Jwt Bearer 和依赖注入 [英] Jwt Bearer and dependency injection

查看:35
本文介绍了Jwt Bearer 和依赖注入的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试配置我的 Jwt Bearer 颁发者密钥,但在生产中,我通常使用由 KeyManager 包装的 Azure Key Vault.KeyManager 类是在依赖注入中配置的,但是在 ConfigureServices 方法中我不能使用它(显然),但是如果我不能使用它,我就无法检索我的密钥.

I am trying to configure my Jwt Bearer issuer key but, in production usually, I use Azure Key Vault wrapped by a KeyManager. The KeyManager class is configured in Dependency Injection but, in ConfigureServices method I cannot use that (obviously), but if I cannot use that I cannot retrieve my key.

我目前的解决方案是建立一个临时服务提供者并使用它,但我认为不是最先进的(我需要创建两个单例副本,不是最好的).

My solution at the moment is to build a temporary service provider and use it, but I think is not the state of the art (and I need to create two copies of singletons, not the best).

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{
    ServiceProvider sp = services.BuildServiceProvider();
    IKeyManager keyManager = sp.GetService<KeyManager>();

    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuerSigningKey = true,
        IssuerSigningKey = keyManager.GetSecurityKeyFromName("jwt").Result,

        ValidIssuer = "https://api.example.com",
        ValidateIssuer = true
    };

    options.Audience = "https://api.example.com";
    options.Authority = "https://api.example.com";

    options.SaveToken = true;
});

推荐答案

使用 选项模式并实现IConfigureNamedOptions<JwtBearerOptions>:

public class ConfigureJwtBearerOptions : IConfigureNamedOptions<JwtBearerOptions>
{
    private readonly IKeyManager _keyManager;

    public ConfigureJwtBearerOptions(IKeyManager keyManager)
    {
        _keyManager = keyManager;
    }

    public void Configure(JwtBearerOptions options)
    {
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = _keyManager.GetSecurityKeyFromName("jwt").Result,

            ValidIssuer = "https://api.example.com",
            ValidateIssuer = true
        };

        options.Audience = "https://api.example.com";
        options.Authority = "https://api.example.com";

        options.SaveToken = true;
    }

    public void Configure(string name, JwtBearerOptions options)
    {
        Configure(options);
    }
}

Startup.cs中:

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer();

services.ConfigureOptions<ConfigureJwtBearerOptions>();

这篇关于Jwt Bearer 和依赖注入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆