我有两个api项目
-
ConsumerPi
-
MasterApi
MasterApi负责创建和验证令牌。我需要保护ConsumerPi资源。这就是为什么我有一个LoginController和login方法。
起初用户点击此方法并传递他们的用户名和密码ConsumerApi然后调用MasterApi取令牌,并将令牌返回给用户。之后,用户使用授权标头中的此JWT令牌作为承载重试_JWT_token来调用ConsumerPi受保护的资源。要使用MasterApi验证令牌,我在ConsumerPi中有一个CustomAuthorizeAttribute,我在本项目控制器或方法中提到了它。
下面是我的CustomAuthorizeAttribute:
public class ExternalAuthorization : AuthorizeAttribute, IAuthorizationFilter
{
private readonly HttpClient _httpClient;
public ExternalAuthorization()
{
_httpClient = new HttpClient();
}
public void OnAuthorization(AuthorizationFilterContext context)
{
if (context.HttpContext.Request.Headers.TryGetValue("Authorization", out var authHeader))
{
var accessToken = authHeader.ToString().Split(' ')[1];
var response = _httpClient.GetAsync(
$"https://localhost:44359/api/oauth/validate?token={accessToken}").Result;
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
context.Result = new UnauthorizedResult();
}
}
}
}
我在我的ConsumerPi控制器方法中使用了这个方法,如下所示:
[ExternalAuthorization]
[HttpGet("getall")]
public IEnumerable<WeatherForecast> GetAll()
{
var rng = new Random();
return Enumerable.Range(1, 5).Select(index => new WeatherForecast
{
Date = DateTime.Now.AddDays(index),
TemperatureC = rng.Next(-20, 55),
Summary = Summaries[rng.Next(Summaries.Length)]
})
.ToArray();
}
但当我调用这个方法时,我得到了低于异常的结果
System.InvalidOperationException: Endpoint ConsumerApiClient.Controllers.WeatherForecastController.GetAll (ConsumerApi) contains authorization metadata, but a middleware was not found that supports authorization.
Configure your application startup by adding app.UseAuthorization() inside the call to Configure(..) in the application startup code. The call to app.UseAuthorization() must appear between app.UseRouting() and app.UseEndpoints(...).
at Microsoft.AspNetCore.Routing.EndpointMiddleware.ThrowMissingAuthMiddlewareException(Endpoint endpoint)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
HEADERS
=======
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,bn;q=0.7
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1laWRlbnRpZmllciI6InVzZXJfaWQiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJyZWd1bGFyIiwibmJmIjoxNTk0MTE1MDg4LCJleHAiOjE1OTQyMDE0ODgsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0OjQ0MzU5LyIsImF1ZCI6Imh0dHBzOi8vbG9jYWxob3N0OjQ0MzU5LyJ9.mOEaM_IuQ0w_CKGcMHXACXCdCOebzdc19ArSeOOgxek
Cache-Control: no-cache
Connection: close
Host: localhost:44326
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
dnt: 1
x-postman-interceptor-id: 9dc8740c-6d4d-eb6b-4376-3eefdb355cb8
postman-token: 3191c452-708a-efd0-237a-0c343eb16bd6
sec-fetch-site: none
sec-fetch-mode: cors
sec-fetch-dest: empty
我需要在StartUp.cs中添加吗?如果需要,我该如何添加?
根据异常,app.UseAuthorization应该在app.UseRouting()和app.UseEndpoints(...)之间,类似于以下内容:
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller}/{action=Index}/{id?}");
});