Fer*_*eri 3 c# jwt asp.net-core
我想同时使用基于 cookie 的身份验证,并且jwt在我的程序中,使用身份验证用户mvc通过登录访问控制器,并使用 JWT 访问 WebApi 资源。
我尝试使用其中的两个首先,我的客户端可以使用用户名和密码登录并使用 cookie 进行身份验证。来自 Application with WebApi with Token Bearer 的第二个访问资源,但出现错误!
在我的startup.cs文件中,我有:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
options.ConsentCookie.Name = "Cookie";
});
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = "Cookie";
options.ClaimsIssuer = Configuration["Authentication:ClaimsIssuer"];
});
services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN");
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, ApplicationRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultUI(UIFramework.Bootstrap4)
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
// Password settings.
options.Password.RequireDigit = true;
options.Password.RequireLowercase = true;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequiredLength = 5;
options.Password.RequiredUniqueChars = 1;
// Lockout settings.
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
options.Lockout.MaxFailedAccessAttempts = 5;
options.Lockout.AllowedForNewUsers = true;
// User settings.
options.User.AllowedUserNameCharacters =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
options.User.RequireUniqueEmail = false;
//Token
});
services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.Cookie.Name = "Cookie";
options.ClaimsIssuer = Configuration["Authentication:ClaimsIssuer"];
})
.AddMicrosoftAccount(microsoftOptions =>
{
microsoftOptions.ClientId = Configuration["Authentication:Microsoft:ApplicationId"];
microsoftOptions.ClientSecret = Configuration["Authentication:Microsoft:Password"];
})
.AddGoogle(googleOptions =>
{
googleOptions.ClientId = "XXXXXXXXXXX.apps.googleusercontent.com";
googleOptions.ClientSecret = "g4GZ2#...GD5Gg1x";
googleOptions.Scope.Add("https://www.googleapis.com/auth/plus.login");
googleOptions.ClaimActions.MapJsonKey(ClaimTypes.Gender, "gender");
googleOptions.SaveTokens = true;
googleOptions.Events.OnCreatingTicket = ctx =>
{
List<AuthenticationToken> tokens = ctx.Properties.GetTokens()
as List<AuthenticationToken>;
tokens.Add(new AuthenticationToken()
{
Name = "TicketCreated",
Value = DateTime.UtcNow.ToString()
});
ctx.Properties.StoreTokens(tokens);
return Task.CompletedTask;
};
})
.AddJwtBearer(options =>
{
options.ClaimsIssuer = Configuration["Authentication:ClaimsIssuer"];
options.SaveToken = true;
options.Authority = Configuration["Authentication:Authority"];
options.Audience = Configuration["Authentication:Audience"];
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
ValidIssuer = Configuration["Authentication:ValidIssuer"],
ValidateAudience = true,
ValidAudience = Configuration["Authentication:ValidAudience"],
ValidateLifetime = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Authentication:SecurityKey"]))
};
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
services.AddSession();
services.AddSingleton<IConfiguration>(Configuration);
}
我在这个控制器中得到了一个令牌:
[AllowAnonymous]
[HttpPost]
public async Task<IActionResult> GetToken(TokenLoginModel model)
{
if (!ModelState.IsValid) return BadRequest("Token failed to generate");
var user = await _usermanager.FindByNameAsync(model.UserName);
//var user = true;// (model.Password == "password" && model.Username == "username");
if (user != null && await _usermanager.CheckPasswordAsync(user, model.Password))
{
var claims = new[]{
new Claim("ClaimsIssuer", _configuration.GetSection("Authentication:ClaimsIssuer").Value),
new Claim(Microsoft.IdentityModel.JsonWebTokens.JwtRegisteredClaimNames.Sub,user.UserName),
new Claim(Microsoft.IdentityModel.JsonWebTokens.JwtRegisteredClaimNames.Jti,Guid.NewGuid().ToString())
};
string SecurKey = Startup.StaticConfig.GetSection("Authentication:SecurityKey").Value;
var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(SecurKey));
var token = new JwtSecurityToken(
issuer: _configuration.GetSection("Authentication:ValidIssuer").Value,
audience: _configuration.GetSection("Authentication:Audience").Value,
expires: DateTime.UtcNow.AddDays(30),
claims: claims,
signingCredentials: new Microsoft.IdentityModel.Tokens.SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256)
);
return Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
expiration = token.ValidTo
});
}
return Unauthorized();
}
我实现了创建令牌的控制,但是当我尝试使用它进行授权时,出现此错误:
An unhandled exception occurred while processing the request.
HttpRequestException: Response status code does not indicate success: 404 (Not Found).
System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
IOException: IDX20804: Unable to retrieve document from: 'https://localhost:44383/oauth2/default/.well-known/openid-configuration'.
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)
InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://localhost:44383/oauth2/default/.well-known/openid-configuration'.
Microsoft.IdentityModel.Protocols.ConfigurationManager<T>.GetConfigurationAsync(CancellationToken cancel)
Far*_*raz 11
为了添加对 JWT 的支持,我们添加了 AddCookie 和 AddJwtBearer。让网站需要标头中的令牌会让人头疼,特别是对于不是纯粹的 SPA 或 API 的项目。所以我真正想要的是同时支持 Cookie 和 JWT。
在 startup.cs 你有:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<DualAuthContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<DualAuthContext>()
.AddDefaultTokenProviders();
// Enable Dual Authentication
services.AddAuthentication()
.AddCookie(cfg => cfg.SlidingExpiration = true)
.AddJwtBearer(cfg =>
{
cfg.RequireHttpsMetadata = false;
cfg.SaveToken = true;
cfg.TokenValidationParameters = new TokenValidationParameters()
{
ValidIssuer = Configuration["Tokens:Issuer"],
ValidAudience = Configuration["Tokens:Issuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Tokens:Key"]))
};
});
// Add application services.
services.AddTransient<IEmailSender, EmailSender>();
services.AddMvc();
}
并在配置方法中:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, DataSeeder seeder)
{
...
app.UseAuthentication();
}
在您的控制器中使用 JWT 之后,您应该将 JWT Bearer AuthenticationSchemes 添加到 Authorize 属性中,如下所示:
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[Route("/api/customers")]
public class ProtectedController : Controller
{
public ProtectedController()
{
}
public IActionResult Get()
{
return Ok(new[] { "One", "Two", "Three" });
}
}
参考:ASP.NET Core 2 中的两个 AuthorizationSchemes
使用起来非常简单和有帮助。
| 归档时间: |
|
| 查看次数: |
5645 次 |
| 最近记录: |