From ce83544ed3ead856e00adccea5dfe60ba9925f2b Mon Sep 17 00:00:00 2001 From: jianweie Date: Wed, 8 May 2024 23:53:40 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96jwt=E9=A6=96=E6=AC=A1?= =?UTF-8?q?=E6=97=A0=E6=95=B0=E6=8D=AE=E7=9A=84=E5=BC=82=E5=B8=B8=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CoreCms.Net.Auth/AuthorizationSetup.cs | 162 ++++++++++++++++--------- 1 file changed, 102 insertions(+), 60 deletions(-) diff --git a/CoreCms.Net.Auth/AuthorizationSetup.cs b/CoreCms.Net.Auth/AuthorizationSetup.cs index 9c85bb97..bb9b78b4 100644 --- a/CoreCms.Net.Auth/AuthorizationSetup.cs +++ b/CoreCms.Net.Auth/AuthorizationSetup.cs @@ -103,15 +103,23 @@ namespace CoreCms.Net.Auth { OnMessageReceived = context => { - var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", ""); - if (string.IsNullOrEmpty(token)) + try { - context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure!"); + var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", ""); + if (!string.IsNullOrEmpty(token.Trim())) + { + context.Token = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); + } + else + { + context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure!"); + } } - else + catch { - context.Token = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); + context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure ex!"); } + return Task.CompletedTask; }, OnChallenge = context => @@ -122,35 +130,48 @@ namespace CoreCms.Net.Auth OnAuthenticationFailed = context => { var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", ""); - if (string.IsNullOrEmpty(token)) + if (!string.IsNullOrEmpty(token.Trim())) + { + try + { + //进行aes解密 + var decodeToken = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); + if (!string.IsNullOrEmpty(decodeToken)) + { + var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(decodeToken); + + if (jwtToken.Issuer != issuer) + { + context.Response.Headers.Append("Token-Error-Iss", "issuer is wrong!"); + } + + if (jwtToken.Audiences.FirstOrDefault() != audience) + { + context.Response.Headers.Append("Token-Error-Aud", "Audience is wrong!"); + } + + // 如果过期,则把<是否过期>添加到,返回头信息中 + if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) + { + context.Response.Headers.Append("Token-Expired", "true"); + } + } + else + { + context.Response.Headers.Append("Token-Error-Token", "token decryption failure!"); + + } + } + catch + { + context.Response.Headers.Append("Token-Error-Token", "token decryption failure ex!"); + } + } + else { context.Response.Headers.Append("Token-Error-Token", "token is wrong!"); } - //进行aes解密 - var decodeToken = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); - if (string.IsNullOrEmpty(decodeToken)) - { - context.Response.Headers.Append("Token-Error-Token", "token decryption failure!"); - } - - var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(decodeToken); - - if (jwtToken.Issuer != issuer) - { - context.Response.Headers.Append("Token-Error-Iss", "issuer is wrong!"); - } - - if (jwtToken.Audiences.FirstOrDefault() != audience) - { - context.Response.Headers.Append("Token-Error-Aud", "Audience is wrong!"); - } - - // 如果过期,则把<是否过期>添加到,返回头信息中 - if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) - { - context.Response.Headers.Append("Token-Expired", "true"); - } return Task.CompletedTask; } }; @@ -233,15 +254,23 @@ namespace CoreCms.Net.Auth { OnMessageReceived = context => { - var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", ""); - if (string.IsNullOrEmpty(token)) + try { - context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure!"); + var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", ""); + if (!string.IsNullOrEmpty(token.Trim())) + { + context.Token = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); + } + else + { + context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure!"); + } } - else + catch { - context.Token = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); + context.Response.Headers.Append("Token-Error-Token", "authorization decryption failure ex!"); } + return Task.CompletedTask; }, OnChallenge = context => @@ -252,35 +281,48 @@ namespace CoreCms.Net.Auth OnAuthenticationFailed = context => { var token = context.Request.Headers["Authorization"].ObjectToString().Replace("Bearer ", ""); - if (string.IsNullOrEmpty(token)) + if (!string.IsNullOrEmpty(token.Trim())) + { + try + { + //进行aes解密 + var decodeToken = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); + if (!string.IsNullOrEmpty(decodeToken)) + { + var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(decodeToken); + + if (jwtToken.Issuer != issuer) + { + context.Response.Headers.Append("Token-Error-Iss", "issuer is wrong!"); + } + + if (jwtToken.Audiences.FirstOrDefault() != audience) + { + context.Response.Headers.Append("Token-Error-Aud", "Audience is wrong!"); + } + + // 如果过期,则把<是否过期>添加到,返回头信息中 + if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) + { + context.Response.Headers.Append("Token-Expired", "true"); + } + } + else + { + context.Response.Headers.Append("Token-Error-Token", "token decryption failure!"); + + } + } + catch + { + context.Response.Headers.Append("Token-Error-Token", "token decryption failure ex!"); + } + } + else { context.Response.Headers.Append("Token-Error-Token", "token is wrong!"); } - //进行aes解密 - var decodeToken = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey); - if (string.IsNullOrEmpty(decodeToken)) - { - context.Response.Headers.Append("Token-Error-Token", "token decryption failure!"); - } - - var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(decodeToken); - - if (jwtToken.Issuer != issuer) - { - context.Response.Headers.Append("Token-Error-Iss", "issuer is wrong!"); - } - - if (jwtToken.Audiences.FirstOrDefault() != audience) - { - context.Response.Headers.Append("Token-Error-Aud", "Audience is wrong!"); - } - - // 如果过期,则把<是否过期>添加到,返回头信息中 - if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) - { - context.Response.Headers.Append("Token-Expired", "true"); - } return Task.CompletedTask; } };