Exemplo n.º 1
0
        /// <summary>
        /// 检测是否包含'Authorization'请求头,如果不包含则直接放行
        /// </summary>
        /// <param name="httpContext"></param>
        /// <returns></returns>
        public Task Invoke(HttpContext httpContext, ILoggerFactory loggerFactory)
        {
            ILogger <JwtAuthorizationMiddleware> logger = loggerFactory.CreateLogger <JwtAuthorizationMiddleware>();
            var authorizationKey = "Authorization";
            var bearer           = "Bearer";

            if (!httpContext.Request.Headers.ContainsKey(authorizationKey))
            {
                return(_next(httpContext));
            }
            var        tokenHeader = (httpContext.Request.Headers[authorizationKey] + "").ToString();
            TokenModel tm          = null;

            try
            {
                if (tokenHeader.StartsWith(bearer))
                {
                    tokenHeader = tokenHeader.Substring(bearer.Length).Trim();
                }
                tm = JwtHelper.SerializeJWT(tokenHeader);
            }
            catch (Exception e)
            {
                logger.LogInformation(CommonConst.NewLine + e.Message);
                return(_next(httpContext));
            }

            //授权
            var claimList = new List <Claim>();
            var claim     = new Claim(ClaimTypes.Role, JwtConsts.RoleName);

            claimList.Add(claim);
            var identity  = new ClaimsIdentity(claimList);
            var principal = new UserPrincipal(identity, tm.Uid);

            httpContext.User = principal; //此处为关键 设置当前用户的值 否则如果请求的资源需要权限将返回401

            return(_next(httpContext));
        }
Exemplo n.º 2
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="httpContext"></param>
        /// <returns></returns>
        public Task Invoke(HttpContext httpContext)
        {
            //检测是否包含'Authorization'请求头,如果不包含则直接放行
            if (!httpContext.Request.Headers.ContainsKey("Authorization"))
            {
                return(_next(httpContext));
            }
            var tokenHeader = httpContext.Request.Headers["Authorization"];

            tokenHeader = tokenHeader.ToString().Substring("Bearer ".Length).Trim();
            TokenModel tm = null;

            try
            {
                tm = JwtHelper.SerializeJWT(tokenHeader);
            }
            catch (Exception)
            {
                //解析失败也返回401
                return(_next(httpContext));
            }

            //BaseBLL.TokenModel = tm;//将tokenModel存入baseBll

            //授权
            var claimList = new List <Claim>();
            var claim     = new Claim(ClaimTypes.Role, tm.Role);

            claimList.Add(claim);
            var identity  = new ClaimsIdentity(claimList);
            var principal = new ClaimsPrincipal(identity);

            httpContext.User = principal;

            return(_next(httpContext));
        }