[Bug]同时使用jwt和cookie认证是，api无法单独通过jwt进行认证，建议api与mvc分别进行jwt和cookie认证

Furion v1.0.9.1 版本

```cs
using Furion.Authorization;
using Furion.Core;
using Furion.DataEncryption;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using System.Threading.Tasks;

namespace Furion.Web.Core
{
    /// <summary>
    /// JWT 授权自定义处理程序
    /// </summary>
    public class JwtHandler : AppAuthorizeHandler
    {
        public override Task HandleAsync(AuthorizationHandlerContext context)
        {
            // 获取当前数据库上下文
            var httpContext = context.GetCurrentHttpContext();
            var isValid = JWTEncryption.ValidateJwtBearerToken(httpContext, out var token);

// 验证 Token 和 权限
            if ((token != null && !isValid)
                || (token == null && !context.User.Identity.IsAuthenticated)
                || !CheckAuthorzie(httpContext)) context.Fail();

var pendingRequirements = context.PendingRequirements;

// 通过授权验证
            foreach (var requirement in pendingRequirements)
            {
                if (requirement is AppAuthorizeRequirement)
                {
                    context.Succeed(requirement);
                }
            }

return Task.CompletedTask;
        }

/// <summary>
        /// 检查权限
        /// </summary>
        /// <param name="httpContext"></param>
        /// <returns></returns>
        private static bool CheckAuthorzie(DefaultHttpContext httpContext)
        {
            // 获取权限特性
            var securityDefineAttribute = httpContext.GetMetadata<SecurityDefineAttribute>();
            if (securityDefineAttribute == null) return true;

// 解析服务
            var authorizationManager = httpContext.RequestServices.GetService<IAuthorizationManager>();

// 检查授权
            return authorizationManager.CheckSecurity(securityDefineAttribute.ResourceId);
        }
    }
}
```

GVP dotNET China/Furion

内容风险标识

评论 (3)

GVPdotNET China/Furion

内容风险标识