ASP.NET核心JWT和声明_Jwt_Asp.net Core 2.0_Asp.net Core Webapi_Claims

ASP.NET核心JWT和声明

jwt

ASP.NET核心JWT和声明,jwt,asp.net-core-2.0,asp.net-core-webapi,claims,Jwt,Asp.net Core 2.0,Asp.net Core Webapi,Claims,我对ASP.NET核心和声明中的JWT身份验证有一个问题，因为我不知道是否所有内容都正确在ASP.NET中创建JWT令牌时，我添加了一些声明，其中一些可以自定义。当带有JWT令牌的请求从客户端发送到API时会发生什么。用户索赔是如何填写的？它是否使用从JWT读取的声明我想创建一个自定义身份提供程序（不想使用ASP.NET提供的这个），使用我自己的用户数据表、角色表等。我不想在JWT令牌中存储实现策略所需的所有重要数据（令牌中存储的信息量以及安全问题）。是否可以只在JWT令牌中存储基本声明（如

我对ASP.NET核心和声明中的JWT身份验证有一个问题，因为我不知道是否所有内容都正确

在ASP.NET中创建JWT令牌时，我添加了一些声明，其中一些可以自定义。当带有JWT令牌的请求从客户端发送到API时会发生什么。用户索赔是如何填写的？它是否使用从JWT读取的声明

我想创建一个自定义身份提供程序（不想使用ASP.NET提供的这个），使用我自己的用户数据表、角色表等。我不想在JWT令牌中存储实现策略所需的所有重要数据（令牌中存储的信息量以及安全问题）。是否可以只在JWT令牌中存储基本声明（如用户id、名称等），然后重新获取其他所需的数据DB/Cache？除此之外，我还想使用[授权]的标准机制和策略机制

如何做到这一切：自定义用户标识+JWT+标准ASP.NET基于策略的授权+每次请求时从DB/Cache获取的声明？如何实现这一点？

Asp网络核心
第一步是编写配置Jwt身份验证的方法：

// Configure authentication with JWT (Json Web Token). public void ConfigureJwtAuthService(IServiceCollection services) { // Enable the use of an [Authorize(AuthenticationSchemes = // JwtBearerDefaults.AuthenticationScheme)] // attribute on methods and classes to protect. services.AddAuthentication().AddJwtBearer(cfg => { cfg.RequireHttpsMetadata = false; cfg.SaveToken = true; cfg.TokenValidationParameters = new TokenValidationParameters() { IssuerSigningKey = JwtController.SecurityKey, ValidAudience = JwtController.Audience, ValidIssuer = JwtController.Issuer, // When receiving a token, check that we've signed it. ValidateIssuerSigningKey = true, // When receiving a token, check that it is still valid. ValidateLifetime = true, // This defines the maximum allowable clock skew when validating // the lifetime. As we're creating the tokens locally and validating // them on the same machines which should have synchronised time, // this can be set to zero. ClockSkew = TimeSpan.FromMinutes(0) }; }); }
现在在Startup.cs的ConfigureServices（）方法中，我们可以调用ConfigureJwtAuthService（）方法来配置Jwt身份验证
这是完整的启动。cs：

using System; using Autofac; using ExpertCodeBlogWebApp.Controllers; using ExpertCodeBlogWebApp.Domain; using ExpertCodeBlogWebApp.Domain.Interfaces; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.SpaServices.Webpack; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.IdentityModel.Tokens; namespace ExpertCodeBlogWebApp { public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add // services to the container. public IServiceProvider ConfigureServices(IServiceCollection services) { services.AddMvc(); // Configure jwt autenticazione ConfigureJwtAuthService(services); // Repositories services.AddScoped<IUserRepository, UserRepository>(); // Create the Autofac container builder for dependency injection var builder = new ContainerBuilder(); // Add any Autofac modules or registrations. builder.RegisterModule(new AutofacModule()); // Return ServiceProvider var serviceProvider = services.BuildServiceProvider(); return serviceProvider; } // Configure authentication with JWT (Json Web Token). public void ConfigureJwtAuthService(IServiceCollection services) { // Enable the use of an [Authorize(AuthenticationSchemes = // JwtBearerDefaults.AuthenticationScheme)] // attribute on methods and classes to protect. services.AddAuthentication().AddJwtBearer(cfg => { cfg.RequireHttpsMetadata = false; cfg.SaveToken = true; cfg.TokenValidationParameters = new TokenValidationParameters() { IssuerSigningKey = JwtController.SecurityKey, ValidAudience = JwtController.Audience, ValidIssuer = JwtController.Issuer, // When receiving a token, check that we've signed it. ValidateIssuerSigningKey = true, // When receiving a token, check that it is still valid. ValidateLifetime = true, // This defines the maximum allowable clock skew when validating // the lifetime. // As we're creating the tokens locally and validating them on the // same machines which should have synchronised time, this can be // set to zero. ClockSkew = TimeSpan.FromMinutes(0) }; }); } // This method gets called by the runtime. Use this method to configure // the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); app.UseWebpackDevMiddleware(new WebpackDevMiddlewareOptions { HotModuleReplacement = true }); } else { app.UseExceptionHandler("/Home/Error"); } app.UseStaticFiles(); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); routes.MapSpaFallbackRoute( name: "spa-fallback", defaults: new { controller = "Home", action = "Index" }); }); } } // For dependency injection. public class AutofacModule : Module { // Dependency Injection with Autofact protected override void Load(ContainerBuilder builder) { builder.RegisterType<UserRepository>().As<IUserRepository>() .SingleInstance(); } } }
要从需要身份验证的控制器方法调用，需要使用getAuthHeader（）方法将令牌附加到头中

我希望这篇文章能对你有所帮助。
Asp网络核心
第一步是编写配置Jwt身份验证的方法：

// Configure authentication with JWT (Json Web Token). public void ConfigureJwtAuthService(IServiceCollection services) { // Enable the use of an [Authorize(AuthenticationSchemes = // JwtBearerDefaults.AuthenticationScheme)] // attribute on methods and classes to protect. services.AddAuthentication().AddJwtBearer(cfg => { cfg.RequireHttpsMetadata = false; cfg.SaveToken = true; cfg.TokenValidationParameters = new TokenValidationParameters() { IssuerSigningKey = JwtController.SecurityKey, ValidAudience = JwtController.Audience, ValidIssuer = JwtController.Issuer, // When receiving a token, check that we've signed it. ValidateIssuerSigningKey = true, // When receiving a token, check that it is still valid. ValidateLifetime = true, // This defines the maximum allowable clock skew when validating // the lifetime. As we're creating the tokens locally and validating // them on the same machines which should have synchronised time, // this can be set to zero. ClockSkew = TimeSpan.FromMinutes(0) }; }); }
现在在Startup.cs的ConfigureServices（）方法中，我们可以调用ConfigureJwtAuthService（）方法来配置Jwt身份验证
这是完整的启动。cs：

using System; using Autofac; using ExpertCodeBlogWebApp.Controllers; using ExpertCodeBlogWebApp.Domain; using ExpertCodeBlogWebApp.Domain.Interfaces; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.SpaServices.Webpack; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.IdentityModel.Tokens; namespace ExpertCodeBlogWebApp { public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add // services to the container. public IServiceProvider ConfigureServices(IServiceCollection services) { services.AddMvc(); // Configure jwt autenticazione ConfigureJwtAuthService(services); // Repositories services.AddScoped<IUserRepository, UserRepository>(); // Create the Autofac container builder for dependency injection var builder = new ContainerBuilder(); // Add any Autofac modules or registrations. builder.RegisterModule(new AutofacModule()); // Return ServiceProvider var serviceProvider = services.BuildServiceProvider(); return serviceProvider; } // Configure authentication with JWT (Json Web Token). public void ConfigureJwtAuthService(IServiceCollection services) { // Enable the use of an [Authorize(AuthenticationSchemes = // JwtBearerDefaults.AuthenticationScheme)] // attribute on methods and classes to protect. services.AddAuthentication().AddJwtBearer(cfg => { cfg.RequireHttpsMetadata = false; cfg.SaveToken = true; cfg.TokenValidationParameters = new TokenValidationParameters() { IssuerSigningKey = JwtController.SecurityKey, ValidAudience = JwtController.Audience, ValidIssuer = JwtController.Issuer, // When receiving a token, check that we've signed it. ValidateIssuerSigningKey = true, // When receiving a token, check that it is still valid. ValidateLifetime = true, // This defines the maximum allowable clock skew when validating // the lifetime. // As we're creating the tokens locally and validating them on the // same machines which should have synchronised time, this can be // set to zero. ClockSkew = TimeSpan.FromMinutes(0) }; }); } // This method gets called by the runtime. Use this method to configure // the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); app.UseWebpackDevMiddleware(new WebpackDevMiddlewareOptions { HotModuleReplacement = true }); } else { app.UseExceptionHandler("/Home/Error"); } app.UseStaticFiles(); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); routes.MapSpaFallbackRoute( name: "spa-fallback", defaults: new { controller = "Home", action = "Index" }); }); } } // For dependency injection. public class AutofacModule : Module { // Dependency Injection with Autofact protected override void Load(ContainerBuilder builder) { builder.RegisterType<UserRepository>().As<IUserRepository>() .SingleInstance(); } } }
要从需要身份验证的控制器方法调用，需要使用getAuthHeader（）方法将令牌附加到头中

我希望这篇文章能帮助你。
是的，它使用了存储在jwt令牌中的声明查看httpcontext对象，查找创建令牌时存储在令牌中的声明

此链接也可以是有帮助的
是，它使用存储在jwt令牌中的声明查看httpcontext对象，查找创建令牌时存储在令牌中的声明

此链接也可以很有帮助
请在此处写下解决方案，而不要包含将来可能会断开的链接。谢谢请在这里写下解决方案，而不是包含将来可能会断开的链接。谢谢
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]