我有一个授权处理程序,但如果失败,我希望响应为 401 并带有响应正文。
public class TokenValidationAuthorizationHandler: AuthorizationHandler<TokenValidationCustomRequirement>
{
private readonly IHttpContextAccessor _httpContextAccessor;
public TokenValidationAuthorizationHandler(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, TokenValidationCustomRequirement requirement)
{
var httpContext = context.Resource as DefaultHttpContext;
if (httpContext == null)
{
context.Fail();
}
var authHead = httpContext.Request.Headers.Authorization;
var bearerToken = TokenHelper.GetToken(authHead.ToString());
if (string.IsNullOrEmpty(bearerToken))
{
context.Fail();
}
else
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
即使上下文失败或成功,下面代码中的authorizeResult.Succeeded和authorizeResult.Forbidden始终结果为false。
public class TokenValidationAuthorizationMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler
{
public Task HandleAsync(RequestDelegate next, HttpContext httpContext, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
{
if (authorizeResult.Challenged || authorizeResult.Forbidden)
{
var response = new BadRequestResponse("Forbidden");
httpContext.Response.StatusCode = 401;
httpContext.Response.ContentType = "application/json";
return httpContext.Response.WriteAsync(JsonConvert.SerializeObject(response));
}
return next(httpContext);
}
}
这些代码有什么问题,真正的解决方案是什么?
您应该检查
HasSucceeded
对象中的 HttpContext
属性。
我认为你可以像这样重构你的代码:
public class TokenValidationAuthorizationMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler
{
public Task HandleAsync(RequestDelegate next, HttpContext httpContext, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
{
if (!context.HasSucceeded)
{
var response = new BadRequestResponse("Forbidden");
httpContext.Response.StatusCode = 401;
httpContext.Response.ContentType = "application/json";
return httpContext.Response.WriteAsync(JsonConvert.SerializeObject(response));
}
return next(httpContext);
}
}