如何从 .Net Core API 中的身份验证 JWT 令牌获取身份用户? [英] How to get Identity User from his authentication JWT token in .Net Core API?

问题描述

我正在将 .Net Core 用于我的 API，因此没有视图或任何内容.我还使用 ASP.net Core Identity 框架来授权我数据库中的用户.对于登录用户，我使用以下代码:

I'm using .Net Core for my API, so no views or whatsoever. I'm also using ASP.net Core Identity framework to authorize users in my database. For logging in users, I use this code:

private string GenerateAuthenticationResult(ApplicationUser user)
        {
            var tokenHandler = new JwtSecurityTokenHandler();
            var key = Encoding.ASCII.GetBytes(_jwtSettings.Secret);
            var tokenDescriptor = new SecurityTokenDescriptor
            {
                // Things to be included and encoded in the token
                Subject = new ClaimsIdentity(new[]
                {
                    new Claim(JwtRegisteredClaimNames.Sub, user.Email),
                    new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
                    new Claim(JwtRegisteredClaimNames.Email, user.Email),
                    new Claim("id", user.Id)
                }),
                // Token will expire 2 hours from which it was created
                Expires = DateTime.UtcNow.AddHours(2),
                //
                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
            };

            var token = tokenHandler.CreateToken(tokenDescriptor);

            return tokenHandler.WriteToken(token);
        }

这就像验证用户操作的魅力一样，但是如果用户使用我之前提供的令牌登录他的请求标头 (Bearer)，我怎么知道我的服务器正在与谁通话.

This works like a charm for authenticating user actions, but how can I know whom my server is talking to provided that the user used the token I provided earlier for logging in in his request header (Bearer).

TL;博士

我想从请求标头中提供的令牌中提取用户 ID 或用户电子邮件.

I want to extract user ID or user Email from the token provided in the request header.

谢谢.

推荐答案

您可以使用 AddJwtBearer 验证 JWT 令牌:

You can use AddJwtBearer validating JWT tokens :

var sharedKey = new SymmetricSecurityKey(
            Encoding.UTF8.GetBytes("yourkey"));
services.AddAuthentication(x =>
{
    x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
    x.RequireHttpsMetadata = false;
    x.SaveToken = true;

    x.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuerSigningKey = true,
        IssuerSigningKey = sharedKey,

        ValidateIssuer = false,
        ValidateAudience = false,
        ValidateLifetime = false,            
    };
});

并通过在 Configure 方法中添加 app.UseAuthentication(); 来启用 asp.net 核心身份验证中间件.之后，您可以在受保护的操作/控制器上添加 [Authorize] 属性.

And enable asp.net core authentication middleware via adding app.UseAuthentication(); in Configure method . After that , you can add [Authorize] attribute on protected actions/controllers .

在操作中进行身份验证后获取电子邮件和用户 ID:

To get the email and user id after authentication in action :

var  email= User.Claims.Where(x => x.Type == ClaimTypes.Email).FirstOrDefault()?.Value;
var  userid= User.Claims.Where(x => x.Type == "id").FirstOrDefault()?.Value;

这里使用了ClaimTypes.Email，因为JwtRegisteredClaimNames.Email 会被中间件自动映射到ClaimTypes.Email.请参阅 源代码 .

Here ClaimTypes.Email is used since JwtRegisteredClaimNames.Email will map to ClaimTypes.Email by middleware automatically . See source code .

这里有一些关于 JWT 身份验证的有用文章:

Here are some useful articles for JWT Authentication :

https://jasonwatmore.com/post/2018/08/14/aspnet-core-21-jwt-authentication-tutorial-with-example-api

https://jasonwatmore.com/post/2019/10/11/aspnet-core-3-jwt-authentication-tutorial-with-example-api

这篇关于如何从 .Net Core API 中的身份验证 JWT 令牌获取身份用户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！