I am new to ASP.NET Core 6 MVC and I'm working on a small project where users can:
我是ASP.NET Core 6 MVC的新手,我正在做一个小项目,用户可以:
- Sign In (form is sent to an external API which returns a JWT token)
- View pages but only after authentication. The pages are data driven which will be fetched from external API using the JWT token.
I have tried to find answers but have not been able to get a clear answer. Can someone please point me in the right direction?
我试着寻找答案,但没有得到明确的答案。有谁能给我指个方向吗?
更多回答
First of all you will need the Microsoft.AspNetCore.Authentication.JwtBearer
package
In the Program.cs
file (Depending if you want to use a Startup.cs or just go with the Program.cs as per default) you should Add the DefaultAuthenticateScheme
and the DefaultChallengeScheme
:
The examples are without Startup.cs just for default Programm.cs from now on
从现在起,示例将不再使用Startup.cs,仅用于默认的Programm.cs
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
// Some Code
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
// Some Code
- then you need to configure the JWT Bearer token so chain the
AddJwtBearer
to the previous example and add authorizationwith AddAuthorization
:
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}) // End of last snippet
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
RequireExpirationTime = true,
ClockSkew = TimeSpan.Zero,
};
options.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
if (context.Request.Query.ContainsKey("access_token"))
{
context.Token = context.Request.Query["access_token"];
}
return Task.CompletedTask;
}
};
});
builder.Services.AddAuthorization();
- Then you should specify the
Authentication
and Authorization
Middleware by using :
// Program.cs
// after the old code snippet
var app = builder.Build();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication(); //Add this
app.UseAuthorization(); //Add this
app.Run();
If you want to use Minimal API
the full example could look like this:
如果您希望使用最小API,则完整的示例可能如下所示:
var builder = WebApplication.CreateBuilder(args);
builder.Logging.ClearProviders();
builder.Logging.AddConsole();
// Add services to the container.
builder.Services.AddRazorPages();
var key = Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"]);
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
RequireExpirationTime = true,
ClockSkew = TimeSpan.Zero,
};
options.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
if (context.Request.Query.ContainsKey("access_token"))
{
context.Token = context.Request.Query["access_token"];
}
return Task.CompletedTask;
}
};
});
builder.Services.AddAuthorization();
builder.Services.AddCapDashboardStandalone();
var app = builder.Build();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.MapGet("/", () => Results.LocalRedirect("/index.html", true));
app.MapPost("/security/createToken",
[AllowAnonymous](User user) =>
{
if (user is { UserName: "bob", Password: "bob" })
{
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[]
{
new Claim("Id", Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
new Claim(JwtRegisteredClaimNames.Email, user.UserName),
new Claim(JwtRegisteredClaimNames.Jti,
Guid.NewGuid().ToString())
}),
Expires = DateTime.UtcNow.AddMinutes(60),
Issuer = "Test",
Audience = "Test",
SigningCredentials = new SigningCredentials
(new SymmetricSecurityKey(key),
SecurityAlgorithms.HmacSha512Signature)
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
var stringToken = tokenHandler.WriteToken(token);
return Results.Ok(stringToken);
}
return Results.Unauthorized();
});
app.UseAuthentication();
app.UseAuthorization();
app.Run();
更多回答
Thank you. I was looking for a head start and your examples gave me just that.
谢谢。我正在寻找一个先机,而你的例子恰恰给了我这个机会。
我是一名优秀的程序员,十分优秀!