.Net 实操将Token存入Session

2023年 10月 16日 40.1k 0

一、参考

.NET Session - 掘金 (juejin.cn)

.NET 让Swagger中带JWT报文头 - 掘金 (juejin.cn)

.NET ActionFilter行为过滤器 - 掘金 (juejin.cn)

二、环境搭建

2.1 依赖下载

Microsoft.AspNetCore.Session

image.png

2.2 服务注册

主要注册了过滤器ActionApiFilterJWT请求头Session服务

using Microsoft.AspNetCore.Http;
using Microsoft.OpenApi.Models;
using Token1;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.

builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(s =>
{
    //添加安全定义
    s.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
    {
        Description = "请输入token,格式为 Bearer xxxxxxxx(注意中间必须有空格)",
        Name = "Authorization",
        In = ParameterLocation.Header,
        Type = SecuritySchemeType.ApiKey,
        BearerFormat = "JWT",
        Scheme = "Bearer"
    });
    //添加安全要求
    s.AddSecurityRequirement(new OpenApiSecurityRequirement {
        {
            new OpenApiSecurityScheme{
                Reference =new OpenApiReference{
                    Type = ReferenceType.SecurityScheme,
                     
                }
            },new string[]{ }
        }
    });
});

builder.Services.AddSingleton();
builder.Services.AddDistributedMemoryCache();
builder.Services.AddSession();

builder.Services.AddControllers(o => o.Filters.Add(typeof(ActionApiFilter)));

var app = builder.Build();
app.UseSession();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.UseHttpsRedirection();

app.UseAuthorization();

app.MapControllers();

app.Run();

2.3 创建过滤器

当用户的请求头中捎带了Token时,就将其存入Session

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using System.Net.WebSockets;

namespace Token1
{
    public class ActionApiFilter : ControllerBase, IAsyncActionFilter
    {

        private readonly ILogger logger;
        private readonly IHttpContextAccessor httpContextAccessor_;
        public ActionApiFilter(ILogger logger, IHttpContextAccessor httpContextAccessor_)
        {
            this.logger = logger;
            this.httpContextAccessor_ = httpContextAccessor_;
        }

        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            string token = context.HttpContext.Request.Headers["Authorization"].ToString();
            if (!string.IsNullOrEmpty(token))
            {
                string value = token.Split(' ').Last();
                await Console.Out.WriteLineAsync($"token:" + value);
                // 存入session
                httpContextAccessor_.HttpContext.Session.SetString("value", value);
            }
            else
            {
                await Console.Out.WriteLineAsync($"no token");
            }
            ActionExecutedContext actionExecutedContext = await next.Invoke();
        }
    }
}

2.4 创建控制器

创建了Set和Get方法,模拟Session的存取

using Microsoft.AspNetCore.Mvc;

namespace Token1.Controllers
{
    [ApiController]
    [Route("[controller]/[action]")]
    public class Test : ControllerBase
    {

        [HttpGet]
        public void Set()
        {
        }

        [HttpGet]
        public object Get()
        {
            return HttpContext.Session.GetString("value");
        }
    }
}

三、测试

填写token信息,此后每次加载请求头都会捎带

image.png

此时Seesion已存入token

image.png

注销请求头,去除Get对Set的影响(如果不注销,那么Get方法也会捎带token,会覆盖Set内容)

image.png

成功获取

image.png

此时再用postman测试一次,模拟不同用户访问

image.png

成功获取对应token

image.png

此时再访问用户1,内容不变,表明不同用户存取的session不同

image.png

相关文章

JavaScript2024新功能:Object.groupBy、正则表达式v标志
PHP trim 函数对多字节字符的使用和限制
新函数 json_validate() 、randomizer 类扩展…20 个PHP 8.3 新特性全面解析
使用HTMX为WordPress增效:如何在不使用复杂框架的情况下增强平台功能
为React 19做准备:WordPress 6.6用户指南
如何删除WordPress中的所有评论

发布评论