Fatal编程技术网
  • asp.net-core/
  • Asp.net core 如何在ASP.NET Core 3 SPA应用程序的Cookie中存储JWT令牌

Asp.net core 如何在ASP.NET Core 3 SPA应用程序的Cookie中存储JWT令牌

asp.net-core

Asp.net core 如何在ASP.NET Core 3 SPA应用程序的Cookie中存储JWT令牌,asp.net-core,asp.net-identity,Asp.net Core,Asp.net Identity,我有一个默认的ASP.NET Core 3应用程序,它是我使用最新的“create react app”模板构建的。也就是说,在startup.cs中,我有以下代码实例化了我假设使用OpenID的JWT令牌生成器。我已经创建了React模板,但我认为这在本例中并不重要 services.AddDefaultIdentity<ApplicationUser>() .AddEntityFrameworkStores<ApplicationDb

我有一个默认的ASP.NET Core 3应用程序,它是我使用最新的“create react app”模板构建的。也就是说,在startup.cs中,我有以下代码实例化了我假设使用OpenID的JWT令牌生成器。我已经创建了React模板,但我认为这在本例中并不重要

        services.AddDefaultIdentity<ApplicationUser>()
            .AddEntityFrameworkStores<ApplicationDbContext>();

        services.AddIdentityServer()
            .AddApiAuthorization<ApplicationUser, ApplicationDbContext>();

        services.AddAuthentication()
            .AddIdentityServerJwt();

services.AddDefaultIdentity()
.AddEntityFrameworkStores();
services.AddIdentityServer()
.addapi授权();
services.AddAuthentication()
.AddIdentityServerJwt();
登录后,我可以看到存储的cookie不是我的JWT令牌(这是我想要的)。cookie没有删除属性
.AspNetCore.Identity.Application
,我认为该属性与JWT令牌有关,但我不知道如何删除

我想将JWT令牌存储为cookie参数,以便在下一个请求时将其发回服务器。如何将JWT签名令牌作为cookie存储在我的asp.net core 3应用程序中?

对于JWT身份验证,它通过标头
authorization:Bearer
检查请求。无需将令牌存储在cookie中

如果您想获取用于自定义身份验证的令牌,可以尝试从标头获取它

要通过jwt身份验证,您需要使用authorizaion头而不是cookie来传递令牌

更新:

对于React和Identity library,身份验证是通过
AuthorizeService.js
进行的,您可以通过下面的
User
访问令牌:

async signIn(state) {
    await this.ensureUserManagerInitialized();
    try {
        const silentUser = await this.userManager.signinSilent(this.createArguments());
        this.updateState(silentUser);
        return this.success(state);
    } catch (silentError) {
        // User might not be authenticated, fallback to popup authentication
        console.log("Silent authentication error: ", silentError);

        try {
            if (this._popUpDisabled) {
                throw new Error('Popup disabled. Change \'AuthorizeService.js:AuthorizeService._popupDisabled\' to false to enable it.')
            }

            const popUpUser = await this.userManager.signinPopup(this.createArguments());
            this.updateState(popUpUser);
            return this.success(state);
        } catch (popUpError) {
            if (popUpError.message === "Popup window closed") {
                // The user explicitly cancelled the login action by closing an opened popup.
                return this.error("The user closed the window.");
            } else if (!this._popUpDisabled) {
                console.log("Popup authentication error: ", popUpError);
            }

            // PopUps might be blocked by the user, fallback to redirect
            try {
                await this.userManager.signinRedirect(this.createArguments(state));
                return this.redirect();
            } catch (redirectError) {
                console.log("Redirect authentication error: ", redirectError);
                return this.error(redirectError);
            }
        }
    }
}
对于JWT AuthenticationOn,它通过头
authorization:Bearer
检查请求。无需将令牌存储在cookie中

如果您想获取用于自定义身份验证的令牌,可以尝试从标头获取它

要通过jwt身份验证,您需要使用authorizaion头而不是cookie来传递令牌

更新:

对于React和Identity library,身份验证是通过
AuthorizeService.js
进行的,您可以通过下面的
User
访问令牌:

async signIn(state) {
    await this.ensureUserManagerInitialized();
    try {
        const silentUser = await this.userManager.signinSilent(this.createArguments());
        this.updateState(silentUser);
        return this.success(state);
    } catch (silentError) {
        // User might not be authenticated, fallback to popup authentication
        console.log("Silent authentication error: ", silentError);

        try {
            if (this._popUpDisabled) {
                throw new Error('Popup disabled. Change \'AuthorizeService.js:AuthorizeService._popupDisabled\' to false to enable it.')
            }

            const popUpUser = await this.userManager.signinPopup(this.createArguments());
            this.updateState(popUpUser);
            return this.success(state);
        } catch (popUpError) {
            if (popUpError.message === "Popup window closed") {
                // The user explicitly cancelled the login action by closing an opened popup.
                return this.error("The user closed the window.");
            } else if (!this._popUpDisabled) {
                console.log("Popup authentication error: ", popUpError);
            }

            // PopUps might be blocked by the user, fallback to redirect
            try {
                await this.userManager.signinRedirect(this.createArguments(state));
                return this.redirect();
            } catch (redirectError) {
                console.log("Redirect authentication error: ", redirectError);
                return this.error(redirectError);
            }
        }
    }
}
假设客户端是一个浏览器,你就不能把它放到
会话存储中吗?我需要它在cookie中。假设客户端是一个浏览器,你不能把它放到
会话存储中吗?
我需要它在cookie中。我需要cookie的原因是我用JavaScript发回,html请求不是来自asp.net核心服务器。以前,在登录之后,它是,这就是设置身份验证cookie的原因。我现在需要使用承载令牌,但找不到它。它不在饼干里。@PeterKellner你是怎么申请代币的?在服务器端,您可以尝试
var-token=await-HttpContext.GetTokenAsync(“access_-token”)@PeterKellner检查客户端的更新以获取访问令牌。我将此代码放入控制器中,当我登录时,它返回令牌null<代码>公共IEnumerable GetSessionRecs(){var token=HttpContext.GetTokenAsync(“访问令牌”).Result;
我需要cookie的原因是我正在使用JavaScript发回,html请求不是来自asp.net核心服务器。以前,登录后,它是,这就是设置身份验证cookie的原因。我现在需要使用承载令牌,但找不到它。它不在cookie中。@PeterKellner您是如何请求令牌的?在se中服务器端,您可以尝试
var-token=wait-HttpContext.GetTokenAsync(“access_-token”);
@PeterKellner检查客户端的更新以获取访问令牌。我将此代码放在控制器中,当我登录时它返回令牌null。
public IEnumerable GetSessionRecs(){var-token HttpContext.GetTokenAsync(“访问令牌”)。结果;