1. 首页
  2. 问答
  3. 将JWT集成到Asp.net Web服务中

将JWT集成到Asp.net Web服务中

2014-03-04 69 views
2

有人可以告诉我如何将JWT集成到默认的Web API项目中。将JWT集成到Asp.net Web服务中

Here is the library

他们只是解释了如何使用的NuGet安装库以及如何生成令牌。但现在如何将它与基于身份验证的系统集成?

我实施至今:

public class WebApiApplication : System.Web.HttpApplication 
{ 
    protected void Application_Start() 
    { 
     AreaRegistration.RegisterAllAreas(); 
     GlobalConfiguration.Configure(WebApiConfig.Register); 
     FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); 
     RouteConfig.RegisterRoutes(RouteTable.Routes); 
     BundleConfig.RegisterBundles(BundleTable.Bundles); 
     GlobalConfiguration.Configuration.Filters.Add(new **AuthFilterAttribute()**); 
    } 
} 


    public class TokenAuthenticationAttribute : System.Web.Http.Filters.ActionFilterAttribute 
{ 
    public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) 
    { 
     // In auth web method you should implement functionality of authentication 
     // so that client app could be able to get token 
     if (actionContext.Request.RequestUri.AbsolutePath.Contains("api/auth")) 
     { 
      return; 
     } 

     // Receive token from the client. Here is the example when token is in header: 
     var token = **actionContext.Request.Headers["Token"];** 

     // Put your secret key into the configuration 
     var secretKey = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk"; 

     try 
     { 
      string jsonPayload = JWT.JsonWebToken.Decode(token, secretKey); 
     } 
     catch (JWT.SignatureVerificationException) 
     { 
      throw new HttpResponseException(HttpStatusCode.Unauthorized); 
     } 
    } 
}

来源

2014-03-04 Zapnologica

回答

2

实施TokenAuthenticationAttribute和全球范围内进行注册:

Global.asax中注册

GlobalConfiguration.Configuration.Filters.Add(new TokenAuthenticationAttribute());

TokenAuthenticationAttribute

public class TokenAuthenticationAttribute : System.Web.Http.Filters.ActionFilterAttribute 
{ 
    public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) 
    { 
     // In auth web method you should implement functionality of authentication 
     // so that client app could be able to get token 
     if (actionContext.Request.RequestUri.AbsolutePath.Contains("api/auth")) 
     { 
      return; 
     } 

     // Receive token from the client. Here is the example when token is in header: 
     var token = actionContext.Request.Headers["Token"]; 

     // Put your secret key into the configuration 
     var secretKey = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk"; 

     try 
     { 
      string jsonPayload = JWT.JsonWebToken.Decode(token, secretKey); 
     } 
     catch (JWT.SignatureVerificationException) 
     { 
      throw new HttpResponseException(HttpStatusCode.Unauthorized); 
     }  
    } 
}

来源

2014-03-04 13:24:52 Andrei

+0

你可能还可以添加一个代码块以及如何使用令牌的例子吗?即我如何使用它?我只是把'[Authorize]'放在控制器上面吗? – Zapnologica

+0

@Zapnologica只要您在全球范围内注册,您的attr就会针对每个请求执行。无需在每个控制器上面放置attr。你只需要允许匿名访问像Authenticate等方法。 – Andrei

+0

好吧。这听起来很理想。我会尽力回复你。用你的例子,我显然还得使用nuget来安装它。然后在global.asax文件中配置它。我在哪里把TokenAuthenticationAttribute:代码? – Zapnologica

相关问题

 相关问题