1. 首页
  2. 问题列表
  3. 将JWT认证实现从. net core 2转移到asp.netweb api 2
提问者:小点点

将JWT认证实现从. net core 2转移到asp.netweb api 2


我在. net core 2应用程序中实现了JWT身份验证,它工作正常。

我想在asp.netweb api 2应用程序中使用此实现和结构,但我得到错误

我的结构:

JwtTokenBuilder类: 

using System;
using System.Collections.Generic;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Linq;

namespace solution.Authentication
{
  public sealed class JwtTokenBuilder
  {
    private SecurityKey securityKey = null;
    private string subject = "";
    private string issuer = "";
    private string audience = "";
    private Dictionary<string, string> claims = new Dictionary<string, string>();
    private DateTime expireTime = DateTime.UtcNow.AddMinutes(30);

    public JwtTokenBuilder AddSecurityKey(SecurityKey securityKey)
    {
      this.securityKey = securityKey;
      return this;
    }

    public JwtTokenBuilder AddSubject(string subject)
    {
      this.subject = subject;
      return this;
    }

    public JwtTokenBuilder AddIssuer(string issuer)
    {
      this.issuer = issuer;
      return this;
    }

    public JwtTokenBuilder AddAudience(string audience)
    {
      this.audience = audience;
      return this;
    }

    public JwtTokenBuilder AddClaim(string type, string value)
    {
      this.claims.Add(type, value);
      return this;
    }

    public JwtTokenBuilder AddClaims(Dictionary<string, string> claims)
    {
      this.claims.Union(claims);
      return this;
    }

    public JwtTokenBuilder AddExpiry(DateTime expireTime)
    {
      this.expireTime = expireTime;
      return this;
    }

    public JwtToken Build()
    {
      EnsureArguments();

      var claims = new List<Claim>
            {
              new Claim(JwtRegisteredClaimNames.Sub, this.subject),
              new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
            }
      .Union(this.claims.Select(item => new Claim(item.Key, item.Value)));

      var token = new JwtSecurityToken(
                        issuer: this.issuer,
                        audience: this.audience,
                        claims: claims,
                        expires: this.expireTime,
                        signingCredentials: new SigningCredentials(
                                                  this.securityKey,
                                                  SecurityAlgorithms.HmacSha256));

      return new JwtToken(token);
    }

    #region " private "

    private void EnsureArguments()
    {
      if (this.securityKey == null)
        throw new ArgumentNullException("Security Key");

      if (string.IsNullOrEmpty(this.subject))
        throw new ArgumentNullException("Subject");

      if (string.IsNullOrEmpty(this.issuer))
        throw new ArgumentNullException("Issuer");

      if (string.IsNullOrEmpty(this.audience))
        throw new ArgumentNullException("Audience");
    }

    #endregion
  }
}

令牌对象: 

using System;
using System.IdentityModel.Tokens.Jwt;

namespace solution.Authentication
{
  public sealed class JwtToken
  {
    private JwtSecurityToken token;

    internal JwtToken(JwtSecurityToken token)
    {
      this.token = token;
    }

    public DateTime ValidTo => token.ValidTo;
    public string access_token => new JwtSecurityTokenHandler().WriteToken(this.token);
  }
}

安全密钥类:

using Microsoft.IdentityModel.Tokens;
using System.Text;

namespace solution.Authentication
{
  public static class JwtSecurityKey
  {
    public static SymmetricSecurityKey Create(string secret)
    {
      return new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secret));
    }
  }
}

生成和返回令牌的我的令牌控制器方法:

private JwtToken getToken(User user)
{
  DateTime startTime = DateTime.Now;
  DateTime expireTime = DateTime.Now.AddMinutes(60);

  var token = new JwtTokenBuilder()
                 .AddSecurityKey(JwtSecurityKey.Create("SecurityKey"))
                 .AddSubject("Subject")
                 .AddIssuer("Issuer")
                 .AddAudience("Audience")
                 .AddClaim("Username", user.UserName)
                 .AddExpiry(expireTime)
                 .Build();

  return token;
}

在. net core 2应用程序中,我使用OWIN Startup类来验证所有具有Authorize属性的控制器的令牌。

控制器示例:

namespace solution.Controllers
{
  public class ExampleController : ApiController
  {
    [HttpPost]
    [Route("api/Example")]
    [Authorize(Policy = "Session")]
    public void Run()
    {
       // do something;
    }
  }  
}

我的owin启动类验证JWT令牌:

using System;
using System.IO;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using System.Threading.Tasks;

namespace solution
{
  public class Startup
  {
    public void ConfigureServices(IServiceCollection services)
    {
      services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
               .AddJwtBearer(options =>
               {
                 options.TokenValidationParameters = new TokenValidationParameters
                 {
                   ValidateIssuer = true,
                   ValidateAudience = true,
                   ValidateLifetime = true,
                   ValidateIssuerSigningKey = true,

                   ValidIssuer = "Issuer",
                   ValidAudience = "Audience",
                   IssuerSigningKey = JwtSecurityKey.Create("SecurityKey")



                 };

                 options.Events = new JwtBearerEvents
                 {
                   OnAuthenticationFailed = context =>
                   {
                     return Task.CompletedTask;
                   },
                   OnTokenValidated = context =>
                   {
                     return Task.CompletedTask;
                   }
                 };
               });

      services.AddAuthorization(options =>
      {
        options.AddPolicy("Session", policy => policy.RequireClaim("SessionId"));
      });

      services.AddSignalR();
      services.AddCors(options =>
      {
        options.AddPolicy("CorsPolicy",
            builder => builder
                .AllowAnyOrigin()
                .AllowAnyMethod()
                .AllowAnyHeader()
                .AllowCredentials());
      });
      services.AddMvc();
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
      loggerFactory.AddConsole();

      if (env.IsDevelopment())
      {
        app.UseDeveloperExceptionPage();
      }

      app.Use(async (context, next) =>
      {
        await next();
        if (context.Response.StatusCode == 404 &&
            !Path.HasExtension(context.Request.Path.Value) &&
            !context.Request.Path.Value.StartsWith("/api/", StringComparison.OrdinalIgnoreCase))
        {
          context.Request.Path = "/index.html";
          await next();
        }
      });

      app.UseDeveloperExceptionPage();
      app.UseAuthentication();
      app.UseMvcWithDefaultRoute();
      app.UseDefaultFiles();
      app.UseStaticFiles();
      app.UseCors(policyName: "CorsPolicy");
      app.UseSignalR(routes =>
      {
      });
    }
  }
}

我想在asp.netweb api中使用这个结构,只更改owin类,这是可能的吗?请帮助我进行任何更改


共1个答案

匿名用户

将我的实现从. net core 2转移到asp.netweb api 2的结构更改

我使用System. IdtyModel.Tokens.Jwt命名空间来生成和验证JWT令牌。

. net core 2兼容System.IdtyModel.Tokens.Jwt version="5.1.4"但asp.netweb api 2兼容System.IdtyModel.Tokens.Jwt version="4.0.2"

包版本的相同更改对代码进行了更改,由于更改包版本,部分代码i使用System. IdtyModel.Tokens命名空间而不是Microsoft.IdtyModel.Tokens

代码更改:

JwtTokenBuilder类:

在这个类中更改SigningCreentals参数设置

  var token = new JwtSecurityToken(
                    issuer: this.issuer,
                    audience: this.audience,
                    claims: claims,
                    expires: this.expireTime,
                    signingCredentials: new System.IdentityModel.Tokens.SigningCredentials(
                                              this.securityKey,
                                              Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256Signature
                                            , Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256Signature));

安全密钥类:

更改安全密钥生成方法 

using System.IdentityModel.Tokens;
using System.Text;

namespace solution.Authentication
{
  public static class JwtSecurityKey
  {
    public static SymmetricSecurityKey Create(string secret)
    {
      return new InMemorySymmetricSecurityKey(Encoding.UTF8.GetBytes(secret));
    }
  }
}

控制器属性:

namespace solution.Controllers
{
  public class ExampleController : ApiController
  {
    [HttpPost]
    [Route("api/Example")]
    [System.Web.Http.Authorize]
    public void Run()
    {
       // do something;
    }
  }  
}

我的主要更改是在启动OWIN类中,并将Microsoft.Owin.Security. Jwt包版本从3.1.0更改为3.0.0,用于验证传入请求的JWT令牌。

实施:

using Microsoft.Owin;
using Owin;
using System.Web.Http;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Jwt;

[assembly: OwinStartup(typeof(solution.Startup))]

namespace solution
{
  public class Startup
  {
    public void Configuration(IAppBuilder app)
    {
      app.MapSignalR();
      HttpConfiguration config = new HttpConfiguration();
      config.MapHttpAttributeRoutes();
      ConfigureOAuth(app);
      app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
      app.UseWebApi(config);
    }
    public void ConfigureOAuth(IAppBuilder app)
    {
      var issuer = "issuer";
      var audience = "audience";
      var secret = JwtSecurityKey.Create("SecurityKey").GetSymmetricKey();

      // Api controllers with an [Authorize] attribute will be validated with JWT
      var option =
          new JwtBearerAuthenticationOptions
          {
            AuthenticationMode = AuthenticationMode.Active,
            AllowedAudiences = new[] { audience },
            IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
              {
                        new SymmetricKeyIssuerSecurityTokenProvider(issuer, secret)
              }
          };
      app.UseJwtBearerAuthentication(
            option
        );
    }
  }
}

相关问题



热门标签
Java JavaScript Python PHP C# Android Html jQuery C++ Css IOS MySQL NodeJS