ASP.NET Core的JWT的实现(中间件).md
...
publicJwtCustomerAuthorizeMiddleware(RequestDelegate next, IOptions<JsonWebTokenSetting> options, IJsonWebTokenValidate jsonWebTokenValidate, Func<Dictionary<string, string>, JsonWebTokenSetting, bool> validatePayLoad, List<string> anonymousPathList)
{
this._next = next;
this._setting = options.Value;
this._jsonWebTokenValidate = jsonWebTokenValidate;
this._validatePayLoad = validatePayLoad;
this._anonymousPathList = anonymousPathList;
}
publicasync Task Invoke(HttpContext context)
{
if (_anonymousPathList.Contains(context.Request.Path.Value))
{
await _next(context);
return;
}
var result = context.Request.Headers.TryGetValue("Authorization", out StringValues authStr);
if (!result || string.IsNullOrEmpty(authStr.ToString()))
{
thrownew UnauthorizedAccessException("未授权,请传递Header头的Authorization参数。");
}
result = _jsonWebTokenValidate.Validate(authStr.ToString().Substring("Bearer ".Length).Trim()
, _setting, _validatePayLoad);
if (!result)
{
thrownew UnauthorizedAccessException("验证失败,请查看传递的参数是否正确或是否有权限访问该地址。");
}
await _next(context);
}