5

我将Visual Studio 2019and.Net Core 3.0.0-preview-7与标准 Blazor 客户端、服务器和共享模板一起使用。

在应用程序中,我们的服务器端 WebApi 应用程序将始终要求在标头中存在 JWT 令牌以进行授权。

从以下看

在 ASP.NET Core 中使用 IHttpClientFactory 发出 HTTP 请求

我创建了以下处理程序;

public class JwtTokenHeaderHandler : DelegatingHandler
{
    private readonly ILocalStorageService _localStorage;

    public JwtTokenHeaderHandler(ILocalStorageService localStorage)
    {
        _localStorage = localStorage;
    }

    protected override async Task<HttpResponseMessage> SendAsync(
        HttpRequestMessage request,
        CancellationToken cancellationToken)
    {
        if (!request.Headers.Contains("bearer"))
        {
            var savedToken = await _localStorage.GetItemAsync<string>("authToken");

            if (!string.IsNullOrWhiteSpace(savedToken))
            {
                request.Headers.Add("bearer", savedToken);
            }
        }

        return await base.SendAsync(request, cancellationToken);
    }
}

我用来Blazored.LocalStorage从本地存储中获取保存的令牌并将其添加到标题的位置。

现在,在这一点上,我不确定该怎么做,就好像我将以下内容添加到Blazor.Client Startup.cs;

services.AddTransient<JwtTokenHeaderHandler>();
services.AddHttpClient("JwtTokenHandler")
    .AddHttpMessageHandler<JwtTokenHeaderHandler>();

我收到错误消息;

“IServiceCollection”不包含“AddHttpClient”的定义,并且找不到接受“IServiceCollection”类型的第一个参数的可访问扩展方法“AddHttpClient”(您是否缺少 using 指令或程序集引用?)

谁能指导我在这里做错了什么?

4

4 回答 4

5

我找到了一个非常好的教程和示例来演示这一点(完成基于角色/策略的声明): https ://chrissinty.com/securing-your-blazor-apps-authentication-with-clientside-blazor-using-webapi-aspnet-核心身份/

这是下面的摘录,在默认 http 客户端(通过 DI)上设置默认请求标头。然后,对您的 Web api 的所有调用都将包含不记名令牌:

public class ApiAuthenticationStateProvider : AuthenticationStateProvider
{
    private readonly HttpClient _httpClient;
    private readonly ILocalStorageService _localStorage;

    public ApiAuthenticationStateProvider(HttpClient httpClient, ILocalStorageService localStorage)
    {
        _httpClient = httpClient;
        _localStorage = localStorage;
    }
    public override async Task<AuthenticationState> GetAuthenticationStateAsync()
    {
        var savedToken = await _localStorage.GetItemAsync<string>("authToken");

        if (string.IsNullOrWhiteSpace(savedToken))
        {
            return new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity()));
        }

        // **************    Set JWT header       ****************
        _httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", savedToken);
        // *******************************************************

        return new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity(ParseClaimsFromJwt(savedToken), "jwt")));
    }
    // ...
}
于 2019-12-29T13:39:25.823 回答
4

@Matthew Flynn,目前您不能在客户端 Blazor 上使用 IHttpClientFactory。

而且您不必从 HttpMessageHandler (DelegatingHandler) 派生。Blazor 已经完成了这项工作。以下是一个扩展类,用于扩展 HttpClient 服务的功能,以启用将 Jwt 令牌添加到请求消息的标头的能力...

服务扩展.cs

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Net.Http;
    using System.Net.Http.Headers;
    using System.Security.Claims;
    using System.Text;
    using System.Text.Json.Serialization;
    using System.Threading.Tasks;
    using Microsoft.AspNetCore.Components;
    using Microsoft.Extensions.DependencyInjection;

 public static class ServiceExtensions
    {    
     public static async Task<T> GetJsonAsync<T>(this HttpClient httpClient, string url, AuthenticationHeaderValue authorization)
            {
                var request = new HttpRequestMessage(HttpMethod.Get, url);
                request.Headers.Authorization = authorization;

                var response = await httpClient.SendAsync(request);
                var responseBytes = await response.Content.ReadAsByteArrayAsync();
                return JsonSerializer.Parse<T>(responseBytes, new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase });
            }
}

下面展示了如何调用 Web Api 上的端点,传递从 localStorage 读取的 Jwt 令牌。(顺便说一下,这些版本都没有数据保护)

索引.razor

@page "/"

@inject ILocalStorageService localStorage
@inject HttpClient Http

<div class="mdc-card main-content-card">
    <h1 class="@MdcTypography.H4">Hello, world!</h1>

    Welcome to your new app.
</div>

// Razor content to display emloyees come here.....

@code {
Employee[] employees;

    protected override async Task OnInitAsync()
    {
        var token = await localStorage.GetTokenAsync();
        employees = await Http.GetJsonAsync<Employee[]>(
            "api/employees",
            new AuthenticationHeaderValue("Bearer", token));
    }
}

希望这行得通...如果没有,并且您无法解决错误,请来这里告诉社区...

于 2019-08-22T12:55:34.550 回答
1

以下将 X-CSRF-TOKEN 标头添加到 http 请求:

public class CustomHttpMessageHandler : DelegatingHandler
{
    private readonly IJSRuntime _js;
    public CustomHttpMessageHandler(IJSRuntime js)
    {
        _js = js;
    }

    protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    {
        var afrt = await _js.InvokeAsync<string>("getCookie", ".AFRT");
        request.Headers.Add("X-CSRF-TOKEN", afrt);
        return await base.SendAsync(request, cancellationToken);
    }
}

在 Program.cs 中配置如下:

builder.Services.AddScoped<CustomHttpMessageHandler>();
builder.Services.AddHttpClient("ApiClient", client => client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress))
    .AddHttpMessageHandler<CustomHttpMessageHandler>();
builder.Services.AddScoped(sp => sp.GetRequiredService<IHttpClientFactory>().CreateClient("ApiClient"));

您需要将 Microsoft.Extensions.Http 包安装到您的 blazor webassembly 客户端。

于 2021-04-20T08:14:49.717 回答
0

Microsoft.Extensions.Http您需要包含 AddHttpClient 方法的 NuGet 包。使用以下命令安装它:Install-Package Microsoft.Extensions.Http -Version 3.0.0-preview7.19362.4

看起来,这个 NuGet 包是在服务器端 blazor 中自动提供的,但必须在客户端 blazor 中单独安装。

于 2019-08-22T12:14:22.083 回答