Esempio n. 1
0
        protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            //获取header中关于auth的参数
            var authHeader = from t in actionContext.Request.Headers where t.Key == "auth" select t.Value.FirstOrDefault();

            if (authHeader != null)
            {
                string token = authHeader.FirstOrDefault();
                if (!string.IsNullOrWhiteSpace(token))
                {
                    try
                    {
                        const string secret = "No one can stand in the way of the Rejuvenation of the Chinese people!";

                        //初始化jwt算法对象
                        IJwtAlgorithm algorithm = new HMACSHA256Algorithm();   //除了256  还有512   318
                        //初始化序列化对象
                        IJsonSerializer serializer = new JsonNetSerializer();
                        //初始化urlencode对象
                        IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
                        //初始化时间对象
                        IDateTimeProvider provider = new UtcDateTimeProvider();
                        //初始化验证对象
                        IJwtValidator validator = new JwtValidator(serializer, provider);
                        //定义jwtDeEncode对象
                        IJwtDecoder deCoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm);
                        //解密并验证token值,如果错误json为null  否则放行
                        var json = deCoder.DecodeToObject <AuthInfo>(token, secret, verify: true);
                        //获取extraHeaders
                        IDictionary <string, string> dict = deCoder.DecodeHeaderToDictionary(token);
                        if (json != null && dict != null)
                        {
                            //token发布的时间
                            string iat = dict["iat"].ToString();
                            //token失效的时间
                            string exp = dict["exp"].ToString();
                            //验证token是否在有效期内
                            if (CheckTokenTime(iat, exp))
                            {
                                actionContext.RequestContext.RouteData.Values.Add("auth", json);
                                return(true);
                            }
                            return(false);
                        }
                        return(false);
                    }
                    catch (Exception ex)
                    {
                        return(false);
                    }
                }
                return(false);
            }
            return(false);
        }
Esempio n. 2
0
        public void DecodeHeaderToDictionary_Should_Return_Header()
        {
            const string token = TestData.TokenByAsymmetricAlgorithm;

            var serializer = new JsonNetSerializer();
            var urlEncoder = new JwtBase64UrlEncoder();
            var decoder    = new JwtDecoder(serializer, urlEncoder);

            var header = decoder.DecodeHeaderToDictionary(token);

            header.Should()
            .NotBeNull("because decoding header should be possible without validator or algorithm");

            header.Should()
            .Contain("typ", "JWT");
            header.Should()
            .Contain("alg", "RS256");
            header.Should()
            .Contain("kid", TestData.ServerRsaPublicThumbprint1);
        }