
Debug.WriteLine($"55. Begin {nameof(OnChallengeAsync)}");
await s_onChallenge(context).ConfigureAwait(false);
Debug.WriteLine($"55. End - {nameof(OnChallengeAsync)}");
}
static async Task OnChallenge(JwtBearerChallengeContext context)
{
Debug.WriteLine($"55. Begin {nameof(OnChallenge)}");
await onChallenge(context);
Debug.WriteLine($"55. End - {nameof(OnChallenge)}");
}
static async Task OnChallenge(JwtBearerChallengeContext context)
{
Debug.WriteLine($"55. Begin {nameof(JwtBearerMiddlewareDiagnostics.OnChallenge)}");
await JwtBearerMiddlewareDiagnostics.onChallenge(context);
Debug.WriteLine($"55. End - {nameof(JwtBearerMiddlewareDiagnostics.OnChallenge)}");
}
/// <summary>
/// Returns an error message if the jwt token is missing or the token validation failed.
/// </summary>
/// <param name="arg"></param>
/// <returns></returns>
public static async Task ChallengeFailedResponse(JwtBearerChallengeContext arg)
{
// Important: Skip default error handling!
arg.HandleResponse();
// Check first if response was already handled in AuthenticationFailed()
if (!arg.Response.HasStarted)
{
var error = new MyProblemDetails(arg.HttpContext)
{
Title = "Authentication Error",
Status = StatusCodes.Status401Unauthorized,
Type = "https://www.my-error-portal.com/myproject/401",
ErrorCode = "401"
};
if (string.IsNullOrWhiteSpace(arg.Error))
{
error.Detail = "Authorization header is missing.";
}
else
{
var logger = arg.HttpContext.RequestServices.GetRequiredService <ILogger <JwtEventHelper> >();
logger.LogError($"Authentication failed with error: {arg.Error}.");
error.Detail = $"Authentication failed with error: {arg.Error}.";
}
// Add error message to response
await WriteResponse(error, arg.Response, StatusCodes.Status401Unauthorized);
}
}
/// <summary>
/// Detalle del contexto.
/// </summary>
/// <param name="context">Contexto.</param>
/// <returns>string.</returns>
public static string ToDetails(this JwtBearerChallengeContext context)
{
var sb = new StringBuilder();
if (!string.IsNullOrWhiteSpace(context.Error))
{
sb.Append($"AuthError: {context.Error} |");
}
if (!string.IsNullOrWhiteSpace(context.ErrorDescription))
{
sb.Append($" AuthErrorDescription: {context.ErrorDescription} |");
}
if (!string.IsNullOrWhiteSpace(context.ErrorUri))
{
sb.Append($" AuthErrorUri: {context.ErrorUri} |");
}
if (!string.IsNullOrWhiteSpace(context.Options.Challenge))
{
sb.Append($" WWWAuthenticate: {context.Options.Challenge} |");
}
if (context.AuthenticateFailure != null)
{
sb.Append($" AuthExceptionType: {context.AuthenticateFailure.GetBaseException().GetType().Name} | ");
sb.Append($" AuthExceptionMessage: {context.AuthenticateFailure.Message}");
}
return(sb.ToString());
}
private async Task OnChallengeAsync(JwtBearerChallengeContext context)
{
_logger.LogDebug($"55. Begin {nameof(OnChallengeAsync)}");
await s_onChallenge(context).ConfigureAwait(false);
_logger.LogDebug($"55. End - {nameof(OnChallengeAsync)}");
}
protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
{
AuthenticateResult authenticateResult = await HandleAuthenticateOnceSafeAsync();
JwtBearerChallengeContext eventContext = new JwtBearerChallengeContext(base.Context, base.Scheme, base.Options, properties)
{
AuthenticateFailure = authenticateResult?.Failure
};
if (base.Options.IncludeErrorDetails && eventContext.AuthenticateFailure != null)
{
eventContext.Error = "invalid_token";
eventContext.ErrorDescription = CreateErrorDescription(eventContext.AuthenticateFailure);
}
await Events.Challenge(eventContext);
if (eventContext.Handled)
{
return;
}
base.Response.StatusCode = 401;
if (string.IsNullOrEmpty(eventContext.Error) && string.IsNullOrEmpty(eventContext.ErrorDescription) && string.IsNullOrEmpty(eventContext.ErrorUri))
{
base.Response.Headers.Append(HeaderNames.WWWAuthenticate, base.Options.Challenge);
return;
}
StringBuilder stringBuilder = new StringBuilder(base.Options.Challenge);
if (base.Options.Challenge.IndexOf(' ') > 0)
{
stringBuilder.Append(',');
}
if (!string.IsNullOrEmpty(eventContext.Error))
{
stringBuilder.Append(" error=\"");
stringBuilder.Append(eventContext.Error);
stringBuilder.Append("\"");
}
if (!string.IsNullOrEmpty(eventContext.ErrorDescription))
{
if (!string.IsNullOrEmpty(eventContext.Error))
{
stringBuilder.Append(",");
}
stringBuilder.Append(" error_description=\"");
stringBuilder.Append(eventContext.ErrorDescription);
stringBuilder.Append('"');
}
if (!string.IsNullOrEmpty(eventContext.ErrorUri))
{
if (!string.IsNullOrEmpty(eventContext.Error) || !string.IsNullOrEmpty(eventContext.ErrorDescription))
{
stringBuilder.Append(",");
}
stringBuilder.Append(" error_uri=\"");
stringBuilder.Append(eventContext.ErrorUri);
stringBuilder.Append('"');
}
base.Response.Headers.Append(HeaderNames.WWWAuthenticate, stringBuilder.ToString());
}
public Task Challenge(JwtBearerChallengeContext context)
{
context.Error = "Token not exists";
context.ErrorDescription = "You have to send the token";
context.ErrorUri = context.Request.Path.ToString();
return(Task.FromResult(0));
}
public override Task Challenge(JwtBearerChallengeContext context)
{
if (context.AuthenticateFailure != null)
{
WriteExceptionToHttpResponse(context.HttpContext.Response, ErrorStatusCode.AuthorizationFailed);
context.HandleResponse();
}
return(Task.CompletedTask);
}
/// <summary>
/// Challenges the specified context.
/// </summary>
/// <param name="context">The context.</param>
/// <returns>A task.</returns>
public override Task Challenge(JwtBearerChallengeContext context)
{
this._logger
.ForContext("JWTDebugEvent", "Challenge")
.ForContext("Context", context)
.Debug("JWT Challenge");
return(base.Challenge(context));
}
public override Task Challenge(JwtBearerChallengeContext context)
{
context.Response.StatusCode = StatusCodes.Status200OK;
context.Response.ContentType = "application/json";
var response = Responses.TokenError();
var text = JsonSerializer.Serialize(response, JsonUtils.DefaultOptions());
context.Response.WriteAsync(text);
return(base.Challenge(context));
}
public override Task Challenge(JwtBearerChallengeContext context)
{
if (context.AuthenticateFailure != null)
{
var json = Newtonsoft.Json.JsonConvert.SerializeObject(ErrorStatusCode.AuthorizationFailed.StatusCode);
byte[] bytes = Encoding.UTF8.GetBytes(json);
context.HttpContext.Response.StatusCode = 401;
context.HttpContext.Response.Headers.Add("Content-Type", "application/json");
context.HttpContext.Response.Body.Write(bytes, 0, bytes.Length);
context.HandleResponse();
}
return(Task.CompletedTask);
}
/// <summary>
/// 未授权时调用
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public static Task OnChallenge(JwtBearerChallengeContext context)
{
context.Response.OnStarting(() =>
{
if (context.Response.StatusCode != (int)HttpStatusCode.OK)
{
context.Response.ContentType = "application/json";
context.Response.WriteAsync(JsonConvert.SerializeObject(new { Code = context.Response.StatusCode, Data = false, Message = "无法访问的资源" }));
}
return(Task.CompletedTask);
});
return(Task.CompletedTask);
}
public override Task Challenge(JwtBearerChallengeContext context)
{
if (context.AuthenticateFailure == null && context.Error == "invalid_token")
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
context.Response.ContentType = "application/json";
context.Response.WriteAsync(
Newtonsoft.Json.JsonConvert.SerializeObject(
new CommandResponse(statusCode: StatusCodes.Status401Unauthorized, message: "Unauthorized", null, false)
)
);
}
return(base.Challenge(context));
}
public override Task Challenge(JwtBearerChallengeContext context)
{
context.HandleResponse();
var payload = new JObject
{
["error"] = context.Error,
["error_description"] = context.ErrorDescription,
["error_uri"] = context.ErrorUri
};
context.Response.ContentType = "application/json";
context.Response.StatusCode = 401;
return(context.Response.WriteAsync(payload.ToString()));
}
/// <summary>
/// 没有JwtToken时触发
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override Task Challenge(JwtBearerChallengeContext context)
{
context.Response.Clear();
context.Response.StatusCode = 200;
context.Response.ContentType = "application/json";
BaseResponse response = new BaseResponse()
{
success = false,
errorCode = nameof(ExceptionCode.EC107).GetCode().ToString(),
errorMessage = ExceptionCode.EC107
};
context.Response.WriteAsync(JsonConvert.SerializeObject(response));
context.HandleResponse();
return(base.Challenge(context));
}
///// <summary>
///// 接收时
///// </summary>
///// <param name="context"></param>
///// <returns></returns>
//public override Task MessageReceived(MessageReceivedContext context)
//{
// context.Token = context.Request.Headers["Authorization"];
// return Task.CompletedTask;
//}
///// <summary>
///// TokenValidated:在Token验证通过后调用。
///// </summary>
///// <param name="context"></param>
///// <returns></returns>
//public override Task TokenValidated(TokenValidatedContext context)
//{
// return Task.CompletedTask;
//}
#endregion
/**注释原因:token过期AuthenticationFailed执行完后 Challenge方法会报System.InvalidOperationException: StatusCode cannot be set because the response has already started**/
///// <summary>
///// AuthenticationFailed: 认证失败时调用。触发场景:1.token过期(一定) 使用时一定要在 Controller或方法名上加[Authorize]
///// </summary>
///// <param name="context"></param>
///// <returns></returns>
//public override async Task AuthenticationFailed(AuthenticationFailedContext context)
//{
// context.Response.StatusCode = StatusCodes.Status200OK;
// context.Response.ContentType = "application/json";
// var response = new HResponse()
// {
// Success = false,
// ErrorCode = nameof(ErrorInfo.E100001).GetErrorCode(),
// ErrorMsg = ErrorInfo.E100001
// };
// await context.Response.WriteAsync(H_JsonSerializer.Serialize(response));
//}
/// <summary>
/// Challenge: 服务器可以用来针对客户端的请求发送质询(challenge)。 触发场景:1.token值为空(一定) 2.token过期(一定) 2.token值有误 (一定)。 使用时一定要在 Controller或方法名上加[Authorize]
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task Challenge(JwtBearerChallengeContext context)
{
context.HandleResponse(); //此处代码为终止.Net Core默认的返回类型和数据结果,这个很重要哦,必须,不加的话 控制台里会报异常System.InvalidOperationException: StatusCode cannot be set because the response has already started
context.Response.StatusCode = StatusCodes.Status200OK;
context.Response.ContentType = "application/json";
var response = new H_Response()
{
Success = false,
ErrorCode = H_Error.E100001.Key,
ErrorMsg = H_Error.E100001.Value
};
var options = new JsonSerializerOptions
{
Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping, //解决中文乱码
PropertyNamingPolicy = null //PropertyNamingPolicy = JsonNamingPolicy.CamelCase //开头字母小写 默认
};
await context.Response.WriteAsync(JsonSerializer.Serialize(response, options));
}
public override Task Challenge(JwtBearerChallengeContext context)
{
if (!context.Response.HasStarted)
{
context.Response.StatusCode = 401;
context.Response.ContentType = "application/json";
var resp = new
{
ErrorCode = 401,
message = "Missing Token"
};
var options = new JsonSerializerSettings
{
ContractResolver = new CamelCasePropertyNamesContractResolver()
};
context.Response.WriteAsync(JsonConvert.SerializeObject(resp, options)).Wait();
}
return(Task.CompletedTask);
}
private static Task OnChallenge(JwtBearerChallengeContext context, string[] areas)
{
if (context.AuthenticateFailure != null)
{
string location = CreateReturnLocation(context, areas);
context.Response.Headers.Append(HeaderNames.Location, location);
context.Response.Headers.Append(HeaderNames.WWWAuthenticate, context.Options.Challenge);
if (context.Request.AcceptsJsonResponse())
{
return(Task.Factory.StartNew(() =>
{
context.Response.StatusCode = 401;
context.HandleResponse();
}));
}
}
return(Task.Factory.StartNew(() => context.HandleResponse()));
}
private static string CreateReturnLocation(JwtBearerChallengeContext context, string[] areas)
{
string locationHeader = context.Request.Headers[HeaderNames.Location];
Uri referrer = new Uri(context.Request.Headers[HeaderNames.Referer]);
Uri location = new Uri(locationHeader ?? referrer.ToString());
string returnUrl = CreateReturnUrl(referrer, areas);
string locationUri = QueryHelpers.AddQueryString("Login", "returnUrl", returnUrl);
if (!string.IsNullOrEmpty(context.Error))
{
locationUri = QueryHelpers.AddQueryString(locationUri, "errorCode", context.Error);
}
if (!string.IsNullOrEmpty(context.AuthenticateFailure.Message))
{
locationUri = QueryHelpers.AddQueryString(locationUri, "errorDesc", context.ErrorDescription);
}
return(locationUri);
}
protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
{
var authResult = await HandleAuthenticateOnceSafeAsync();
var eventContext = new JwtBearerChallengeContext(Context, Scheme, Options, properties)
{
AuthenticateFailure = authResult?.Failure
};
// 避免返回错误 = invalid_token 如果错误不是由身份验证失败引起的 (例如, 缺少令牌)。
if (Options.IncludeErrorDetails && eventContext.AuthenticateFailure != null)
{
eventContext.Error = "invalid_token";
eventContext.ErrorDescription = CreateErrorDescription(eventContext.AuthenticateFailure);
}
await Events.Challenge(eventContext);
if (eventContext.Handled)
{
return;
}
// 无论如何保证请求成功,用status表示具体api结果
Response.StatusCode = 200;
if (string.IsNullOrEmpty(eventContext.Error) &&
string.IsNullOrEmpty(eventContext.ErrorDescription) &&
string.IsNullOrEmpty(eventContext.ErrorUri))
{
Response.Headers.Append(HeaderNames.WWWAuthenticate, Options.Challenge);
}
else
{
// https://tools.ietf.org/html/rfc6750#section-3.1
//WWW 认证: 无记名领域 = "示例", 错误 = "invalid_token", error_description = "访问令牌过期"
var builder = new StringBuilder(Options.Challenge);
if (Options.Challenge.IndexOf(" ", StringComparison.Ordinal) > 0)
{
// 仅在第一个参数之后添加逗号 (如果有)
builder.Append(',');
}
if (!string.IsNullOrEmpty(eventContext.Error))
{
builder.Append(" error=\"");
builder.Append(eventContext.Error);
builder.Append("\"");
}
if (!string.IsNullOrEmpty(eventContext.ErrorDescription))
{
if (!string.IsNullOrEmpty(eventContext.Error))
{
builder.Append(",");
}
builder.Append(" error_description=\"");
builder.Append(eventContext.ErrorDescription);
builder.Append('\"');
}
if (!string.IsNullOrEmpty(eventContext.ErrorUri))
{
if (!string.IsNullOrEmpty(eventContext.Error) ||
!string.IsNullOrEmpty(eventContext.ErrorDescription))
{
builder.Append(",");
}
builder.Append(" error_uri=\"");
builder.Append(eventContext.ErrorUri);
builder.Append('\"');
}
Response.Headers.Append(HeaderNames.WWWAuthenticate, builder.ToString());
}
await Response.WriteAsync(JsonConvert.SerializeObject(new JsonBase {
Status = JsonStatus.BearerCheckFailed,
Message = JsonErrorMaps.TryGet(JsonStatus.BearerCheckFailed)
}, new JsonSerializerSettings {
ContractResolver = new LowercaseContractResolver(),
ReferenceLoopHandling = ReferenceLoopHandling.Ignore,
Formatting = Formatting.Indented
}));
}
public async Task Challenge(JwtBearerChallengeContext context)
{
context.Response.StatusCode = 401;
context.Response.ContentType = "application/json;";
await context.Response.WriteAsync("Error Has Occured.");
}
internal static Task OnChallenge(JwtBearerChallengeContext arg)
{
Debug.WriteLine("Not authentication, challenge triggered");
return(Task.CompletedTask);
}
private Task JwtBearerChallenge(JwtBearerChallengeContext arg)
{
_logger.LogDebug("JwtBearerChallenge!");
return(Task.FromResult(0));
}
private Task Challenge(JwtBearerChallengeContext arg)
{
return(Task.CompletedTask);
}
public override Task Challenge(JwtBearerChallengeContext context)
{
return(base.Challenge(context));
}
public static Task OnChallenge(JwtBearerChallengeContext context)
{
return(Task.CompletedTask);
}
protected override async Task HandleChallengeAsync(Microsoft.AspNetCore.Authentication.AuthenticationProperties properties)
{
var authResult = await HandleAuthenticateOnceSafeAsync();
var eventContext = new JwtBearerChallengeContext(Context, Scheme, Options, properties)
{
AuthenticateFailure = authResult?.Failure
};
await Events.Challenge(eventContext);
if (eventContext.Handled)
{
return;
}
Response.StatusCode = 401;
if (string.IsNullOrEmpty(eventContext.Error) &&
string.IsNullOrEmpty(eventContext.ErrorDescription) &&
string.IsNullOrEmpty(eventContext.ErrorUri))
{
Response.Headers.Append(HeaderNames.WWWAuthenticate, Options.Challenge);
}
else
{
// https://tools.ietf.org/html/rfc6750#section-3.1
// WWW-Authenticate: Bearer realm="example", error="invalid_token", error_description="The access token expired"
var builder = new StringBuilder(Options.Challenge);
if (Options.Challenge.IndexOf(" ", StringComparison.Ordinal) > 0)
{
// Only add a comma after the first param, if any
builder.Append(',');
}
if (!string.IsNullOrEmpty(eventContext.Error))
{
builder.Append(" error=\"");
builder.Append(eventContext.Error);
builder.Append("\"");
}
if (!string.IsNullOrEmpty(eventContext.ErrorDescription))
{
if (!string.IsNullOrEmpty(eventContext.Error))
{
builder.Append(",");
}
builder.Append(" error_description=\"");
builder.Append(eventContext.ErrorDescription);
builder.Append('\"');
}
if (!string.IsNullOrEmpty(eventContext.ErrorUri))
{
if (!string.IsNullOrEmpty(eventContext.Error) ||
!string.IsNullOrEmpty(eventContext.ErrorDescription))
{
builder.Append(",");
}
builder.Append(" error_uri=\"");
builder.Append(eventContext.ErrorUri);
builder.Append('\"');
}
Response.Headers.Append(HeaderNames.WWWAuthenticate, builder.ToString());
}
}
public async Task OnAuthChallenge(JwtBearerChallengeContext ctx)
{
await ctx.Response.WriteAsJsonAsync(new ApiResponse <string>(false, 401, "Token is invalid"));
ctx.HandleResponse();
}
