2
有人可以告诉我如何将JWT集成到默认的Web API项目中。将JWT集成到Asp.net Web服务中
他们只是解释了如何使用的NuGet安装库以及如何生成令牌。但现在如何将它与基于身份验证的系统集成?
我实施至今:
public class WebApiApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
GlobalConfiguration.Configuration.Filters.Add(new **AuthFilterAttribute()**);
}
}
public class TokenAuthenticationAttribute : System.Web.Http.Filters.ActionFilterAttribute
{
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
// In auth web method you should implement functionality of authentication
// so that client app could be able to get token
if (actionContext.Request.RequestUri.AbsolutePath.Contains("api/auth"))
{
return;
}
// Receive token from the client. Here is the example when token is in header:
var token = **actionContext.Request.Headers["Token"];**
// Put your secret key into the configuration
var secretKey = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk";
try
{
string jsonPayload = JWT.JsonWebToken.Decode(token, secretKey);
}
catch (JWT.SignatureVerificationException)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
}
}
你可能还可以添加一个代码块以及如何使用令牌的例子吗?即我如何使用它?我只是把'[Authorize]'放在控制器上面吗? – Zapnologica
@Zapnologica只要您在全球范围内注册,您的attr就会针对每个请求执行。无需在每个控制器上面放置attr。你只需要允许匿名访问像Authenticate等方法。 – Andrei
好吧。这听起来很理想。我会尽力回复你。用你的例子,我显然还得使用nuget来安装它。然后在global.asax文件中配置它。我在哪里把TokenAuthenticationAttribute:代码? – Zapnologica