問(wèn)題描述
我在我的 .net core 2.1 網(wǎng)站中使用基于 JWT 的身份驗(yàn)證.目前這工作正常.現(xiàn)在,我必須創(chuàng)建一個(gè) API 多租戶,并且每個(gè)租戶都有自己的密鑰.租戶 ID 將作為參數(shù)傳遞給 API.
I am using JWT based authentication in my .net core 2.1 web site. Currently this works fine. Now, I have to make one API multi-tenant and each tenant will have it's own secret key. The tenant Id will be passed as parameter to the API.
[Authorize]
[HttpGet("tenant/{id}")]
public async Task<IActionResult> GetInfo(string id)
{
}
每個(gè)租戶都將簽署 JWT 并將添加到 Authorization 標(biāo)頭.我想不出根據(jù)參數(shù)更改 IssuerSigningKey 的方法.我嘗試了以下操作:
Each tenant will sign the JWT and will add to Authorization header. I am not able to think of a way to change IssuerSigningKey based on the parameter. I tried following:
通過(guò)將 JWT 設(shè)為 [
AllowAonymus] 來(lái)驗(yàn)證 API 中的 JWT.這可行,但我最終編寫了所有 JWT 驗(yàn)證代碼.
Validating the JWT inside the API by making it [
AllowAonymus]. This works but I have end up writing all the JWT validating code.
實(shí)現(xiàn)ISecurityTokenValidator
我可以實(shí)現(xiàn) ISecurityTokenValidator 來(lái)驗(yàn)證令牌并在啟動(dòng)配置中使用它,如下所示:
I can implement ISecurityTokenValidator to validate the token and using this in startup configuration something like this:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
{
options.SecurityTokenValidators.Clear();
options.SecurityTokenValidators.Add(new JWTSecurityTokenValidator());
});
并實(shí)現(xiàn)了我自己的類來(lái)驗(yàn)證令牌.
And implemented my own class to validate the token.
public class JWTSecurityTokenValidator : ISecurityTokenValidator
{
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
// Implement the logic
}
}
但我最終還是做了繁重的工作.另外,我無(wú)法訪問(wèn) ValidateToken 中的參數(shù)tenantId".
But again I end up doing heavy lifting. Also, I am not able to access the parameter "tenantId" in the ValidateToken.
3.使用IssuerSigningKeyResolver:我可以實(shí)現(xiàn)一個(gè)委托:
3.Using IssuerSigningKeyResolver:
I can implement a delegate:
IEnumerable<SecurityKey> IssuerSigningKeyResolver(string token, SecurityToken securityToken, string kid, TokenValidationParameters validationParameters)
同樣,我無(wú)法訪問(wèn)tenantId"參數(shù)來(lái)選擇合適的密鑰.
Again I don't's have access to the "tenantId" parameter to choose the appropriate key.
是否有根據(jù)參數(shù)選擇 IssuerSigningKey 的優(yōu)雅解決方案,這樣我就不需要編寫自己的邏輯來(lái)驗(yàn)證 JWT?還是唯一的選擇是選擇第一個(gè)選項(xiàng)?
Is there elegant solution to choosing IssuerSigningKey based on the parameter so that I don't need to write my own logic to validate JWT? Or only option is to go with first option?
推薦答案
您可以使用 DI 將 IHttpContextAccessor 實(shí)例傳遞給您的 JWTSecurityTokenValidator 并獲取 IHttpContextAccessor 的值.HttpContext 屬性.
You can use DI to pass IHttpContextAccessor instance into your JWTSecurityTokenValidator and get value of IHttpContextAccessor.HttpContext property.
從 .Net Core 2.1 開始,您可以使用擴(kuò)展名注冊(cè):
From .Net Core 2.1 , you can register using extension :
services.AddHttpContextAccessor();
然后在您的自定義 JWTSecurityTokenValidator 中,修改以注入 IHttpContextAccessor :
Then in your custom JWTSecurityTokenValidator , modify to inject the IHttpContextAccessor :
private readonly IHttpContextAccessor _httpContextAccessor;
public JWTSecurityTokenValidator(IHttpContextAccessor httpContextAccessor) {
_httpContextAccessor = httpContextAccessor;
}
修改Startup.cs中的注冊(cè):
options.SecurityTokenValidators.Clear();
options.SecurityTokenValidators.Add(new JWTSecurityTokenValidator(services.BuildServiceProvider().GetService<IHttpContextAccessor>()));
這樣在 ValidateToken 方法中,你可以從 _httpContextAccessor.HttpContext 中讀取參數(shù),根據(jù)你傳遞參數(shù)的方式,從查詢字符串或路徑中讀取:
So that in ValidateToken method ,you can read the parameter from _httpContextAccessor.HttpContext , according to how you pass the parameter , read it from query string or path :
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
var xx = _httpContextAccessor.HttpContext.Request;
........
}
這篇關(guān)于基于Multi-tenant Asp.net Core網(wǎng)站參數(shù)的JWT認(rèn)證的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!