ICode9
精准搜索请尝试: 精确搜索
首页
编程语言>
数据库
系统相关
互联网
其他分享
Python
Java
JavaScript
android
PHP
首页 > 其他分享> 文章详细

.net core 授权验证学习

2022-08-03 16:03:26  阅读:180  来源: 互联网

标签:core set 验证 get token var new net public


 

1、Cookies 授权验证方式

  Startup.cs 文件

 

  // 注册Cookie认证服务

  services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(o =>
  {
  o.ExpireTimeSpan = TimeSpan.FromDays(1);

  ....
  });

  

  //身份认证中间件

  app.UseAuthentication();

  //授权中间件
  app.UseAuthorization();

 

  Cookies 的写入

//用户信息
var claims = new List<Claim>();
claims.Add(new Claim("id", "Id 值"));
claims.Add(new Claim("name", "Name 值"));
claims.Add(new Claim("role", "角色值"));
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(claimsIdentity);

//写入Cookies
await this.HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,principal);

  

  在需要授权的地api 方法上增加Cookies 验证特性

  [Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]

 

  //设置支持多种请认方式,以下为 Token 和 cookies 两种认证方式

  [Authorize(AuthenticationSchemes = "Cookies,Bearer")]

 

2、Jwt Token 授权方式

  

//配置 Jwt 认证服务
services
.AddOptions<JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme)
.Configure<IOptions<TokenOptions>>((options, tokenOptions) =>
{
    var opt = tokenOptions.Value;
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = opt.Issuer != null,
        ValidateAudience = opt.Audience != null,
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,

        ClockSkew = TimeSpan.FromMinutes(30),
        ValidIssuer = opt.Issuer,
        ValidAudience = opt.Audience,
        IssuerSigningKey = opt.ToSecurityKey()
    };
});

//注册 Jwt 认证服务
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer();

  

 1 /// <summary>
 2     /// 表示token选项
 3     /// </summary>
 4     public class TokenOptions
 5     {
 6         /// <summary>
 7         /// 证书路径
 8         /// </summary>
 9         public string Pfx { get; set; } = "certs/jwt/jwt.pfx";
10 
11         /// <summary>
12         /// 安全算法
13         /// </summary>
14         public string SecurityAlgorithm { get; set; } = SecurityAlgorithms.RsaSha256;
15 
16         /// <summary>
17         /// Issuer字段
18         /// </summary>
19         public string? Issuer { get; set; } = "http://medical.com";
20 
21         /// <summary>
22         /// Audience字段
23         /// </summary>
24         public string? Audience { get; set; }
25 
26         /// <summary>
27         /// 过期时间
28         /// </summary>
29         public TimeSpan Expire { get; set; } = TimeSpan.FromDays(365);
30 
31         /// <summary>
32         /// 转换为安全键
33         /// </summary>
34         /// <returns></returns>
35         public SecurityKey ToSecurityKey()
36         {
37             var path = Path.Combine(AppContext.BaseDirectory, this.Pfx);
38             var certificate = new X509Certificate2(path);
39             return new X509SecurityKey(certificate);
40         }
41 
42         /// <summary>
43         /// 创建jwt
44         /// </summary> 
45         /// <param name="claims"></param>
46         /// <param name="expire"></param> 
47         /// <returns></returns>
48         public TokenResult CreateToken(IEnumerable<Claim> claims, TimeSpan? expire = null)
49         {
50             var securityKey = this.ToSecurityKey();
51             var signingCredentials = new SigningCredentials(securityKey, this.SecurityAlgorithm);
52             var jwtHandler = new JwtSecurityTokenHandler();
53 
54             var expireValue = expire == null ? this.Expire : expire.Value;
55             var jwt = jwtHandler.CreateJwtSecurityToken(
56                 issuer: this.Issuer,
57                 audience: this.Audience,
58                 expires: DateTime.Now.Add(expireValue),
59                 signingCredentials: signingCredentials,
60                 subject: new ClaimsIdentity(claims)
61             );
62             var token = jwtHandler.WriteToken(jwt);
63             return new TokenResult
64             {
65                 Access_token = token,
66                 Expires_in = (long)expireValue.TotalSeconds,
67                 Refresh_token = null,
68                 Token_type = "bearer"
69             };
70         }
71     }
TokenOptions 
/// <summary>
    /// 表示token描述
    /// </summary>
    public class TokenResult
    {
        /// <summary>
        /// token值
        /// </summary>
        public string Access_token { get; set; } = string.Empty;

        /// <summary>
        /// 过期时间戳(秒)
        /// </summary>
        public long Expires_in { get; set; }

        /// <summary>
        /// token类型
        /// </summary>
        public string Token_type { get; set; } = "bearer";

        /// <summary>
        /// 刷新token
        /// </summary>
        public string? Refresh_token { get; set; }
    }
TokenResult.cs

 

 

备注:程序运行时经常出现以下异常:

Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager

解决办法

  1、服务注册,重定义新的目录;

    services.AddDataProtection().PersistKeysToFileSystem(new DirectoryInfo(Path.Combine(AppContext.BaseDirectory, "DataProtection")));

  2、删除 C:\Users\******\AppData\Local\ASP.NET\DataProtection-Keys 下的所有文件

 

标签:core,set,验证,get,token,var,new,net,public
来源: https://www.cnblogs.com/intotf/p/16547275.html

本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享;
2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关;
3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关;
4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除;
5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。

关于我们 | 联系我们 | 留言反馈

专注分享技术,共同学习,共同进步。侵权联系[81616952@qq.com]

Copyright (C)ICode9.com, All Rights Reserved.

ICode9版权所有