Cookie 和JWT 並存同一專案程式碼記錄
阿新 • • 發佈:2020-12-08
Cookie管理後臺管理,JWT對外提供介面驗證
具體官方文件連結使用 ASP.NET Core 中的特定方案授權
實現思路:
1.新增兩種授權方式配置,AddAuthentication的引數defaultScheme 使用預設值,不進行賦值
2.對鑑權如有自定義策略,需要指定AuthenticationSchemes
3.action的鑑權特性需要指明AuthenticationSchemes
大體程式碼如下
services.AddAuthentication().AddCookie(option => { option.Cookie.HttpOnly= true; option.LoginPath = new PathString("/Login/Index"); option.AccessDeniedPath = new PathString("/Login/Privacy");//無許可權跳轉地址 }).AddJwtBearer(option => { option.TokenValidationParameters = new TokenValidationParameters() { ValidateIssuer= false,//驗證頒發者 ValidateAudience = false,//是否驗證Audience ValidateLifetime = true,//是否驗證失效時間 ValidateIssuerSigningKey = true,//是否驗證SecurityKey // ValidAudience = "https://localhost:5001/",// // ValidIssuer = "https://localhost:5001/",//Issuer,這兩項和前面簽發jwt的設定一致 IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("12345678901qaz2wsx")),//拿到SecurityKey }; });
services.AddAuthorization(option => { //自定義策略 option.AddPolicy("CustomPolicy", policy => { policy.AuthenticationSchemes.Add(CookieAuthenticationDefaults.AuthenticationScheme); var customRequirement = new CustomRequirement() { PowerList = new List<RoleMenu>() }; //此處需要從資料庫獲取許可權集合,並注入單例,這樣就可以在許可權修改後對此單例直接修改許可權集合 //測試資料 customRequirement.PowerList.Add( new RoleMenu() { RoleId = "ceshi", Url = "/home/Index" } ); policy.Requirements.Add(customRequirement); }); });
鑑權action
/// <summary> /// Cookie 校驗 /// </summary> /// <returns></returns> [Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)] public IActionResult Index2() { Console.WriteLine(User.Claims.FirstOrDefault(t => t.Type == "time").Value); return View(); } /// <summary> /// JWT 校驗 /// </summary> /// <returns></returns> [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)] public IActionResult Index3() { Console.WriteLine(User.Claims.FirstOrDefault(t => t.Type == "time").Value); return Ok(User.Claims.FirstOrDefault(t=>t.Type== "time").Value); }