.Net 实操将Token存入Session

一、参考

.NET Session - 掘金 (juejin.cn)

.NET 让Swagger中带JWT报文头 - 掘金 (juejin.cn)

.NET ActionFilter行为过滤器 - 掘金 (juejin.cn)

二、环境搭建

2.1 依赖下载

Microsoft.AspNetCore.Session

2.2 服务注册

主要注册了过滤器ActionApiFilter，JWT请求头和Session服务

using Microsoft.AspNetCore.Http;
using Microsoft.OpenApi.Models;
using Token1;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.

builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(s =>
{
    //添加安全定义
    s.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
    {
        Description = "请输入token,格式为 Bearer xxxxxxxx（注意中间必须有空格）",
        Name = "Authorization",
        In = ParameterLocation.Header,
        Type = SecuritySchemeType.ApiKey,
        BearerFormat = "JWT",
        Scheme = "Bearer"
    });
    //添加安全要求
    s.AddSecurityRequirement(new OpenApiSecurityRequirement {
        {
            new OpenApiSecurityScheme{
                Reference =new OpenApiReference{
                    Type = ReferenceType.SecurityScheme,
                    Id ="Bearer"
                }
            },new string[]{ }
        }
    });
});

builder.Services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
builder.Services.AddDistributedMemoryCache();
builder.Services.AddSession();

builder.Services.AddControllers(o => o.Filters.Add(typeof(ActionApiFilter)));

var app = builder.Build();
app.UseSession();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.UseHttpsRedirection();

app.UseAuthorization();

app.MapControllers();

app.Run();

2.3 创建过滤器

当用户的请求头中捎带了Token时，就将其存入Session

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using System.Net.WebSockets;

namespace Token1
{
    public class ActionApiFilter : ControllerBase, IAsyncActionFilter
    {

        private readonly ILogger<ActionApiFilter> logger;
        private readonly IHttpContextAccessor httpContextAccessor_;
        public ActionApiFilter(ILogger<ActionApiFilter> logger, IHttpContextAccessor httpContextAccessor_)
        {
            this.logger = logger;
            this.httpContextAccessor_ = httpContextAccessor_;
        }

        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            string token = context.HttpContext.Request.Headers["Authorization"].ToString();
            if (!string.IsNullOrEmpty(token))
            {
                string value = token.Split(' ').Last();
                await Console.Out.WriteLineAsync($"token:" + value);
                // 存入session
                httpContextAccessor_.HttpContext.Session.SetString("value", value);
            }
            else
            {
                await Console.Out.WriteLineAsync($"no token");
            }
            ActionExecutedContext actionExecutedContext = await next.Invoke();
        }
    }
}

2.4 创建控制器

创建了Set和Get方法，模拟Session的存取

using Microsoft.AspNetCore.Mvc;

namespace Token1.Controllers
{
    [ApiController]
    [Route("[controller]/[action]")]
    public class Test : ControllerBase
    {

        [HttpGet]
        public void Set()
        {
        }

        [HttpGet]
        public object Get()
        {
            return HttpContext.Session.GetString("value");
        }
    }
}

三、测试

填写token信息，此后每次加载请求头都会捎带

此时Seesion已存入token

注销请求头，去除Get对Set的影响（如果不注销，那么Get方法也会捎带token,会覆盖Set内容）

成功获取

此时再用postman测试一次，模拟不同用户访问

成功获取对应token

此时再访问用户1，内容不变，表明不同用户存取的session不同