diff --git a/CoreCms.Net.Auth/AuthorizationSetup.cs b/CoreCms.Net.Auth/AuthorizationSetup.cs index 9c85bb97..bb9b78b4 100644 --- a/CoreCms.Net.Auth/AuthorizationSetup.cs +++ b/CoreCms.Net.Auth/AuthorizationSetup.cs @@ -103,15 +103,23 @@ namespace CoreCms.Net.Auth { OnMessageReceived = context => { - var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", ""); - if (string.IsNullOrEmpty(token)) + try { - context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure!"); + var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", ""); + if (!string.IsNullOrEmpty(token.Trim())) + { + context.Token = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); + } + else + { + context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure!"); + } } - else + catch { - context.Token = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); + context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure ex!"); } + return Task.CompletedTask; }, OnChallenge = context => @@ -122,35 +130,48 @@ namespace CoreCms.Net.Auth OnAuthenticationFailed = context => { var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", ""); - if (string.IsNullOrEmpty(token)) + if (!string.IsNullOrEmpty(token.Trim())) + { + try + { + //进行aes解密 + var decodeToken = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); + if (!string.IsNullOrEmpty(decodeToken)) + { + var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(decodeToken); + + if (jwtToken.Issuer != issuer) + { + context.Response.Headers.Append("Token-Error-Iss", "issuer is wrong!"); + } + + if (jwtToken.Audiences.FirstOrDefault() != audience) + { + context.Response.Headers.Append("Token-Error-Aud", "Audience is wrong!"); + } + + // 如果过期,则把<是否过期>添加到,返回头信息中 + if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) + { + context.Response.Headers.Append("Token-Expired", "true"); + } + } + else + { + context.Response.Headers.Append("Token-Error-Token", "token decryption failure!"); + + } + } + catch + { + context.Response.Headers.Append("Token-Error-Token", "token decryption failure ex!"); + } + } + else { context.Response.Headers.Append("Token-Error-Token", "token is wrong!"); } - //进行aes解密 - var decodeToken = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); - if (string.IsNullOrEmpty(decodeToken)) - { - context.Response.Headers.Append("Token-Error-Token", "token decryption failure!"); - } - - var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(decodeToken); - - if (jwtToken.Issuer != issuer) - { - context.Response.Headers.Append("Token-Error-Iss", "issuer is wrong!"); - } - - if (jwtToken.Audiences.FirstOrDefault() != audience) - { - context.Response.Headers.Append("Token-Error-Aud", "Audience is wrong!"); - } - - // 如果过期,则把<是否过期>添加到,返回头信息中 - if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) - { - context.Response.Headers.Append("Token-Expired", "true"); - } return Task.CompletedTask; } }; @@ -233,15 +254,23 @@ namespace CoreCms.Net.Auth { OnMessageReceived = context => { - var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", ""); - if (string.IsNullOrEmpty(token)) + try { - context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure!"); + var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", ""); + if (!string.IsNullOrEmpty(token.Trim())) + { + context.Token = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); + } + else + { + context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure!"); + } } - else + catch { - context.Token = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); + context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure ex!"); } + return Task.CompletedTask; }, OnChallenge = context => @@ -252,35 +281,48 @@ namespace CoreCms.Net.Auth OnAuthenticationFailed = context => { var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", ""); - if (string.IsNullOrEmpty(token)) + if (!string.IsNullOrEmpty(token.Trim())) + { + try + { + //进行aes解密 + var decodeToken = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); + if (!string.IsNullOrEmpty(decodeToken)) + { + var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(decodeToken); + + if (jwtToken.Issuer != issuer) + { + context.Response.Headers.Append("Token-Error-Iss", "issuer is wrong!"); + } + + if (jwtToken.Audiences.FirstOrDefault() != audience) + { + context.Response.Headers.Append("Token-Error-Aud", "Audience is wrong!"); + } + + // 如果过期,则把<是否过期>添加到,返回头信息中 + if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) + { + context.Response.Headers.Append("Token-Expired", "true"); + } + } + else + { + context.Response.Headers.Append("Token-Error-Token", "token decryption failure!"); + + } + } + catch + { + context.Response.Headers.Append("Token-Error-Token", "token decryption failure ex!"); + } + } + else { context.Response.Headers.Append("Token-Error-Token", "token is wrong!"); } - //进行aes解密 - var decodeToken = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); - if (string.IsNullOrEmpty(decodeToken)) - { - context.Response.Headers.Append("Token-Error-Token", "token decryption failure!"); - } - - var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(decodeToken); - - if (jwtToken.Issuer != issuer) - { - context.Response.Headers.Append("Token-Error-Iss", "issuer is wrong!"); - } - - if (jwtToken.Audiences.FirstOrDefault() != audience) - { - context.Response.Headers.Append("Token-Error-Aud", "Audience is wrong!"); - } - - // 如果过期,则把<是否过期>添加到,返回头信息中 - if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) - { - context.Response.Headers.Append("Token-Expired", "true"); - } return Task.CompletedTask; } };