/// <summary>
/// 检测是否包含'Authorization'请求头,如果不包含则直接放行
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
public Task Invoke(HttpContext httpContext, ILoggerFactory loggerFactory)
{
ILogger <JwtAuthorizationMiddleware> logger = loggerFactory.CreateLogger <JwtAuthorizationMiddleware>();
var authorizationKey = "Authorization";
var bearer = "Bearer";
if (!httpContext.Request.Headers.ContainsKey(authorizationKey))
{
return(_next(httpContext));
}
var tokenHeader = (httpContext.Request.Headers[authorizationKey] + "").ToString();
TokenModel tm = null;
try
{
if (tokenHeader.StartsWith(bearer))
{
tokenHeader = tokenHeader.Substring(bearer.Length).Trim();
}
tm = JwtHelper.SerializeJWT(tokenHeader);
}
catch (Exception e)
{
logger.LogInformation(CommonConst.NewLine + e.Message);
return(_next(httpContext));
}
//授权
var claimList = new List <Claim>();
var claim = new Claim(ClaimTypes.Role, JwtConsts.RoleName);
claimList.Add(claim);
var identity = new ClaimsIdentity(claimList);
var principal = new UserPrincipal(identity, tm.Uid);
httpContext.User = principal; //此处为关键 设置当前用户的值 否则如果请求的资源需要权限将返回401
return(_next(httpContext));
}
/// <summary>
///
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
public Task Invoke(HttpContext httpContext)
{
//检测是否包含'Authorization'请求头,如果不包含则直接放行
if (!httpContext.Request.Headers.ContainsKey("Authorization"))
{
return(_next(httpContext));
}
var tokenHeader = httpContext.Request.Headers["Authorization"];
tokenHeader = tokenHeader.ToString().Substring("Bearer ".Length).Trim();
TokenModel tm = null;
try
{
tm = JwtHelper.SerializeJWT(tokenHeader);
}
catch (Exception)
{
//解析失败也返回401
return(_next(httpContext));
}
//BaseBLL.TokenModel = tm;//将tokenModel存入baseBll
//授权
var claimList = new List <Claim>();
var claim = new Claim(ClaimTypes.Role, tm.Role);
claimList.Add(claim);
var identity = new ClaimsIdentity(claimList);
var principal = new ClaimsPrincipal(identity);
httpContext.User = principal;
return(_next(httpContext));
}