我使用承载令牌认证 . 我've decided to store a token in the client'的 Cookies . 我创建了继承 OAuthAuthorizationServerProvider 的自定义 ServerAuthProvider . 我已经覆盖了将令牌放入cookie中的 TokenEndpointResponse() 方法(将令牌添加到cookie中工作正常):
public override Task TokenEndpointResponse(OAuthTokenEndpointResponseContext context)
{
if(String.IsNullOrEmpty(context.AccessToken))
{
context.Response.Redirect("/Authentication/Login");
}
else
{
context.Response.Cookies.Append("SocialNetworkApp", context.AccessToken);
}
return base.TokenEndpointResponse(context);
}
然后我创建了一个继承 AuthorizeAttribute 的自定义 SimpleAuthorizeAttribute 并且我覆盖了 OnAuthorization() ,它从cookie中获取了令牌并将其添加到请求的 Headers 中 . 但问题是, HandleUnauthorizedRequest() 始终要求 .
public class SimpleAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
var tokenKey = "SocialNetworkApp";
var cookies = filterContext.HttpContext.Request.Cookies;
if (cookies.AllKeys.Contains(tokenKey))
{
var token = cookies[tokenKey].Value;
filterContext.HttpContext.Request.Headers.Add("Authorization", "Bearer " + token);
var tokenFrom = filterContext.HttpContext.Request.Headers.Get("Authorization");
}
base.OnAuthorization(filterContext);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
//if not logged, it will work as normal Authorize and redirect to the Login
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = "Authentication", action = "Login" }));
}
else
{
//logged and wihout the role to access it - redirect to the custom controller action
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = "Home"}));
}
}
}
如果我在客户端设置“授权” Headers (例如Postman),它可以正常工作 . 我怎么解决这个问题?