【问题标题】:ActionFilter not being called WebAPI/.netCore动作过滤器未调用 WebAPI/.net Core
【发布时间】:2018-06-05 01:20:59
【问题描述】:

我有一个用 .NETCore 编写的 Web API 应用程序,我想要的只是使用操作过滤器拦截请求,然后验证来自标头的 JWT 令牌。我编写了一个 ActionFilter,如下所示:

using Microsoft.AspNetCore.Mvc.Filters;
using Newtonsoft.Json;

namespace Applciation.ActionFilters
{
    public class AuthorizeJWT: ActionFilterAttribute, IActionFilter
    {
        void IActionFilter.OnActionExecuting(ActionExecutingContext context)
        {
            var jwt = context.HttpContext.Request.Headers["JWT"];

            try
            {
                var json = new JwtBuilder()
                    .WithSecret(File.ReadLines("").ToList().First())
                    .MustVerifySignature()
                    .Decode(jwt);                    

                var tokenDetails = JsonConvert.DeserializeObject<dynamic>(json);
            }
            catch (TokenExpiredException)
            {
                throw new Exception("Token is expired");
            }
            catch (SignatureVerificationException)
            {
                throw new Exception("Token signature invalid");
            }
            catch(Exception ex)
            {
              throw new Exception("Token has been tempered with");
            }
        }
    }
}

现在,我在服务配置中添加了操作过滤器,如下所示:

services.AddScoped&lt;AuthorizeJWT&gt;();

并像下面这样装饰我的控制器:

 [AuthorizeJWT]            
    public virtual async Task<IActionResult> Ceate([FromBody]CreateDto,createDto)
{
   //method body
}

但由于某种原因,我的操作过滤器没有被调用。配置中有什么我遗漏的吗?

【问题讨论】:

  • 你为什么要重新发明轮子?这可以使用[Authorize] 属性并设置JwtBearer 身份验证来完成。
  • 如上评论者所说,Asp.net Core 已经有了 JWT,你只需配置它:medium.com/@ozgurgul/…

标签: c# asp.net-core .net-core action-filter


【解决方案1】:

您的ActionFilter 的定义不正确。您只需要从 ActionFilterAttribute 类而不是接口 IActionFilter 派生,因为 ActionFilterAttribute 类已经实现了该接口。

如果您从继承中删除接口,然后更改您的 OnActionExecuting 方法定义以覆盖基类实现,那么一切都会按预期工作:

using Microsoft.AspNetCore.Mvc.Filters;
using Newtonsoft.Json;

namespace Applciation.ActionFilters
{
    public class AuthorizeJWT: ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext context)
        {
            var jwt = context.HttpContext.Request.Headers["JWT"];

            try
            {
                var json = new JwtBuilder()
                    .WithSecret(File.ReadLines("").ToList().First())
                    .MustVerifySignature()
                    .Decode(jwt);                    

                var tokenDetails = JsonConvert.DeserializeObject<dynamic>(json);
            }
            catch (TokenExpiredException)
            {
                throw new Exception("Token is expired");
            }
            catch (SignatureVerificationException)
            {
                throw new Exception("Token signature invalid");
            }
            catch(Exception ex)
            {
              throw new Exception("Token has been tempered with");
            }
        }
    }
}

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2016-06-24
    • 2014-08-03
    • 2019-09-27
    • 1970-01-01
    相关资源
    最近更新 更多