在 Asp.net webapi 中使用filter 验证 auth0 jwt

2023-12-13 04:08:44

?auth0 的?jwt 有些不一样,它是没有 SecretKey 的,这里手动处理了这个验证

using Microsoft.IdentityModel.Tokens;
using System;
using System.Configuration;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Net;
using System.Security.Claims;
using System.Text;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;

namespace Bestrane.OPS.API.Attributes
{
    public class JwtAuthenticationAttribute : AuthorizationFilterAttribute
    {
        private readonly string secretKey = ConfigurationManager.AppSettings["ApiKey"];

        public override void OnAuthorization(HttpActionContext actionContext)
        {
            if (!IsAuthorized(actionContext))
            {
                HandleUnauthorizedRequest(actionContext);
            }
        }

        private bool IsAuthorized(HttpActionContext actionContext)
        {
            // Get the Authorization header from the request
            var authHeader = actionContext.Request.Headers.Authorization;

            if (authHeader != null && authHeader.Scheme.Equals("Bearer", StringComparison.OrdinalIgnoreCase))
            {

                var policy = GetPolicyFromRoute(actionContext);

                if (!string.IsNullOrEmpty(policy))
                {
                    ApplyPolicy(policy, actionContext);
                }

                var token = authHeader.Parameter;
                var domain = "distribution-dev.au.auth0.com";

                // Validate and decode the JWT token
                var tokenHandler = new JwtSecurityTokenHandler();
                var validationParameters = new TokenValidationParameters
                {
                    ValidateIssuerSigningKey = true,
                    ValidIssuer = $"https://{domain}/",
                    ValidAudience = "https://bestrane/routeplanner",
                    IssuerSigningKeys = GetSigningKeys(domain),
                    ValidateIssuer = false,
                    ValidateAudience = false
                };

                try
                {
                    SecurityToken validatedToken;
                    var principal = tokenHandler.ValidateToken(token, validationParameters, out validatedToken);
                    var securityToken = (JwtSecurityToken)validatedToken;
                    var userId = principal.Claims.First(c => c.Type == ClaimTypes.NameIdentifier).Value;
                    actionContext.RequestContext.Principal = principal;
                    return true;
                }
                catch (Exception)
                {
                    return false;
                }
            }

            return false;
        }

        private string GetPolicyFromRoute(HttpActionContext actionContext)
        {
            var routeData = actionContext.ControllerContext.RouteData;
            var policy = routeData.Route.RouteTemplate.Replace("api/", "");
            return policy;
        }

        private void ApplyPolicy(string policy, HttpActionContext actionContext)
        {
            // Apply policy logic based on the 'policy' parameter
            switch (policy)
            {
                case "pod":
                    // Apply pod policy logic
                    break;
                case "eta":
                    // Apply eta policy logic
                    break;
                case "routeplanner":
                    // Apply routeplanner policy logic
                    break;
                default:
                    // Handle unknown policy
                    HandleUnauthorizedRequest(actionContext);
                    break;
            }
        }

        private void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {
            // Return 401 Unauthorized response
            actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
        }

        private SecurityKey[] GetSigningKeys(string domain)
        {
            var jwksUrl = $"https://{domain}/.well-known/jwks.json";
            var jwksJson = new WebClient().DownloadString(jwksUrl);
            var jwks = new JsonWebKeySet(jwksJson);

            return jwks.Keys.ToArray();
        }
    }
}

调用端

        [JwtAuthentication]
        [Route("api/{policy}")]
        [HttpPost, Route("api/eta")]
        public async Task<IHttpActionResult> EstimatedTimeToArrival([FromBody] ETARequest request)
{
   ....
}

文章来源:https://blog.csdn.net/lee576/article/details/134920920
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。