在 Asp.net webapi 中使用filter 验证 auth0 jwt
2023-12-13 04:08:44
?auth0 的?jwt 有些不一样,它是没有 SecretKey 的,这里手动处理了这个验证
using Microsoft.IdentityModel.Tokens;
using System;
using System.Configuration;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Net;
using System.Security.Claims;
using System.Text;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
namespace Bestrane.OPS.API.Attributes
{
public class JwtAuthenticationAttribute : AuthorizationFilterAttribute
{
private readonly string secretKey = ConfigurationManager.AppSettings["ApiKey"];
public override void OnAuthorization(HttpActionContext actionContext)
{
if (!IsAuthorized(actionContext))
{
HandleUnauthorizedRequest(actionContext);
}
}
private bool IsAuthorized(HttpActionContext actionContext)
{
// Get the Authorization header from the request
var authHeader = actionContext.Request.Headers.Authorization;
if (authHeader != null && authHeader.Scheme.Equals("Bearer", StringComparison.OrdinalIgnoreCase))
{
var policy = GetPolicyFromRoute(actionContext);
if (!string.IsNullOrEmpty(policy))
{
ApplyPolicy(policy, actionContext);
}
var token = authHeader.Parameter;
var domain = "distribution-dev.au.auth0.com";
// Validate and decode the JWT token
var tokenHandler = new JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidIssuer = $"https://{domain}/",
ValidAudience = "https://bestrane/routeplanner",
IssuerSigningKeys = GetSigningKeys(domain),
ValidateIssuer = false,
ValidateAudience = false
};
try
{
SecurityToken validatedToken;
var principal = tokenHandler.ValidateToken(token, validationParameters, out validatedToken);
var securityToken = (JwtSecurityToken)validatedToken;
var userId = principal.Claims.First(c => c.Type == ClaimTypes.NameIdentifier).Value;
actionContext.RequestContext.Principal = principal;
return true;
}
catch (Exception)
{
return false;
}
}
return false;
}
private string GetPolicyFromRoute(HttpActionContext actionContext)
{
var routeData = actionContext.ControllerContext.RouteData;
var policy = routeData.Route.RouteTemplate.Replace("api/", "");
return policy;
}
private void ApplyPolicy(string policy, HttpActionContext actionContext)
{
// Apply policy logic based on the 'policy' parameter
switch (policy)
{
case "pod":
// Apply pod policy logic
break;
case "eta":
// Apply eta policy logic
break;
case "routeplanner":
// Apply routeplanner policy logic
break;
default:
// Handle unknown policy
HandleUnauthorizedRequest(actionContext);
break;
}
}
private void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
// Return 401 Unauthorized response
actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
}
private SecurityKey[] GetSigningKeys(string domain)
{
var jwksUrl = $"https://{domain}/.well-known/jwks.json";
var jwksJson = new WebClient().DownloadString(jwksUrl);
var jwks = new JsonWebKeySet(jwksJson);
return jwks.Keys.ToArray();
}
}
}调用端
[JwtAuthentication]
[Route("api/{policy}")]
[HttpPost, Route("api/eta")]
public async Task<IHttpActionResult> EstimatedTimeToArrival([FromBody] ETARequest request)
{
....
}
文章来源:https://blog.csdn.net/lee576/article/details/134920920
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!