基于Multi-tenant Asp.net Core网站参数的JWT认证

问题描述

我在我的 .net core 2.1 网站中使用基于 JWT 的身份验证.目前这工作正常.现在，我必须创建一个 API 多租户，并且每个租户都有自己的密钥.租户 ID 将作为参数传递给 API.

I am using JWT based authentication in my .net core 2.1 web site. Currently this works fine. Now, I have to make one API multi-tenant and each tenant will have it's own secret key. The tenant Id will be passed as parameter to the API.

        [Authorize]
        [HttpGet("tenant/{id}")]
        public async Task<IActionResult> GetInfo(string id)
        {
        }

每个租户都将签署 JWT 并将添加到 Authorization 标头.我想不出根据参数更改 IssuerSigningKey 的方法.我尝试了以下操作:

Each tenant will sign the JWT and will add to Authorization header. I am not able to think of a way to change IssuerSigningKey based on the parameter. I tried following:

1. 通过将 JWT 设为 [AllowAonymus] 来验证 API 中的 JWT.这可行，但我最终编写了所有 JWT 验证代码.

1. Validating the JWT inside the API by making it [AllowAonymus]. This works but I have end up writing all the JWT validating code.

实现ISecurityTokenValidator

我可以实现 ISecurityTokenValidator 来验证令牌并在启动配置中使用它，如下所示:

I can implement ISecurityTokenValidator to validate the token and using this in startup configuration something like this:

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
            {
                options.SecurityTokenValidators.Clear();
                options.SecurityTokenValidators.Add(new JWTSecurityTokenValidator());
            });

并实现了我自己的类来验证令牌.

And implemented my own class to validate the token.

public class JWTSecurityTokenValidator : ISecurityTokenValidator
{
    public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
    {
            // Implement the logic
    }
}

但我最终还是做了繁重的工作.另外，我无法访问 ValidateToken 中的参数tenantId".

But again I end up doing heavy lifting. Also, I am not able to access the parameter "tenantId" in the ValidateToken.

3.使用IssuerSigningKeyResolver:我可以实现一个委托:

3.Using IssuerSigningKeyResolver: I can implement a delegate:

IEnumerable<SecurityKey> IssuerSigningKeyResolver(string token, SecurityToken securityToken, string kid, TokenValidationParameters validationParameters)

同样，我无法访问tenantId"参数来选择合适的密钥.

Again I don't's have access to the "tenantId" parameter to choose the appropriate key.

是否有根据参数选择 IssuerSigningKey 的优雅解决方案，这样我就不需要编写自己的逻辑来验证 JWT?还是唯一的选择是选择第一个选项?

Is there elegant solution to choosing IssuerSigningKey based on the parameter so that I don't need to write my own logic to validate JWT? Or only option is to go with first option?

推荐答案

您可以使用 DI 将 IHttpContextAccessor 实例传递给您的 JWTSecurityTokenValidator 并获取 IHttpContextAccessor 的值.HttpContext 属性.

You can use DI to pass IHttpContextAccessor instance into your JWTSecurityTokenValidator and get value of IHttpContextAccessor.HttpContext property.

从 .Net Core 2.1 开始，您可以使用扩展名注册:

From .Net Core 2.1 , you can register using extension :

services.AddHttpContextAccessor();

然后在您的自定义 JWTSecurityTokenValidator 中，修改以注入 IHttpContextAccessor :

Then in your custom JWTSecurityTokenValidator , modify to inject the IHttpContextAccessor :

private readonly IHttpContextAccessor _httpContextAccessor;

public JWTSecurityTokenValidator(IHttpContextAccessor httpContextAccessor) {
    _httpContextAccessor = httpContextAccessor;
}

修改Startup.cs中的注册:

options.SecurityTokenValidators.Clear();

options.SecurityTokenValidators.Add(new JWTSecurityTokenValidator(services.BuildServiceProvider().GetService<IHttpContextAccessor>()));

这样在 ValidateToken 方法中，你可以从 _httpContextAccessor.HttpContext 中读取参数，根据你传递参数的方式，从查询字符串或路径中读取:

So that in ValidateToken method ,you can read the parameter from _httpContextAccessor.HttpContext , according to how you pass the parameter , read it from query string or path :

public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
        var xx = _httpContextAccessor.HttpContext.Request;
        ........
}

这篇关于基于Multi-tenant Asp.net Core网站参数的JWT认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持html5模板网！