1024

asp.core 同时兼容JWT身份验证和Cookies 身份验证两种模式(示例详解)

Cytheria ·
更新时间:2024-09-20
· 582 次阅读

在实际使用中,可能会遇到,aspi接口验证和view页面的登录验证情况。asp.core 同样支持两种兼容。

首先在startup.cs 启用身份验证。

var secrityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecurityKey"])); services.AddSingleton(secrityKey); services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(option => //cookies 方式 { option.LoginPath = "/Login"; }) .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => //jwt 方式 { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true,//是否验证Issuer ValidateAudience = true,//是否验证Audience ValidateLifetime = true,//是否验证失效时间 ClockSkew = TimeSpan.FromSeconds(30), ValidateIssuerSigningKey = true,//是否验证SecurityKey ValidAudience = Configuration["JWTDomain"],//Audience ValidIssuer = Configuration["JWTDomain"],//Issuer IssuerSigningKey = secrityKey//拿到SecurityKey }; });

Configure 方法中须加入

app.UseAuthentication(); //授权 app.UseAuthorization(); //认证 认证方式有用户名密码认证 app.MapWhen(context => { var excludeUrl = new string[] { "/api/login/getinfo", "/api/login/login", "/api/login/modifypwd" }; //注意小写 return context.Request.Path.HasValue && context.Request.Path.Value.Contains("Login") && context.Request.Headers.ContainsKey("Authorization") && !(excludeUrl.Contains(context.Request.Path.Value.ToLower())); }, _app => { _app.Use(async (context, next) => { context.Response.StatusCode = 401; }); });

在login页面,后台代码

var uid = Request.Form["code"] + ""; var pwd = Request.Form["pwd"] + ""; var info = _mysql.users.Where(m => m.user_code == uid&&m.delflag==0).FirstOrDefault(); if (info == null) { return new JsonResult(new { success = false, msg = "用户不存在" }); } if (info.pwd != pwd) msg = "用户密码不正确" //创建一个身份认证 var claims = new List<Claim>() { new Claim(ClaimTypes.Sid,info.id), //用户ID new Claim(ClaimTypes.Name,info.user_code) //用户名称 }; var claimsIdentity = new ClaimsIdentity( claims, CookieAuthenticationDefaults.AuthenticationScheme); //var identity = new ClaimsIdentity(claims, "Login"); //var userPrincipal = new ClaimsPrincipal(identity); //HttpContext.SignInAsync("MyCookieAuthenticationScheme", userPrincipal, new AuthenticationProperties //{ // ExpiresUtc = DateTime.UtcNow.AddMinutes(30), // IsPersistent = true //}).Wait(); var authProperties = new AuthenticationProperties //AllowRefresh = <bool>, // Refreshing the authentication session should be allowed. ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(60), // The time at which the authentication ticket expires. A // value set here overrides the ExpireTimeSpan option of // CookieAuthenticationOptions set with AddCookie. IsPersistent = true, // Whether the authentication session is persisted across // multiple requests. When used with cookies, controls // whether the cookie's lifetime is absolute (matching the // lifetime of the authentication ticket) or session-based. //IssuedUtc = <DateTimeOffset>, // The time at which the authentication ticket was issued. //RedirectUri = <string> // The full path or absolute URI to be used as an http // redirect response value. }; await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties);

 Controler控制器部分,登录代码:

[HttpPost("Login")] public async Task<JsonResult> Login(getdata _getdata) { var userName = _getdata.username; var passWord = _getdata.password; var info = _mysql.users.Where(m => m.user_code == userName && m.delflag == 0).FirstOrDefault(); if (info == null) { return new JsonResult(new { state = false, code = -1, data = "", msg = "用户名不存在!" }); } if (CommonOp.MD5Hash(info.pwd).ToLower() != passWord) code = -2, msg = "用户密码不正确!" #region 身份认证处理 var secrityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["SecurityKey"])); List<Claim> claims = new List<Claim>(); claims.Add(new Claim("user_code", info.user_code)); claims.Add(new Claim("id", info.id)); var creds = new SigningCredentials(secrityKey, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( issuer: _config["JWTDomain"], audience: _config["JWTDomain"], claims: claims, expires: DateTime.Now.AddMinutes(120), signingCredentials: creds); return new JsonResult(new state = true, code = 0, data = new JwtSecurityTokenHandler().WriteToken(token), msg = "获取token成功" }); #endregion }

注意, 受身份验证的控制器部分,要加入如下属性头,才可以生效。

[Authorize(AuthenticationSchemes = "Bearer,Cookies")] public class ControllerCommonBase : ControllerBase { }

这样一个Controler 控制器,能够兼容两种模式啦。

到此这篇关于asp.core 同时兼容JWT身份验证和Cookies 身份验证两种模式的文章就介绍到这了,更多相关asp.core 身份验证内容请搜索软件开发网以前的文章或继续浏览下面的相关文章希望大家以后多多支持软件开发网!



示例 jwt cookies core ASP

1024 个赞
编辑 举报
需要 登录 后方可回复, 如果你还没有账号请 注册新账号
相关文章
HTML 速查列表
Peggy 2021-04-14
515
Highcharts 树状图(Treemap)
Ady 2021-04-28
531
NumPy 从数值范围创建数组
Natalie 2020-06-21
941
详解canvas绘图时遇到的跨域问题
Flower 2020-01-16
533
ubuntu修改terminal终端的主机名的实现方法
Kita 2021-05-26
748
C++ std::chrono库使用示例(实现C++ 获取日期,时间戳,计时等功能)
Faith 2023-07-21
367
c与c++之间的相互调用及函数区别示例详解
Chipo 2023-07-21
513
C#语言async await之迭代器工作原理示例解析
Jacinthe 2023-07-22
549
C#语言async await工作原理示例解析
Winona 2023-07-22
1206
C#实现从PPT中提取文本的示例代码
Ophelia 2023-07-22
1546
C#实现文件压缩与解压功能的示例代码
Agnes 2023-07-22
214
C# 中的智能枚举之如何在枚举中增加行为(示例代码)
Aurora 2023-07-22
1219
基于WPF实现面包屑控件的示例代码
Glory 2023-07-22
780
docker存储目录迁移示例教程
Pelagia 2023-07-22
1183
使用docker compose部署emqx集群的示例
Ianthe 2023-07-22
1083
nginx location指令(匹配顺序匹配冲突)实战示例详解
Nafisa 2023-07-22
1688
Python实战使用XPath采集数据示例解析
Diane 2023-07-24
1433
C++ 类模板与成员函数模板示例解析
Nora 2023-07-28
276
nginx限制ip访问频率的实现示例
Rhea 2023-08-08
1403
Docker部署Tomcat的示例代码
Kara 2023-08-08
678