我需要验证在请求中收到的多个令牌,我遵循以下代码流程
services.AddAuthentication()
.AddJwtBearer("Token1", options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = Issuer,
ValidateAudience = true,
ValidAudience = Audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Key)),
};
options.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
var Token = context.Request.Headers["UserCred1"].ToString();
context.Token = Token;
return Task.CompletedTask;
},
};
})
.AddJwtBearer("Token2", options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = Issuer,
ValidateAudience = true,
ValidAudience = Audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Key)),
};
options.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
var Token = context.Request.Headers["UserCred2"].ToString();
context.Token = Token;
return Task.CompletedTask;
},
};
});
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("Token1", "Token2")
.Build();
});
上面的代码用作 OR 条件,例如 Token1 或 Token 2 身份验证有效,然后返回 Success。但对我来说,只有当“Token1”和“Token2”都有效时,我才需要考虑成功。
请让我知道您的想法。
services.AddAuthorization(options =>
{
options.AddPolicy("RequireAllSchemes", policy =>
{
policy.AddAuthenticationSchemes("Token1");
policy.AddAuthenticationSchemes("Token2");
policy.RequireAuthenticatedUser();
policy.RequireAssertion(context =>
{
return context.User.Identities.Count() == 2;
});
});
});
指定控制器的授权策略
[授权(策略=“RequireAllSchemes”)]
公共类 TestController :控制器
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)