在ASP.NET Core中结合cookie和令牌身份验证 [英] Combining cookie and token authentication in ASP.NET Core

问题描述

我在ASP.NET Core 2.1的一个项目中拥有REST服务(Web API)和管理面板(MVC).我想用JWT令牌保护我的API，并用cookie保护我的MVC页面.我可以结合这两种身份验证方法.如何配置我的Startup.cs，授权属性和登录功能.

解决方案

我想您应该使用OAuth 2.0框架.请检查

I've REST services (Web API) and admin panel (MVC) in one project on ASP.NET Core 2.1. I want to secure my API with JWT token, and my MVC pages with cookies. Can I combinate these two authentication ways. How to configure my Startup.cs, Authorize attribute and sign in functionality.

解决方案

I suppose you should use an OAuth 2.0 framework. please check IdentityServer4 it enables many features in your applications.

IdentityServer is middleware that adds the spec compliant OpenID Connect and OAuth 2.0 endpoints to an arbitrary ASP.NET Core application.

Typically, you build (or re-use) an application that contains a login and logout page (and maybe consent - depending on your needs), and the IdentityServer middleware adds the necessary protocol heads to it, so that client applications can talk to it using those standard protocols.

这篇关于在ASP.NET Core中结合cookie和令牌身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！