C# 在cookie中存储JWT令牌后,如何在ASP.NET Core 3.1中破坏该cookie并获取信息
在我的ASP.NET Core 3.1 MVC应用程序中,我想将JWT令牌存储在cookie中,然后在授权期间,我想中断该操作以获取用户信息。这是我如何在cookie中存储JWT令牌的代码C# 在cookie中存储JWT令牌后,如何在ASP.NET Core 3.1中破坏该cookie并获取信息,c#,cookies,jwt,asp.net-core-3.1,cookie-authentication,C#,Cookies,Jwt,Asp.net Core 3.1,Cookie Authentication,在我的ASP.NET Core 3.1 MVC应用程序中,我想将JWT令牌存储在cookie中,然后在授权期间,我想中断该操作以获取用户信息。这是我如何在cookie中存储JWT令牌的代码 var tokenHandler = new JwtSecurityTokenHandler(); var secrect = configuration.GetValue<string>("Secret"); var key = Encoding.ASCII.GetBytes
var tokenHandler = new JwtSecurityTokenHandler();
var secrect = configuration.GetValue<string>("Secret");
var key = Encoding.ASCII.GetBytes(secrect);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.UserName),
new Claim(ClaimTypes.NameIdentifier, user.UserId.ToString())
}),
Expires = DateTime.UtcNow.AddDays(1),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key),
SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var cookieOptions = new CookieOptions
{
// Set the secure flag, which Chrome's changes will require for SameSite none.
// Note this will also require you to be running on HTTPS.
Secure = false,
// Set the cookie to HTTP only which is good practice unless you really do need
// to access it client side in scripts.
HttpOnly = false,
// Add the SameSite attribute, this will emit the attribute with a value of none.
// To not emit the attribute at all set
// SameSite = (SameSiteMode)(-1)
// SameSite = SameSiteMode.Lax
};
//// Add the cookie to the response cookie collection
Response.Cookies.Append("auth-cookie", token.ToString(), cookieOptions);
var-tokenHandler=new JwtSecurityTokenHandler();
var secrect=configuration.GetValue(“Secret”);
var key=Encoding.ASCII.GetBytes(secrect);
var tokenDescriptor=新的SecurityTokenDescriptor
{
主题=新的索赔实体(新的索赔[]
{
新索赔(ClaimTypes.Name、user.UserName),
新声明(ClaimTypes.NameIdentifier,user.UserId.ToString())
}),
Expires=DateTime.UtcNow.AddDays(1),
SigningCredentials=新的SigningCredentials(新对称安全密钥),
安全算法(HMACSHA256签名)
};
var token=tokenHandler.CreateToken(tokenDescriptor);
var cookieOptions=新的cookieOptions
{
//设置安全标志,Chrome的更改将要求SameSite none使用该标志。
//注意,这也要求您在HTTPS上运行。
安全=错误,
//将cookie设置为HTTP only,这是一种很好的做法,除非您确实需要
//在脚本中访问它的客户端。
HttpOnly=false,
//添加SameSite属性,这将发射值为none的属性。
//完全不发射属性集的步骤
//SameSite=(SameSiteMode)(-1)
//SameSite=SameSiteMode.Lax
};
////将cookie添加到响应cookie集合
Append(“auth cookie”,token.ToString(),cookieOptions);
var secrect = configuration.GetValue<string>("Secret");
var key = Encoding.ASCII.GetBytes(secrect);
SecurityToken validatedToken;
TokenValidationParameters validationParameters = new TokenValidationParameters();
validationParameters.ValidateLifetime = true;
validationParameters.IssuerSigningKey = new SymmetricSecurityKey(key);
ClaimsPrincipal principal = new JwtSecurityTokenHandler().ValidateToken(jwtToken, validationParameters, out validatedToken);
var secrect = configuration.GetValue<string>("Secret");
var key = Encoding.ASCII.GetBytes(secrect);
SecurityToken validatedToken;
TokenValidationParameters validationParameters = new TokenValidationParameters();
validationParameters.ValidateLifetime = true;
validationParameters.IssuerSigningKey = new SymmetricSecurityKey(key);
ClaimsPrincipal principal = new JwtSecurityTokenHandler().ValidateToken(jwtToken, validationParameters, out validatedToken);