2

我正在将 asp net mvc 中的旧应用程序升级到带有 asp core + angular 7 的新版本。在旧应用程序中,我们有一个外部服务调用我们的 api,并在 URL 中发送身份验证令牌,因为它做不到除此以外。

我拦截它以在标头中注入令牌,如下所示:

public class MvcApplication : System.Web.HttpApplication
{
    protected void Application_PreSendRequestHeaders()
    {
        Response.Headers.Remove("X-Frame-Options");
        Response.AddHeader("X-Frame-Options", "AllowAll");
    }

    private void Application_BeginRequest(object sender, EventArgs e)
    {
        var header = HttpContext.Current.Request;
        var url = HttpContext.Current.Request.Url;
        var Params = HttpContext.Current.Request.Params;
        if (ReferenceEquals(null, HttpContext.Current.Request.Headers["Authorization"]))
        {
            var token = HttpContext.Current.Request.Params["access_token"];
            if (!String.IsNullOrEmpty(token))
            {
                HttpContext.Current.Request.Headers.Add("Authorization", "Bearer " + token);
            }
        }
    }

    protected void Application_Start()
    {
        //DashboardConfig.RegisterService(RouteTable.Routes);
        DevExtremeBundleConfig.RegisterBundles(BundleTable.Bundles);

        C_Interface_Meta.IntialiserBdd();
        ViewEngines.Engines.Clear();
        ViewEngines.Engines.Add(new RazorViewEngine());

        FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
        GlobalConfiguration.Configure(WebApiConfig.Register);
        RouteConfig.RegisterRoutes(RouteTable.Routes);

        //GlobalConfiguration.Configure(WebApiConfig.Register);
        ASPxWebControl.CallbackError += Application_Error;

        BundleConfig.RegisterBundles(BundleTable.Bundles);
        DisableApplicationInsightsOnDebug();
    }

    /// <summary>
    /// Disables the application insights locally.
    /// </summary>
    [Conditional("DEBUG")]
    private static void DisableApplicationInsightsOnDebug()
    {
        TelemetryConfiguration.Active.DisableTelemetry = true;
    }

    public static void Register(HttpConfiguration config)
    {
        config.Filters.Add(new PrettyPrintFilterAttribute());
    }

    protected void Application_Error(object sender, EventArgs e)
    {
        Exception exception = HttpContext.Current.Server.GetLastError();
        if (exception is HttpUnhandledException)
            exception = exception.InnerException;
        AddToLog(exception.Message, exception.StackTrace);
    }

    public static void AddToLog(string message, string stackTrace)
    {
        StringBuilder sb = new StringBuilder();
        sb.AppendLine(DateTime.Now.ToLocalTime().ToString());
        sb.AppendLine(message);
        sb.AppendLine();
        sb.AppendLine("Source File: " + HttpContext.Current.Request.RawUrl);
        sb.AppendLine();
        sb.AppendLine("Stack Trace: ");
        sb.AppendLine(stackTrace);
        for (int i = 0; i < 150; i++)
            sb.Append("-");
        sb.AppendLine();
        HttpContext.Current.Application["Log"] += sb.ToString();
        sb.AppendLine();
    }
}

在有角度的 asp 核心应用程序中这样做的等效方法是什么?经过大量搜索,我什么也没找到。

4

2 回答 2

1
  1. 听起来您正在使用 JWT 承载并通过查询字符串发送令牌。如果是这种情况,您可以简单地使用事件处理程序OnMessageReceived来动态设置令牌:
public void ConfigureServices(IServiceCollection services)
{
    // ...
    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(options=> {
            options.TokenValidationParameters = new TokenValidationParameters{
                // ValidIssuer, ValidAudience, IssuerSigningKey , ...
            };
            options.Events = new JwtBearerEvents() {
                OnMessageReceived = async (context) =>{
                    // get bearer From Header/QueryString as you like
                    var bearer=context.HttpContext.Request.Query["access_token"].FirstOrDefault();
                    if(!String.IsNullOrEmpty(bearer)){
                        context.Token = bearer; // simply set the token
                    }
                },
            };
        });
    // other services ...
}
  1. 或者按照Razgort的建议,您可以注册一个中间件来设置令牌。注意中间件的顺序。
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    // register it before other middlewares that rely on this token
    app.Use(async(context,next)=>{
        var bearer = context.Request.Headers["Authorization"].FirstOrDefault();
        if(bearer==null){
            bearer=context.Request.Query["access_token"].FirstOrDefault();
            if(!String.IsNullOrEmpty(bearer)){
                context.Request.Headers.Add("Authorization", "Bearer " + bearer);
            }  
        }
        await next();
    });

    // other middlewares ...
    app.UseMvc(...)//
}
于 2019-02-18T04:01:55.777 回答
0

我认为您正在寻找角度拦截器,这几乎是同一件事。你想注入这样的令牌:

@Injectable()
export class AuthInterceptor implements HttpInterceptor {

  constructor(private auth: AuthService) {}

  intercept(req: HttpRequest<any>, next: HttpHandler) {
    // Get the auth token from the service.
    const authToken = this.auth.getAuthorizationToken();

    // Clone the request and replace the original headers with
    // cloned headers, updated with the authorization.
    const authReq = req.clone({
      headers: req.headers.set('Authorization', authToken)
    });

    // send cloned request with header to the next handler.
    return next.handle(authReq);
  }
}
于 2019-02-16T12:09:53.687 回答