ASP .NET CORE 2.2 JWT &声明网站身份认证 [英] ASP .NET CORE 2.2 JWT & Claims identity Authentication for Website

问题描述

我有一个 .net core 2.2 api，它生成(在成功登录时)一个 JWT 令牌，其中包含一个声明身份，该身份传递信息，例如经过身份验证的用户的用户名、权限和角色.

I have an .net core 2.2 api which generates (on a successful login) a JWT token which contains a claims identity that passes along information such as the username, permissions and roles of the authenticated user.

在我的 .net 核心 2.2 中.Web 应用程序我有一个登录机制，它通过控制器的用户检索 JWT 令牌.

In my .net core 2.2. web app I have a login mechanism which retrieves the JWT token via the user of a controller.

我的问题是.

如何从我的登录控制器中扩展令牌并设置我的网络应用程序以包括使用身份验证机制，如 User.Identity.IsAuthenticated、User.IsInRole("Admin") 和控制器操作，例如 [Authorize] 和 [Authorize(Roles="Admin")]

How can I expand the token from within my login controller and set up my web app to include the use of the authentication mechanisms like User.Identity.IsAuthenticated, User.IsInRole("Admin") and controller actions like [Authorize] and [Authorize(Roles="Admin")]

我一直致力于查看 facebook/google 等外部身份验证提供程序背后的源代码，但无济于事.

I've been directed towards looking at the source code behind external authentication providers such as facebook/google but to no avail.

提前致谢.

推荐答案

第一步是在Startup.cs中使用cookie认证:

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie();

services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

在 Configure 方法中，使用 UseAuthentication 方法调用设置 HttpContext.User 属性的身份验证中间件.在调用 UseMvcWithDefaultRoute 或 UseMvc 之前调用 UseAuthentication 方法:

In the Configure method, use the UseAuthentication method to invoke the Authentication Middleware that sets the HttpContext.User property. Call the UseAuthentication method before calling UseMvcWithDefaultRoute or UseMvc:

app.UseAuthentication();

然后在您的身份验证控制器中，获取令牌并解码以获取声明后，您应该创建新的 ClaimsIdentity ，添加您的声明并登录用户:

Then in your auth controller , after getting token and decode to get the claims , you should create new ClaimsIdentity , add your claims and sign-in user :

if (!User.Identity.IsAuthenticated)
{
    var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme, ClaimTypes.Name, ClaimTypes.Role);
    identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, YourName));
    identity.AddClaim(new Claim(ClaimTypes.Name, YourName));
    identity.AddClaim(new Claim(ClaimTypes.Role, "Admin"));

    //Add your custom claims

    var principal = new ClaimsPrincipal(identity);
    await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, new AuthenticationProperties { IsPersistent = true });

}

之后，您可以使用User.Identity.IsAuthenticated、User.IsInRole("Admin") 和[Authorize(Roles="Admin")]:

After that , you can useUser.Identity.IsAuthenticated, User.IsInRole("Admin") and [Authorize(Roles="Admin")]:

[Authorize(Roles = "Admin")]
public IActionResult About()
{
    var result = User.IsInRole("Admin");
    return View();
}

这篇关于ASP .NET CORE 2.2 JWT &声明网站身份认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！