using Blazor 3.2 I need to automatically send the security token in request header,I don't use Identity,I have custom tables on the server for users,I get the token from login controller and save it to local storage
public class JWTAuthenticationStateProvider : AuthenticationStateProvider, ILoginService
{
private readonly IJSRuntime js;
private readonly HttpClient httpClient;
private readonly string TOKENKEY = "TOKENKEY";
private AuthenticationState Anonymous => new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity()));
public JWTAuthenticationStateProvider(IJSRuntime js, HttpClient httpClient)
{
this.js = js;
this.httpClient = httpClient;
}
public override async Task<AuthenticationState> GetAuthenticationStateAsync()
{
var token = await js.GetFromLocalStorage(TOKENKEY);
if (string.IsNullOrEmpty(token))
{
return Anonymous;
}
return BuildAuthenticationState(token);
}
public AuthenticationState BuildAuthenticationState(string token)
{
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
return new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity(ParseClaimsFromJwt(token), "jwt")));
}
public async Task Login(string token)
{
await js.SetInLocalStorage(TOKENKEY, token);
var authState = BuildAuthenticationState(token);
NotifyAuthenticationStateChanged(Task.FromResult(authState));
}
public async Task Logout()
{
await js.RemoveItem(TOKENKEY);
httpClient.DefaultRequestHeaders.Authorization = null;
NotifyAuthenticationStateChanged(Task.FromResult(Anonymous));
}
}
for requests I use:
public interface IHttpService
{...
Task<HttpResponseWrapper<object>> Post<T>(string url, T data);
...
}
public class HttpService : IHttpService
{
private readonly HttpClient httpClient;
private JsonSerializerOptions DefaultJsonSerializerOptions =>
new JsonSerializerOptions() { PropertyNameCaseInsensitive = true };
public HttpService(HttpClient _httpClient)
{
httpClient = _httpClient;
}
.......
public async Task<HttpResponseWrapper<object>> Post<T>(string url, T data)
{
var dataJson = JsonSerializer.Serialize(data);
var stringContent = new StringContent(dataJson, Encoding.UTF8, "application/json");
var response = await httpClient.PostAsync(url, stringContent);
return new HttpResponseWrapper<object>(null, response.IsSuccessStatusCode, response);
}
.........
public class HttpResponseWrapper<T>
{
public HttpResponseWrapper(T response, bool succes, HttpResponseMessage httpResponseMessage)
{
Response = response;
Success = succes;
HttpResponseMessage = httpResponseMessage;
}
public T Response { get; set; }
public bool Success { get; set; }
public HttpResponseMessage HttpResponseMessage { get; set; }
public async Task<string> GetBody()
{
return await HttpResponseMessage.Content.ReadAsStringAsync();
}
}
when I send a request to the server :
var res = await httpService.Post<QueryObject, ResObject>($"{url}/get", query);
I get 401(Unauthorized), in dev tools i see no Bearer token in Request
Headers: :authority: localhost:44341 :method: POST :path: /api/datar/get :scheme: https accept: / accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 cache-control: no-cache content-length: 123 content-type: application/json; charset=utf-8 cookie: .AspNet.Consent=yes; .AspNetCore.Session=CfDJ8KV1S2nC4ehItE9KmaCETAilfhhNr%2BP3SQORWHzxbFYQLddeekAftj05md7N%2BWYjU1LxdcIBY4XW9muw13u2q2clwdsmQHLb2DqCKkQW%2FbcquzDPKYbcAtcuJEJ2OpOz75zgMYhRmL47zGhNvmhhHXbEEKGnQwpAk8gnAe6bF6XC origin: https://localhost:44341 pragma: no-cache referer: https://localhost:44341/sch sec-fetch-dest: empty sec-fetch-mode: cors sec-fetch-site: same-origin user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.80 Safari/537.36 OPR/72.0.3815.148