-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Authorization JWT
ansonzhang edited this page Oct 22, 2019
·
2 revisions
https://www.cnblogs.com/laozhang-is-phi/category/1413402.html
阅读顺序:从下往上。
https://www.bilibili.com/video/av58096866/?p=4
//读取配置文件
var audienceConfig = Configuration.GetSection("Audience");
var symmetricKeyAsBase64 = AppSecretConfig.Audience_Secret_String;
var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
var signingKey = new SymmetricSecurityKey(keyByteArray);
var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
// 如果要数据库动态绑定,这里先留个空,后边处理器里动态赋值
var permission = new List<PermissionItem>();
// 角色与接口的权限要求参数
var permissionRequirement = new PermissionRequirement(
"/api/denied",// 拒绝授权的跳转地址(目前无用)
permission,
ClaimTypes.Role,//基于角色的授权
audienceConfig["Issuer"],//发行人
audienceConfig["Audience"],//听众
signingCredentials,//签名凭据
expiration: TimeSpan.FromSeconds(60 * 60)//接口的过期时间
);
//【授权】
services.AddAuthorization(options =>
{
options.AddPolicy(Permissions.Name,
policy => policy.Requirements.Add(permissionRequirement));
});
// 令牌验证参数
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
ValidateIssuer = true,
ValidIssuer = audienceConfig["Issuer"],//发行人
ValidateAudience = true,
ValidAudience = audienceConfig["Audience"],//订阅人
ValidateLifetime = true,
ClockSkew = TimeSpan.FromSeconds(30),
RequireExpirationTime = true,
};
//2.1【认证】、core自带官方JWT认证
// 开启Bearer认证
services.AddAuthentication("Bearer")
// 添加JwtBearer服务
.AddJwtBearer(o =>
{
o.TokenValidationParameters = tokenValidationParameters;
o.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
// 如果过期,则把<是否过期>添加到,返回头信息中
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return Task.CompletedTask;
}
};
});
services.AddSingleton<IAuthorizationHandler, PermissionHandler>();
services.AddSingleton(permissionRequirement);
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
Blog.Core/AuthHelper/Policys/PermissionHandler.cs
/// <summary>
/// 权限授权处理器
/// </summary>
public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
{
}
/// <summary>
/// 接口管理
/// </summary>
[Route("api/[controller]/[action]")]
[ApiController]
[Authorize(Permissions.Name)]
public class ModuleController : ControllerBase
有疑问,请自行查看博客园文章:https://www.cnblogs.com/laozhang-is-phi/p/9495618.html#autoid-1-0-0
或者加 QQ 群:867095512
-
- AOP
- Appsettings
- Async-Await
- Authorization-Ids4
- Authorization-JWT
- AutoMapper
- CORS
- DI-AutoFac
- DI-NetCore
- Filter
- GlobalExceptionsFilter
- HttpContext
- Log4
- MemoryCache
- Middleware
- MiniProfiler
- publish
- Redis
- Repository
- SeedData
- SignalR
- SqlSugar
- SqlSugar-Codefirst&DataSeed
- SqlSugar-SqlAOP
- Swagger
- T4
- Test-xUnit
- Temple-Nuget
- FAQ page is a good place to see whether your question is already asked.
- Ask a question in cnblogs if you need help.
- Submit an issue if you found a bug or have a feature request.
- Open a pull request when you prepared to contribute. Before that, it is encouraged to open an issue to discuss.