正如标题所说,我仍然是 ASP.NET 的新手,所以请耐心等待。我一直在尝试实现 jwt 身份验证,但在这个问题上停留了相当长一段时间,它一直困扰着我。我的想法是,我有一个 jwt,我想从中提取用户的声明,问题是它们总是空的。以下是我用来提取索赔的方法,如果需要更多信息,请告诉我:
[HttpGet("UserInfo")]
[Authorize]
public ActionResult<UserAccount> GetCurrentUser()
{
try
{
var headers = Request.Headers;
var authHeader = headers["Authorization"].ToString();
var token = authHeader.StartsWith("Bearer ") ? authHeader.Substring(7) : authHeader;
Console.WriteLine(token); // this shows the correct token which correctly contains the claims
var identity = _http.HttpContext.User;
if(identity != null)
{
var userClaims = identity.Claims;
Console.WriteLine(userClaims.Count()); // this always outputs 0
var userName = userClaims.FirstOrDefault(userClaim => userClaim.Type == ClaimTypes.Name)?.Value;
return Ok(new
{
UserName = userName
});
}
return BadRequest();
}
catch(Exception e)
{
return BadRequest(e.Message);
}
}
我尝试将令牌放在 jwt.io 上,一切似乎都已就位,老实说我不确定我还能做什么。
授权流程应按如下方式实施:
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = issuer,
ValidAudience = audience,
IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(signingKey))
};
ClaimsPrincipal claimsPrincipal = _tokenHandler.ValidateToken(token, tokenValidationParameters, out SecurityToken validatedToken);
context.HttpContext.User = claimsPrincipal;
这里,_tokenHandler是JwtSecurityTokenHandler的一个对象。
您可以随时获得索赔
var principal = httpContext.User as ClaimsPrincipal;
var userIdClaim = principal.FindFirst(c => c.Type == "jwt_userId");
这里,jwt_userId是claimId,value是userIdClaim。