Asp.net core 如何在ASP.NET Core 3 SPA应用程序的Cookie中存储JWT令牌
我有一个默认的ASP.NET Core 3应用程序,它是我使用最新的“create react app”模板构建的。也就是说,在startup.cs中,我有以下代码实例化了我假设使用OpenID的JWT令牌生成器。我已经创建了React模板,但我认为这在本例中并不重要Asp.net core 如何在ASP.NET Core 3 SPA应用程序的Cookie中存储JWT令牌,asp.net-core,asp.net-identity,Asp.net Core,Asp.net Identity,我有一个默认的ASP.NET Core 3应用程序,它是我使用最新的“create react app”模板构建的。也就是说,在startup.cs中,我有以下代码实例化了我假设使用OpenID的JWT令牌生成器。我已经创建了React模板,但我认为这在本例中并不重要 services.AddDefaultIdentity<ApplicationUser>() .AddEntityFrameworkStores<ApplicationDb
services.AddDefaultIdentity<ApplicationUser>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
services.AddAuthentication()
.AddIdentityServerJwt();
services.AddDefaultIdentity()
.AddEntityFrameworkStores();
services.AddIdentityServer()
.addapi授权();
services.AddAuthentication()
.AddIdentityServerJwt();
登录后,我可以看到存储的cookie不是我的JWT令牌(这是我想要的)。cookie没有删除属性.AspNetCore.Identity.Application
,我认为该属性与JWT令牌有关,但我不知道如何删除
我想将JWT令牌存储为cookie参数,以便在下一个请求时将其发回服务器。如何将JWT签名令牌作为cookie存储在我的asp.net core 3应用程序中?对于JWT身份验证,它通过标头
authorization:Bearer
检查请求。无需将令牌存储在cookie中
如果您想获取用于自定义身份验证的令牌,可以尝试从标头获取它
要通过jwt身份验证,您需要使用authorizaion头而不是cookie来传递令牌
更新:
对于React和Identity library,身份验证是通过AuthorizeService.js
进行的,您可以通过下面的User
访问令牌:
async signIn(state) {
await this.ensureUserManagerInitialized();
try {
const silentUser = await this.userManager.signinSilent(this.createArguments());
this.updateState(silentUser);
return this.success(state);
} catch (silentError) {
// User might not be authenticated, fallback to popup authentication
console.log("Silent authentication error: ", silentError);
try {
if (this._popUpDisabled) {
throw new Error('Popup disabled. Change \'AuthorizeService.js:AuthorizeService._popupDisabled\' to false to enable it.')
}
const popUpUser = await this.userManager.signinPopup(this.createArguments());
this.updateState(popUpUser);
return this.success(state);
} catch (popUpError) {
if (popUpError.message === "Popup window closed") {
// The user explicitly cancelled the login action by closing an opened popup.
return this.error("The user closed the window.");
} else if (!this._popUpDisabled) {
console.log("Popup authentication error: ", popUpError);
}
// PopUps might be blocked by the user, fallback to redirect
try {
await this.userManager.signinRedirect(this.createArguments(state));
return this.redirect();
} catch (redirectError) {
console.log("Redirect authentication error: ", redirectError);
return this.error(redirectError);
}
}
}
}
对于JWT AuthenticationOn,它通过头
authorization:Bearer
检查请求。无需将令牌存储在cookie中
如果您想获取用于自定义身份验证的令牌,可以尝试从标头获取它
要通过jwt身份验证,您需要使用authorizaion头而不是cookie来传递令牌
更新:
对于React和Identity library,身份验证是通过AuthorizeService.js
进行的,您可以通过下面的User
访问令牌:
async signIn(state) {
await this.ensureUserManagerInitialized();
try {
const silentUser = await this.userManager.signinSilent(this.createArguments());
this.updateState(silentUser);
return this.success(state);
} catch (silentError) {
// User might not be authenticated, fallback to popup authentication
console.log("Silent authentication error: ", silentError);
try {
if (this._popUpDisabled) {
throw new Error('Popup disabled. Change \'AuthorizeService.js:AuthorizeService._popupDisabled\' to false to enable it.')
}
const popUpUser = await this.userManager.signinPopup(this.createArguments());
this.updateState(popUpUser);
return this.success(state);
} catch (popUpError) {
if (popUpError.message === "Popup window closed") {
// The user explicitly cancelled the login action by closing an opened popup.
return this.error("The user closed the window.");
} else if (!this._popUpDisabled) {
console.log("Popup authentication error: ", popUpError);
}
// PopUps might be blocked by the user, fallback to redirect
try {
await this.userManager.signinRedirect(this.createArguments(state));
return this.redirect();
} catch (redirectError) {
console.log("Redirect authentication error: ", redirectError);
return this.error(redirectError);
}
}
}
}
假设客户端是一个浏览器,你就不能把它放到
会话存储中吗?我需要它在cookie中。假设客户端是一个浏览器,你不能把它放到会话存储中吗?
我需要它在cookie中。我需要cookie的原因是我用JavaScript发回,html请求不是来自asp.net核心服务器。以前,在登录之后,它是,这就是设置身份验证cookie的原因。我现在需要使用承载令牌,但找不到它。它不在饼干里。@PeterKellner你是怎么申请代币的?在服务器端,您可以尝试var-token=await-HttpContext.GetTokenAsync(“access_-token”)代码>@PeterKellner检查客户端的更新以获取访问令牌。我将此代码放入控制器中,当我登录时,它返回令牌null<代码>公共IEnumerable GetSessionRecs(){var token=HttpContext.GetTokenAsync(“访问令牌”).Result;
我需要cookie的原因是我正在使用JavaScript发回,html请求不是来自asp.net核心服务器。以前,登录后,它是,这就是设置身份验证cookie的原因。我现在需要使用承载令牌,但找不到它。它不在cookie中。@PeterKellner您是如何请求令牌的?在se中服务器端,您可以尝试var-token=wait-HttpContext.GetTokenAsync(“access_-token”);
@PeterKellner检查客户端的更新以获取访问令牌。我将此代码放在控制器中,当我登录时它返回令牌null。public IEnumerable GetSessionRecs(){var-token HttpContext.GetTokenAsync(“访问令牌”)。结果;