编码者卢布
🏠 首页

【Azure APIM】APIM 策略语句如何读取请求头中所携带的Cookie信息并保存为变量

📅 2024-01-03 👁 0 次浏览 ❤️ 0 次点赞

问题描述

需要在APIM策略中对请求所携带的Cookie中的token值进行JWT验证,如果获取Cookie中的值并且作为变量保存,然后在JWT 验证中使用呢?

 

问题解答

第一步:获取Cookie中的Token值

使用C#语句 @(context.Request.Headers.GetValueOrDefault("cookie", "").Split(';').Select(x => x.Trim()).Select(cookie => cookie.Split('=')).SingleOrDefault(cookie => cookie[0] == "Token")?[1]) 获取到Token信息, 需要注意:Select中的lambda表达式需要根据实际情况进行修改。

Cookie:    test=123; "test222=222222222222"; test222=222222222222; token=eyJ0**LCJhbGci**************************7Yat3****H5A; test111=ey***vDH5A

第二步:把值保存为变量

使用set-variable 设置token变量,存储第一步中获取的值。

示例Policy为:

<set-variable name="token" 
value="@(context.Request.Headers.GetValueOrDefault("cookie", "").Split(';')
  .Select(x => x.Trim())
  .Select(cookie => cookie.Split('=')).SingleOrDefault(cookie => cookie[0] == "stored-token")?[1])"
 />

 

第三步:在JWT验证中获取变量值

使用 validate JWT 策略,使用 token-value="@(context.Variables.GetValueOrDefault<string>("token", "no value"))"  来代替 header-name="Authorization"

示例Policy为:

&lt;validate-jwt 
  token-value="@(context.Variables.GetValueOrDefault&lt;string&gt;("token", "no value"))" 
  failed-validation-httpcode="401" 
  require-expiration-time="false" 
  require-scheme="Bearer" 
  require-signed-tokens="true"&gt;
&lt;openid-config url=https://login.partner.microsoftonline.cn/&lt;your azure tenant id&gt;/v2.0/.well-known/openid-configuration /&gt;
  &lt;audiences&gt;
    &lt;audience&gt;&lt;your audience, GUID &gt;&lt;/audience&gt;
  &lt;/audiences&gt;
&lt;/validate-jwt&gt;

 

完整的Policy示例为:

&lt;policies&gt;
    &lt;inbound&gt;
        &lt;base /&gt;
        &lt;set-variable name="token" value="@(context.Request.Headers.GetValueOrDefault("cookie", "").Split(';').Select(x =&gt; x.Trim()).Select(cookie =&gt; cookie.Split('=')).SingleOrDefault(cookie =&gt; cookie[0] == "token")?[1])" /&gt;
        &lt;validate-jwt token-value="@(context.Variables.GetValueOrDefault&lt;string&gt;("token", "no value"))" failed-validation-httpcode="401" require-expiration-time="false" require-scheme="Bearer" require-signed-tokens="true"&gt;
            &lt;openid-config url=https://login.partner.microsoftonline.cn/xxxx-xxxx-xxxx-xxxx-xxxx/v2.0/.well-known/openid-configuration /&gt;
            &lt;audiences&gt;
                &lt;audience&gt;xxxx-xxxx-xxxx-xxxx-xxxx&lt;/audience&gt;
            &lt;/audiences&gt;
        &lt;/validate-jwt&gt;
    &lt;/inbound&gt;
    &lt;backend&gt;
        &lt;base /&gt;
    &lt;/backend&gt;
    &lt;outbound&gt;
        &lt;base /&gt;
    &lt;/outbound&gt;
    &lt;on-error&gt;
        &lt;base /&gt;
        &lt;choose&gt;
            &lt;when condition="@(context.LastError.Source == "validate-jwt")"&gt;
                &lt;return-response&gt;
                    &lt;set-status code="302" reason="Unauthorized" /&gt;
                    &lt;set-header name="Location" exists-action="override"&gt;
                        &lt;value&gt;https://login.partner.microsoftonline.cn/xxxx-xxxx-xxxx-xxxx-xxxx/oauth2/v2.0/authorize?response_type=code+id_token&amp;amp;redirect_uri=&lt;redirect_uri&gt;&amp;amp;client_id=%20xxxx-xxxx-xxxx-xxxx-xxxx&amp;amp;scope=openid+profile+email&amp;amp;response_mode=form_post&amp;amp;nonce=eef3d47c873242ddb09b28ed1f997f1b_20230926163347&amp;amp;state=redir%3D%252F&lt;/value&gt;
                    &lt;/set-header&gt;
                &lt;/return-response&gt;
            &lt;/when&gt;
        &lt;/choose&gt;
    &lt;/on-error&gt;
&lt;/policies&gt;

 

 

 

参考资料

validate-jwt :https://learn.microsoft.com/en-us/azure/api-management/validate-jwt-policy

Set variable : https://learn.microsoft.com/en-us/azure/api-management/set-variable-policy#example

 

 

正在加载评论...