ASP.NET Core 2.2 JWT身份验证 [英] ASP.NET Core 2.2 JWT Authentication
问题描述
我最近一直在学习ASP.NET Core 2.2,并尝试使用JWT令牌开发基于角色的登录示例(网站+ Web API).
I've been learning about ASP.NET Core 2.2 recently and trying to develop a Role-Based login sample(Website + Web API) using JWT token.
定义很简单:
- 如果用户的角色是管理员",则它将重定向到管理页面.
- 如果用户的角色是用户",则它将重定向到用户页面.
但是,我在带有ASP.NET Core 2.2的JWT令牌"上找到的大多数解决方案和文章仅适用于Web API.
But most of the solutions and articles I found on "JWT token with ASP.NET Core 2.2" is only for Web API.
从下面的文章中,我几乎了解了JWT令牌的工作原理以及如何在Web API端实现它:
I've almost understood how JWT token works and how to implement it on Web API side from following article :
现在我的问题是如何使用ASP.NET Core网站使用上述API?
Now my problem is how to consume above API using ASP.NET Core Website?
对于许多人来说,这可能是一个简单的问题,但是我对Web开发还很陌生,并且不了解很多事情.
This might be a simple problem for many a guys but I'm fairly new to web development and don't understand a lot of things.
任何帮助将不胜感激. 预先感谢.
Any help would be appreciated. Thanks in advance.
推荐答案
使用我在评论中发布的指南.这不是您所需要的全部-但是我无法在注释中发布代码.需要长格式.
Using the guide i posted in the comments. This isn't all you need - but i cant post code in comments. Needed long form.
您使用声明将角色添加到令牌中.
You use claims to get the role into your token.
在您的startup.cs
In your startup.cs
var secretKey = Configuration.GetSection("JWTSettings:SecretKey").Value;
var issuer = Configuration.GetSection("JWTSettings:Issuer").Value;
var audience = Configuration.GetSection("JWTSettings:Audience").Value;
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretKey));
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
ValidateIssuer = true,
ValidIssuer = issuer,
ValidateAudience = true,
ValidAudience = audience,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero,
};
services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = tokenValidationParameters;
});
然后在控制器方法中,用户用于登录"或发出令牌.
Then in your controller method that a user uses to "login" or issue a token.
var claims = new[] {
new Claim(ClaimTypes.Name, Credentials.Email),
new Claim(ClaimTypes.Role, Role) };
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.SecretKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: _options.Issuer,
audience: _options.Audience,
claims: claims,
expires: DateTime.Now.AddYears(10),
signingCredentials: creds);
然后使用该角色保护您的方法或控制器.
Then protect your method or controller with the role.
[Authorize(Roles = "Admin")]
[HttpGet]
Public IActionResult GrabStuff(){ }
这篇关于ASP.NET Core 2.2 JWT身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!