【发布时间】:2022-02-20 20:24:11
【问题描述】:
我有一个由不记名令牌保护的 API。 API 有两个控制器,一个是默认的WeatherForecast,第二个用于处理玩家模型的 CRUD 操作。我决定从WeatherForecast 获取我的令牌,并用它来调用我的 MVC 项目中的播放器。
但是当我开始调试时,它会在每个 MVC 操作中显示未授权响应。不过用邮递员没问题。
这里是HttpGet 和HttpPost 的控制器方法:
namespace MyMVCProject.Controllers
{
public class HomeController : Controller
{
private readonly ILogger<HomeController> _logger;
private readonly IHttpClientFactory _clientFactory;
public HomeController(ILogger<HomeController> logger, IHttpClientFactory clientFactory)
{
_logger = logger;
_clientFactory = clientFactory;
}
public async Task<IActionResult> Index()
{
var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:42045/weatherforecast/");
var client = _clientFactory.CreateClient();
HttpResponseMessage response = await client.SendAsync(request);
if (response.StatusCode == System.Net.HttpStatusCode.OK)
{
string token = await response.Content.ReadAsStringAsync();
HttpContext.Session.SetString("JwtToken", token);
}
return View();
}
public async Task<IActionResult> GetAllPlayers()
{
var accessToken = HttpContext.Session.GetString("JwtToken");
List<Player> players = new List<Player>();
var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:42045/api/player");
var client = _clientFactory.CreateClient();
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
HttpResponseMessage response = await client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead);
if (response.StatusCode == System.Net.HttpStatusCode.OK)
{
var apiString = await response.Content.ReadAsStringAsync();
players = JsonConvert.DeserializeObject<List<Player>>(apiString);
}
return View(players);
}
[HttpPost]
public async Task<IActionResult> AddPlayer(Player player)
{
var accessToken = HttpContext.Session.GetString("JwtToken");
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost:42045/api/player/");
if (player != null)
{
request.Content = new StringContent(JsonConvert.SerializeObject(player), System.Text.Encoding.UTF8, "application/json");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
}
else
{
return BadRequest();
}
var client = _clientFactory.CreateClient();
HttpResponseMessage response = await client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead);
if (response.StatusCode == System.Net.HttpStatusCode.Created)
{
var apiString = await response.Content.ReadAsStringAsync();
player = JsonConvert.DeserializeObject<Player>(apiString);
TempData["success"] = "Player Added Successfully!";
}
else if (response.StatusCode == System.Net.HttpStatusCode.BadRequest)
{
TempData["badrequest"] = "Player with the same name already exists";
}
return View(player);
}
}
}
【问题讨论】:
-
你确定你得到了正确的令牌吗?也许您没有正确解析 JWT,因此没有传递正确的 Bearer 令牌。
-
使用断点,accessToken的值与之前在Index action中session保存的token相同。 request.Headers.Authorization 中的标头值正确(授权:Bearer+ 令牌,但它们之间没有空格),之后响应值为 UnAuthorized!
标签: c# asp.net-core-mvc asp.net-core-webapi