.net core 集成jwtBearer认证后,服务器接收时修改request header中Authorization这个key的名称

由于客户服务器拦截了request header中的Authorization参数,导致无法正常授权访问。

找了半天目前只有这种方法可以变相解决

AddJwtBearer->OnMessageReceived方法中做简单修改,就可以接收到前台传递的Authorization2这个key了

public static void Configure(IServiceCollection services, IConfiguration configuration)
        {
            if (bool.Parse(configuration["Authentication:JwtBearer:IsEnabled"]))
            {
                services.AddAuthentication(options =>
                {
                    options.DefaultAuthenticateScheme = "JwtBearer";
                    options.DefaultChallengeScheme = "JwtBearer";
                }).AddJwtBearer("JwtBearer", options =>
                {
                    options.Audience = configuration["Authentication:JwtBearer:Audience"];

                    options.TokenValidationParameters = new TokenValidationParameters
                    {
                        // The signing key must match!
                        ValidateIssuerSigningKey = true,
                        IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(configuration["Authentication:JwtBearer:SecurityKey"])),

                        // Validate the JWT Issuer (iss) claim
                        ValidateIssuer = true,
                        ValidIssuer = configuration["Authentication:JwtBearer:Issuer"],

                        // Validate the JWT Audience (aud) claim
                        ValidateAudience = true,
                        ValidAudience = configuration["Authentication:JwtBearer:Audience"],

                        // Validate the token expiry
                        ValidateLifetime = true,

                        // If you want to allow a certain amount of clock drift, set that here
                        ClockSkew = TimeSpan.Zero,
                    };

                    options.Events = new JwtBearerEvents
                    {
                        OnMessageReceived = context =>
                        {
                            var authorizationIsHave = context.Request.Headers.TryGetValue("Authorization", out _);
                            if (authorizationIsHave)
                            {
                                return Task.CompletedTask;
                            }
                            var authorization2IsHave = context.Request.Headers.TryGetValue("Authorization2", out var token);
                            if (authorization2IsHave)
                            {
                                context.Request.Headers.Add("Authorization", token);
                            }
                            return Task.CompletedTask;
                        }
                    };
                });
            }
        }

 

上一篇:Spring Security 核心组件?


下一篇:spring security (史上最全)