ASP.NET Core JWT Bearer Token Custom Validation
After a lot of reading, i have found a way to implement a custom JWT bearer token validator as below.
Starup.cs Codes:
public void Conf
-
For custom JWT validator, I created a JWTCosumerProvider class inhert to IOAuthBearerAuthenticationProvider. And implement the ValidateIdentity() method to check the identity Claim which i stored the client IP address at first place,then compare to current request Id address after.
public Task ValidateIdentity(OAuthValidateIdentityContext context) { var requestIPAddress = context.Ticket.Identity.FindFirst(ClaimTypes.Dns)?.Value; if (requestIPAddress == null) context.SetError("Token Invalid", "The IP Address not right"); string clientAddress = JWTHelper.GetClientIPAddress(); if (!requestIPAddress.Equals(clientAddress)) context.SetError("Token Invalid", "The IP Address not right"); return Task.FromResultJWTHelper.GetClientIPAddress()
internal static string GetClientIPAddress() { System.Web.HttpContext context = System.Web.HttpContext.Current; string ipAddress = context.Request.ServerVariables["HTTP_X_FORWARDED_FOR"]; if (!string.IsNullOrEmpty(ipAddress)) { string[] addresses = ipAddress.Split(','); if (addresses.Length != 0) { return addresses[0]; } } return context.Request.ServerVariables["REMOTE_ADDR"]; }hope this help!
加载中...
- 热议问题