te')); return $arr; } /* 遍历用户所有主题 * @param $uid 用户ID * @param int $page 页数 * @param int $pagesize 每页记录条数 * @param bool $desc 排序方式 TRUE降序 FALSE升序 * @param string $key 返回的数组用那一列的值作为 key * @param array $col 查询哪些列 */ function thread_tid_find_by_uid($uid, $page = 1, $pagesize = 1000, $desc = TRUE, $key = 'tid', $col = array()) { if (empty($uid)) return array(); $orderby = TRUE == $desc ? -1 : 1; $arr = thread_tid__find($cond = array('uid' => $uid), array('tid' => $orderby), $page, $pagesize, $key, $col); return $arr; } // 遍历栏目下tid 支持数组 $fid = array(1,2,3) function thread_tid_find_by_fid($fid, $page = 1, $pagesize = 1000, $desc = TRUE) { if (empty($fid)) return array(); $orderby = TRUE == $desc ? -1 : 1; $arr = thread_tid__find($cond = array('fid' => $fid), array('tid' => $orderby), $page, $pagesize, 'tid', array('tid', 'verify_date')); return $arr; } function thread_tid_delete($tid) { if (empty($tid)) return FALSE; $r = thread_tid__delete(array('tid' => $tid)); return $r; } function thread_tid_count() { $n = thread_tid__count(); return $n; } // 统计用户主题数 大数量下严谨使用非主键统计 function thread_uid_count($uid) { $n = thread_tid__count(array('uid' => $uid)); return $n; } // 统计栏目主题数 大数量下严谨使用非主键统计 function thread_fid_count($fid) { $n = thread_tid__count(array('fid' => $fid)); return $n; } ?>asp.net core - I am trying to setup Custom Attribute that handles That httponlyCookie exists or not - Stack Overflow

科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>asp.net core - I am trying to setup Custom Attribute that handles That httponlyCookie exists or not - Stack Overflow

    asp.net core - I am trying to setup Custom Attribute that handles That httponlyCookie exists or not - Stack Overflow

    programmeradmin3浏览0评论

    Microsoft.AspNetCore.Authorization is used to validate token while is there any attribute that checks httpOnlyCookie present in browser and is valid i.e like it also checks role based authentication.

    I tried to create a custom attribute that handles the httponlycookie authentication while I don't want to use custom attributes if there is any built in attribute provided by ASP.NET Core.

    Here's my code:

    using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Text;
using System;

public class AuthorizeWithCookieAttribute : Attribute, IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationFilterContext context)
    {
        var request = context.HttpContext.Request;

        // Check if the authToken cookie exists
        if (!request.Cookies.TryGetValue("authToken", out var token) || string.IsNullOrEmpty(token))
        {
            context.Result = new JsonResult(new { message = "Unauthorized: No auth token found in cookie." })
            { StatusCode = 401 };
            return;
        }

        Console.WriteLine("Token from cookie: " + token); // Debugging

        try
        {
            var tokenHandler = new JwtSecurityTokenHandler();
            var key = Encoding.UTF8.GetBytes("this is my secret key more then 128 bits");

            tokenHandler.ValidateToken(token, new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(key),
                ValidateIssuer = false,
                ValidateAudience = false,
                ClockSkew = TimeSpan.Zero // Reduce token time discrepancy
            }, out _);

            Console.WriteLine("Token validation success!"); // Debugging
        }
        catch (Exception ex)
        {
            Console.WriteLine("Token validation failed: " + ex.Message); // Debugging
            context.Result = new JsonResult(new { message = "Unauthorized: Invalid token.", error = ex.Message })
            { StatusCode = 401 };
        }
    }
}

    [HttpGet("GetFruits")]
[AuthorizeWithCookie]
public IActionResult GetFruits()
{ }

    Now custom attribute AuthorizeWithCookie works

    Microsoft.AspNetCore.Authorization is used to validate token while is there any attribute that checks httpOnlyCookie present in browser and is valid i.e like it also checks role based authentication.

    I tried to create a custom attribute that handles the httponlycookie authentication while I don't want to use custom attributes if there is any built in attribute provided by ASP.NET Core.

    Here's my code:

    using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Text;
using System;

public class AuthorizeWithCookieAttribute : Attribute, IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationFilterContext context)
    {
        var request = context.HttpContext.Request;

        // Check if the authToken cookie exists
        if (!request.Cookies.TryGetValue("authToken", out var token) || string.IsNullOrEmpty(token))
        {
            context.Result = new JsonResult(new { message = "Unauthorized: No auth token found in cookie." })
            { StatusCode = 401 };
            return;
        }

        Console.WriteLine("Token from cookie: " + token); // Debugging

        try
        {
            var tokenHandler = new JwtSecurityTokenHandler();
            var key = Encoding.UTF8.GetBytes("this is my secret key more then 128 bits");

            tokenHandler.ValidateToken(token, new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(key),
                ValidateIssuer = false,
                ValidateAudience = false,
                ClockSkew = TimeSpan.Zero // Reduce token time discrepancy
            }, out _);

            Console.WriteLine("Token validation success!"); // Debugging
        }
        catch (Exception ex)
        {
            Console.WriteLine("Token validation failed: " + ex.Message); // Debugging
            context.Result = new JsonResult(new { message = "Unauthorized: Invalid token.", error = ex.Message })
            { StatusCode = 401 };
        }
    }
}

    [HttpGet("GetFruits")]
[AuthorizeWithCookie]
public IActionResult GetFruits()
{ }

    Now custom attribute AuthorizeWithCookie works

    • asp-core
    • asp-core-webapi
    • asp-core-5.0
    Share Improve this question edited 2 days ago marc_s 755k184 gold badges1.4k silver badges1.5k bronze badges asked 2 days ago Muhammad YahyaMuhammad Yahya 134 bronze badges
    Add a comment  | 

    1 Answer 1

    Reset to default 0

    If you want to get the token from the cookie during the auth, I suggest you could consider using the JwtBearerEvents OnMessageReceived to set the token .

    Then you could directly using the Authorize(Roles = "Admin")] to check the role.

    More details, you could refer to below codes:

    builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = new SymmetricSecurityKey(key),
            ValidateIssuer = false,
            ValidateAudience = false,
            ClockSkew = TimeSpan.Zero
        };

 
        options.Events = new JwtBearerEvents
        {
            OnMessageReceived = context =>
            {
                if (context.Request.Cookies.TryGetValue("authToken", out var token))
                {
                    context.Token = token;
                }
                return Task.CompletedTask;
            }
        };
    });
    继续浏览有关 的文章

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论