Jwt 如何使用basic auth asp.net从邮递员处发送和获取用户名和密码参数以进行编码
我正在尝试制作api 这是我获取授权令牌的登录名Jwt 如何使用basic auth asp.net从邮递员处发送和获取用户名和密码参数以进行编码,jwt,postman,asp.net-core-webapi,express-jwt,Jwt,Postman,Asp.net Core Webapi,Express Jwt,我正在尝试制作api 这是我获取授权令牌的登录名 public IActionResult Login(string Username,string Password) { if (ModelState.IsValid) { string user = GetAuth(Username, Password); if (user == null) {
public IActionResult Login(string Username,string Password)
{
if (ModelState.IsValid)
{
string user = GetAuth(Username, Password);
if (user == null)
{
return Unauthorized();
}
var claims = new[]
{
new System.Security.Claims.Claim(JwtRegisteredClaimNames.Sub, Username),
new System.Security.Claims.Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken
(
issuer: "" ,
audience: "",//appsettings.json içerisinde bulunan audince değeri
claims: claims,
expires: DateTime.UtcNow.AddDays(30), // 30 gün geçerli olacak
notBefore: DateTime.UtcNow,
signingCredentials: new Microsoft.IdentityModel.Tokens.SigningCredentials(new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes("aaa wssadsa adsad sa rasd as")),//appsettings.json içerisinde bulunan signingkey değeri
Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256)
) ;
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
return Ok(new { token = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler().WriteToken(token) });
}
else
{
return BadRequest();
}
}
您在这里混合和匹配概念。基本身份验证不仅仅意味着“使用用户名和密码”;它是一种特殊的身份验证方案,是授权令牌。例如,正如您可以通过发送头(如
Authorization:Bearer{token}Authorization:Basic{base64 encode user:pass}你在这里做的是登录。换句话说,您可以先执行此操作以返回auth令牌,该令牌随后将通过
Authorization:Bearer{token}授权