我有 JWT 服务
public class JwtService : IJwtService
{
private IDistributedCache cache;
private IHttpContextAccessor httpContext;
private IOptions<JwtOptions> jwtOptions;
private MyContext context;
private ILogger<JwtService> logger;
public JwtService(MyContext context, IDistributedCache cache,
IHttpContextAccessor httpContext, IOptions<JwtOptions> jwtOptions, ILogger<JwtService> logger)
{
this.cache = cache;
this.httpContext = httpContext;
this.jwtOptions = jwtOptions;
this.context = context;
this.logger = logger;
}
private string GetCurrentJwtString()
{
StringValues header = httpContext.HttpContext.Request.Headers["authorization"];
return StringValues.IsNullOrEmpty(header) ? string.Empty : header.Single().Split(" ").Last();
}
public async Task<bool> IsActiveCurrentJwtAsync()
{
return await IsActiveJwtAsync(GetCurrentJwtString());
}
public async Task DeactivateCurrentJwtAsync()
{
await DeactivateJwtAsync(GetCurrentJwtString());
}
public async Task DeactivateJwtAsync(string token)
{
await cache.SetStringAsync(token, "diactivated", new DistributedCacheEntryOptions()
{
AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(jwtOptions.Value.ExpiryMinutes)
});
}
public async Task<bool> IsActiveJwtAsync(string token)
{
return await cache.GetStringAsync(token) == null;
}
并且项目中有两个地方与这个服务交互:
第一的。在用户控制器中,当我注销帐户时,我会调用 deactivate token 方法,该方法只是缓存令牌。
[Authorize]
[Route("api/[controller]/[action]")]
[ApiController]
public class UserController : Controller
{
IJwtService jwtServ;
IUserService userServ;
public UserController(IJwtService jwtServ, IUserService userServ)
{
this.jwtServ = jwtServ;
this.userServ = userServ;
}
[ActionName("Logout")]
public async Task Logout()
{
await jwtServ.DeactivateCurrentJwtAsync();
}
}
第二:在身份验证设置的 Startup 类中,验证令牌后,我检查它是否在缓存中。
services.AddDistributedRedisCache(option =>
{
option.Configuration = Configuration["Redis:Address"];
option.InstanceName = "maelstorm";
});
services
.AddAuthentication(options => {
options.DefaultAuthenticateScheme = jwtSchemeName;
options.DefaultChallengeScheme = jwtSchemeName;
})
.AddJwtBearer(jwtSchemeName, jwtBearerOptions => {
jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingDecodingKey.GetKey(),
TokenDecryptionKey = encryptingDecodingKey.GetKey(),
ValidateIssuer = true,
ValidIssuer = Configuration["Jwt:Issuer"],
ValidateAudience = true,
ValidAudience = Configuration["Jwt:Audience"],
ValidateLifetime = true,
ClockSkew = TimeSpan.FromSeconds(5)
};
var servProvider = services.BuildServiceProvider();
var jwtService = servProvider.GetService<IJwtService>();
jwtBearerOptions.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return Task.CompletedTask;
},
OnTokenValidated = async context =>
{
if(! await jwtService.IsActiveCurrentJwtAsync())
{
context.Fail("Token is not active");
}
}
};
问题是,在第一种情况下,JWTService 中的缓存变量是类型Microsoft.Extensions.Caching.Distributed.MemoryDistributedCache,而在第二种情况下是Microsoft.Extensions.Caching.Redis.RedisCachе。事实证明,令牌停用方法将令牌写入一个缓存,而验证方法试图从另一个缓存中获取它,因此没有任何效果。为什么依赖注入会创建不同类型的实例?如何使只有 Redis 始终用作缓存?
依赖注入机制会创建不同的依赖项,因为您有两个不同的 ServiceProvider:一个是由框架创建的,另一个是由您创建的:
您需要访问系统 ServiceProvider,而不是调用随机方法。例如,像这样: