我正在使用未捕获的异常处理程序:
this.UncaughtExceptionHandlers.Add((req, res, operationName, ex) =>
{
res.WriteErrorBody(ex);
Log.Error(ex);
res.EndRequest(skipHeaders: true);
});
有时当我有一段时间没有使用项目时,我会得到一个"令牌已过期"。命中此处理程序的异常。它不会向我的前端返回401代码,因此前端不会丢弃登录数据并提示用户再次登录。无响应数据。
这是headers
Request URL: https://localhost:44308/json/reply/BlogsLookUpRequest
Referrer Policy: strict-origin-when-cross-origin
access-control-allow-origin: https://localhost:4200
content-length: 0
date: Sun, 25 Jul 2021 02:54:31 GMT
server: Kestrel
x-powered-by: ASP.NET
:authority: localhost:44308
:method: POST
:path: /json/reply/BlogsLookUpRequest
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en,en-GB;q=0.9
authorization: Bearer omitted
cache-control: no-cache
content-length: 165
content-type: application/json
cookie: omitted
pragma: no-cache
referer: https://localhost:4200/
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91"
sec-ch-ua-mobile: ?0
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36
我试着:
this.UncaughtExceptionHandlers.Add((req, res, operationName, ex) =>
{
res.WriteErrorBody(ex);
Log.Error(ex);
if (ex.GetType() == typeof(TokenException))
{
res.StatusCode = 401;
}
res.EndRequest(skipHeaders: true);
});
但是没有响应,所以没有状态码。
我在这里缺少一些理解,因为这并不总是发生。我有前端编码直接登录到401错误,这似乎发生在某些情况下与登录到期。
我做错了什么吗?当使用过期的令牌时,我如何让SS返回401 ?
这是堆栈跟踪:
at ServiceStack.Auth.JwtAuthProviderReader.AssertJwtPayloadIsValid(JsonObject jwtPayload) in C:BuildAgentwork3481147c480f4a2fsrcServiceStackAuthJwtAuthProviderReader.cs:line 779
at ServiceStack.Auth.JwtAuthProviderReader.CreateSessionFromPayload(IRequest req, JsonObject jwtPayload) in C:BuildAgentwork3481147c480f4a2fsrcServiceStackAuthJwtAuthProviderReader.cs:line 752
at ServiceStack.Auth.JwtAuthProviderReader.PreAuthenticateAsync(IRequest req, IResponse res) in C:BuildAgentwork3481147c480f4a2fsrcServiceStackAuthJwtAuthProviderReader.cs:line 538
at ServiceStack.AuthenticateAttribute.<PreAuthenticateAsync>d__20.MoveNext() in C:BuildAgentwork3481147c480f4a2fsrcServiceStackAuthenticateAttribute.cs:line 207
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() in E:A_work191ssrcmscorlibsrcSystemRuntimeExceptionServicesExceptionDispatchInfo.cs:line 132
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) in E:A_work191ssrcmscorlibsrcSystemRuntimeCompilerServicesTaskAwaiter.cs:line 155
at ServiceStack.AuthenticateAttribute.<ExecuteAsync>d__12.MoveNext() in C:BuildAgentwork3481147c480f4a2fsrcServiceStackAuthenticateAttribute.cs:line 77
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() in E:A_work191ssrcmscorlibsrcSystemRuntimeExceptionServicesExceptionDispatchInfo.cs:line 132
at ServiceStack.ServiceStackHost.<ApplyRequestFiltersSingleAsync>d__386.MoveNext() in C:BuildAgentwork3481147c480f4a2fsrcServiceStackServiceStackHost.Runtime.cs:line 183
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() in E:A_work191ssrcmscorlibsrcSystemRuntimeExceptionServicesExceptionDispatchInfo.cs:line 132
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) in E:A_work191ssrcmscorlibsrcSystemRuntimeCompilerServicesTaskAwaiter.cs:line 155
at ServiceStack.ServiceStackHost.<ApplyRequestFiltersAsync>d__385.MoveNext() in C:BuildAgentwork3481147c480f4a2fsrcServiceStackServiceStackHost.Runtime.cs:line 145
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() in E:A_work191ssrcmscorlibsrcSystemRuntimeExceptionServicesExceptionDispatchInfo.cs:line 132
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) in E:A_work191ssrcmscorlibsrcSystemRuntimeCompilerServicesTaskAwaiter.cs:line 155
at ServiceStack.Host.Handlers.GenericHandler.<ProcessRequestAsync>d__12.MoveNext() in C:BuildAgentwork3481147c480f4a2fsrcServiceStackHostHandlersGenericHandler.cs:line 57
过期令牌抛出TokenException,实现IHasStatusCode,返回401 UnauthorizedHTTP错误。
这被我们的测试以及所有服务客户端自动刷新访问令牌,这依赖于过期令牌返回401 Unauthorized错误响应。
您的响应头不包括状态码,因此无法确定实际返回的响应状态码是什么。我建议使用Fiddler,这样你就可以捕获包含响应状态码的原始HTTP头。
如果您的自定义错误处理逻辑干扰它,我建议您不要试图干扰/处理实现IHasStatusCode的任何异常,例如:
this.UncaughtExceptionHandlers.Add((req, res, operationName, ex) =>
{
if (ex is IHasStatusCode) return;
res.WriteErrorBody(ex);
Log.Error(ex);
res.EndRequest(skipHeaders: true);
});