Fatal编程技术网

Model view controller 在dot net core MVC中使用Jwt进行简单身份验证

model-view-controller asp.net-core jwt

Model view controller 在dot net core MVC中使用Jwt进行简单身份验证,model-view-controller,asp.net-core,jwt,Model View Controller,Asp.net Core,Jwt,我试图在我的dotnetcore应用程序中添加JWT验证。我已经理解了JWT,并且能够通过给一些像这样的值来生成令牌 var token = new JwtSecurityToken( issuer: issuer, audience: aud, claims: claims, expires: expTime, signingCredentials: creds ); 编辑:接下来,我还在我的应用程序中添加了JwtBearerAuthentication中间件,方法是将a

我试图在我的dotnetcore应用程序中添加JWT验证。我已经理解了JWT,并且能够通过给一些像这样的值来生成令牌

var token = new JwtSecurityToken(
  issuer: issuer,
  audience: aud,
  claims: claims,
  expires: expTime,
  signingCredentials: creds
);
编辑:接下来,我还在我的应用程序中添加了
JwtBearerAuthentication中间件,方法是将app.UseJwtBearerAuthentication(新的jwtbearoptions{/*options*/})添加到Startup.Configure()方法

现在我被卡住了,我怎么能在HTTP头中传递这个令牌呢?我将在登录时生成此令牌,但下一步是什么?我怎样才能知道JWT已经添加并且运行良好

任何帮助都将不胜感激。

这是ASP.NET核心中可运行的承载令牌身份验证示例。

在后端,您可以按照以下代码生成令牌:

[Route("api/[controller]")]
public class TokenAuthController : Controller
{
    [HttpPost]
    public string GetAuthToken(User user)
    {
        var existUser = UserStorage.Users.FirstOrDefault(u => u.Username == user.Username && u.Password == user.Password);

        if (existUser != null)
        {
            var requestAt = DateTime.Now;
            var expiresIn = requestAt + TokenAuthOption.ExpiresSpan;
            var token = GenerateToken(existUser, expiresIn);

            return JsonConvert.SerializeObject(new {
                stateCode = 1,
                requertAt = requestAt,
                expiresIn = TokenAuthOption.ExpiresSpan.TotalSeconds,
                accessToken = token
            });
        }
        else
        {
            return JsonConvert.SerializeObject(new { stateCode = -1, errors = "Username or password is invalid" });
        }
    }

    private string GenerateToken(User user, DateTime expires)
    {
        var handler = new JwtSecurityTokenHandler();

        ClaimsIdentity identity = new ClaimsIdentity(
            new GenericIdentity(user.Username, "TokenAuth"),
            new[] {
                new Claim("ID", user.ID.ToString())
            }
        );

        var securityToken = handler.CreateToken(new SecurityTokenDescriptor
        {
            Issuer = TokenAuthOption.Issuer,
            Audience = TokenAuthOption.Audience,
            SigningCredentials = TokenAuthOption.SigningCredentials,
            Subject = identity,
            Expires = expires
        });
        return handler.WriteToken(securityToken);
    }
}
在Startup.cs/ConfigureServices方法中

services.AddAuthorization(auth =>
{
    auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
        .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme‌​)
        .RequireAuthenticatedUser().Build());
});
并在Configure方法中添加此代码

app.UseJwtBearerAuthentication(new JwtBearerOptions {
    TokenValidationParameters = new TokenValidationParameters {
        IssuerSigningKey = TokenAuthOption.Key,
        ValidAudience = TokenAuthOption.Audience,
        ValidIssuer = TokenAuthOption.Issuer,
        ValidateIssuerSigningKey = true,
        ValidateLifetime = true,
        ClockSkew = TimeSpan.FromMinutes(0)
    }
});
在前端,您只需将令牌添加到标头,如下所示:

$.ajaxSetup({
    headers: { "Authorization": "Bearer " + accessToken }
});

这是ASP.NET Core中承载令牌身份验证的可运行示例。

在后端,您可以按照以下代码生成令牌:

[Route("api/[controller]")]
public class TokenAuthController : Controller
{
    [HttpPost]
    public string GetAuthToken(User user)
    {
        var existUser = UserStorage.Users.FirstOrDefault(u => u.Username == user.Username && u.Password == user.Password);

        if (existUser != null)
        {
            var requestAt = DateTime.Now;
            var expiresIn = requestAt + TokenAuthOption.ExpiresSpan;
            var token = GenerateToken(existUser, expiresIn);

            return JsonConvert.SerializeObject(new {
                stateCode = 1,
                requertAt = requestAt,
                expiresIn = TokenAuthOption.ExpiresSpan.TotalSeconds,
                accessToken = token
            });
        }
        else
        {
            return JsonConvert.SerializeObject(new { stateCode = -1, errors = "Username or password is invalid" });
        }
    }

    private string GenerateToken(User user, DateTime expires)
    {
        var handler = new JwtSecurityTokenHandler();

        ClaimsIdentity identity = new ClaimsIdentity(
            new GenericIdentity(user.Username, "TokenAuth"),
            new[] {
                new Claim("ID", user.ID.ToString())
            }
        );

        var securityToken = handler.CreateToken(new SecurityTokenDescriptor
        {
            Issuer = TokenAuthOption.Issuer,
            Audience = TokenAuthOption.Audience,
            SigningCredentials = TokenAuthOption.SigningCredentials,
            Subject = identity,
            Expires = expires
        });
        return handler.WriteToken(securityToken);
    }
}
在Startup.cs/ConfigureServices方法中

services.AddAuthorization(auth =>
{
    auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
        .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme‌​)
        .RequireAuthenticatedUser().Build());
});
并在Configure方法中添加此代码

app.UseJwtBearerAuthentication(new JwtBearerOptions {
    TokenValidationParameters = new TokenValidationParameters {
        IssuerSigningKey = TokenAuthOption.Key,
        ValidAudience = TokenAuthOption.Audience,
        ValidIssuer = TokenAuthOption.Issuer,
        ValidateIssuerSigningKey = true,
        ValidateLifetime = true,
        ClockSkew = TimeSpan.FromMinutes(0)
    }
});
在前端,您只需将令牌添加到标头,如下所示:

$.ajaxSetup({
    headers: { "Authorization": "Bearer " + accessToken }
});

从何处以及如何获取accessToken?您可以在代码示例中的Controllers/TokenAuthController.cs中找到代码。是否有任何方法通过razor语法实现此解决方案?我们没有ajax调用的地方?在浏览器中无法将http头添加到表单请求。但您可以在浏览器和服务器端将令牌设置为cookie,添加一个中间件以通过cookie设置httpheader。也许您应该为web jwt网页身份验证创建另一个问题。从何处以及如何获取accessToken??您可以从代码示例中的Controllers/TokenAuthController.cs中找到代码。是否有任何方法通过razor语法实现此解决方案?我们没有ajax调用的地方?在浏览器中无法将http头添加到表单请求。但您可以在浏览器中将令牌设置为cookie,并在服务器端添加中间件以通过cookie设置httpheader。也许您应该为web jwt网页身份验证创建另一个问题。