ASP.NET Core快速入门(第5章:认证与授权)--学习笔记
点击蓝字关注我们
课程链接:http://video.jessetalk.cn/course/explore
良心课程,大家一起来学习哈!
任务31:课时介绍
1.Cookie-based认证与授权
2.Cookie-based认证实现
3.Jwt认证与授权介绍
4.Jwt认证与授权实现
5.Jwt认证与授权
6.Role based授权
7.Claims-based授权
任务32:Cookie-based认证介绍
任务34:Cookie-based认证实现
dotnet new mvc --name MvcCookieAuthSample
在Controllers文件夹新增AdminController.cs
using System;using System.Collections.Generic;using System.Diagnostics;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Mvc;using MvcCookieAuthSample.Models;
namespace MvcCookieAuthSample.Controllers{ public class AdminController : Controller { public IActionResult Index() { return View(); } }}
在Views文件夹新增Admin文件夹,在Admin文件夹新增Index.cshtml
@{ ViewData["Title"] = "Admin";}<h2>@ViewData["Title"]</h2>
<p>Admin Page</p>
启动项目,浏览器访问https://localhost:5001/Admin
实际情况不应该直接让用户访问到Admin页面,所以应当跳转到登陆界面
AdminController.cs
using System;using System.Collections.Generic;using System.Diagnostics;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Mvc;using MvcCookieAuthSample.Models;// 添加引用using Microsoft.AspNetCore.Authorization;
namespace MvcCookieAuthSample.Controllers{ public class AdminController : Controller { [Authorize] public IActionResult Index() { return View(); } }}
startup.cs
using System;using System.Collections.Generic;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Builder;using Microsoft.AspNetCore.Hosting;using Microsoft.AspNetCore.Http;using Microsoft.AspNetCore.HttpsPolicy;using Microsoft.AspNetCore.Mvc;using Microsoft.Extensions.Configuration;using Microsoft.Extensions.DependencyInjection;// 添加引用using Microsoft.AspNetCore.Authorization;using Microsoft.AspNetCore.Authentication.Cookies;
namespace MvcCookieAuthSample{ public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; }
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.Configure<CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a given request. options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; });
// Addmvc之前AddAuthentication,AddCookie services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseExceptionHandler("/Home/Error"); app.UseHsts(); }
app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseCookiePolicy();
// UseMvc之前UseAuthentication,添加Middleware app.UseAuthentication(); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); } }}
再次访问https://localhost:5001/Admin,跳转到登陆界面https://localhost:5001/Account/Login?ReturnUrl=%2FAdmin
在Controllers文件夹新增AccountController.cs
using System;using System.Collections.Generic;using System.Diagnostics;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Mvc;using MvcCookieAuthSample.Models;// 添加引用using Microsoft.AspNetCore.Authorization;using Microsoft.AspNetCore.Authentication;using Microsoft.AspNetCore.Authentication.Cookies;using System.Security.Claims;
namespace MvcCookieAuthSample.Controllers{ [Authorize] public class AccountController : Controller { public IActionResult MakeLogin() { var claims = new List<Claim>() { new Claim(ClaimTypes.Name,"Mingson"), new Claim(ClaimTypes.Role,"admin") };
var claimIdentity = new ClaimsIdentity(claims,CookieAuthenticationDefaults.AuthenticationScheme);
HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,new ClaimsPrincipal(claimIdentity));
return Ok(); }
public IActionResult Logout() { HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
return Ok(); } }}
启动项目
登出:localhost:5000/account/logout
访问admin:localhost:5000/admin,跳转到account/login
登陆:localhost:5000/account/makelogin
再次访问admin:localhost:5000/admin,登陆成功访问admin
任务35:JWT 认证授权介绍
可在官网解密:https://jwt.io
任务36:应用Jwtbearer Authentication
dotnet new webapi --name JwtAuthSampledotnet watch run
打开postman调用
http://localhost:5000/api/values
ValuesController.cs
// 添加引用using Microsoft.AspNetCore.Authorization;
// 添加特性 [Authorize] [Route("api/[controller]")] [ApiController] public class ValuesController : ControllerBase
新增一个Models文件夹,在文件夹中新增JwtSettings.cs
namespace JwtAuthSample{ public class JwtSettings { // token颁发者 public string Issure{get;set;} // token使用的客户端 public string Audience{get;set;} // 加密Key public string SecretKey="hellokey"; }}
appsettings.json
{ "Logging": { "LogLevel": { "Default": "Warning" } }, "AllowedHosts": "*", "JwtSettings":{ "Audience":"http://localhost:5000", "Issuer":"http://localhost:5000", "SecretKey":"Hello-key" }}
Startup.cs
// 添加引用using Microsoft.AspNetCore.Authentication.JwtBearer;using Microsoft.IdentityModel.Tokens;using System.Text;
// 添加在services.AddMvc()之前 services.Configure<JwtSettings>(Configuration); var JwtSettings = new JwtSettings(); Configuration.Bind("JwtSettings",JwtSettings); // 认证MiddleWare配置 services.AddAuthentication(options=>{ options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) // Jwt配置 .AddJwtBearer(o=>{ o.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters{ ValidIssuer = JwtSettings.Issure, ValidAudience = JwtSettings.Audience, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(JwtSettings.SecretKey))// 对称加密 }; }); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
app.UseHttpsRedirection(); // 添加在app.UseMvc()之前 app.UseAuthentication();
dotnet watch run
postman调用
http://localhost:5000/api/values
返回401,未授权
任务37:生成 JWT Token
新建文件夹ViewModels,在文件夹中新建LoginViewModel.cs
using System.ComponentModel.DataAnnotations;
namespace JwtAuthSample{ public class LoginViewModel { [Required] public string User{get;set;} [Required] public string Password{get;set;} }}
AuthorizeController.cs
using System;using System.Collections.Generic;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Mvc;// 添加引用using System.Security.Claims;using Microsoft.IdentityModel.Tokens;using Microsoft.Extensions.Options;using System.Text;using System.IdentityModel.Tokens.Jwt;
namespace JwtAuthSample.Controllers{ [Route("api/[controller]")] [ApiController] public class AuthorizeController : ControllerBase { private JwtSettings _jwtSettings;
public AuthorizeController(IOptions<JwtSettings> _jwtSettingsAccesser) { _jwtSettings = _jwtSettingsAccesser.Value; }
public IActionResult Token(LoginViewModel viewModel) { if (ModelState.IsValid) { if (!(viewModel.User == "mingson" && viewModel.Password == "123456")) { return BadRequest(); }
var claims = new Claim[] { new Claim(ClaimTypes.Name, "mingson"), new Claim(ClaimTypes.Role, "admin") };
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtSettings.SecretKey));// 对称加密算法 var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
// VSCode安装扩展NuGet Package Manager // ctrl + shift + p // NuGet Package Manager:Add Pcakage // Microsoft.AspNetCore.Authentication.JwtBearer // 需要FQ才能添加 // 2.0.0 // 安装到csproj // 安装成功后csproj中出现<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="2.0.0" /> // dotnet restore
var token = new JwtSecurityToken( _jwtSettings.Issure, _jwtSettings.Audience, claims, DateTime.Now, DateTime.Now.AddMinutes(30), creds);
return Ok(new {token = new JwtSecurityTokenHandler().WriteToken(token)}); }
return BadRequest(); } }}
Startup.cs
// 添加在services.AddMvc()之前 //services.Configure<JwtSettings>(Configuration);// 获取不到JwtSettings配置 services.Configure<JwtSettings>(Configuration.GetSection("JwtSettings"));// 获取appsettings.json中的配置
appsettings.json
{ "Logging": { "LogLevel": { "Default": "Warning" } }, "AllowedHosts": "*", "JwtSettings":{ "Audience":"http://localhost:5000", "Issuer":"http://localhost:5000", "SecretKey长度必须大于128bit=16字符":"", "SecretKey":"Hello-key.jessetalk" }}
dotnet watch run
postman调用
http://localhost:5000/Authorize/Token
返回Token
加上token调用
http://localhost:5000/api/values
token可在官网解密:https://jwt.io
输入正确的SecretKey:Hello-key.jessetalk
任务38:JWT 设计解析及定制
新建文件MyTokenValidator.cs
using System;using System.Collections.Generic;using System.IO;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore;using Microsoft.AspNetCore.Hosting;using Microsoft.Extensions.Configuration;using Microsoft.Extensions.Logging;// 添加引用using Microsoft.AspNetCore.Authentication.JwtBearer;using System.Security.Claims;using Microsoft.IdentityModel.Tokens;
namespace JwtAuthSample{ public class MyTokenValidator : ISecurityTokenValidator { bool ISecurityTokenValidator.CanValidateToken => true;
int ISecurityTokenValidator.MaximumTokenSizeInBytes { get;set; }
bool ISecurityTokenValidator.CanReadToken(string securityToken) { return true; }
ClaimsPrincipal ISecurityTokenValidator.ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken) { validatedToken = null; var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
if (securityToken == "abcdefg") { identity.AddClaim(new Claim("name", "mingson")); identity.AddClaim(new Claim("SuperAdminOnly", "true")); identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, "user")); }
var principal = new ClaimsPrincipal(identity);
return principal; } }}
Startup.cs
// 认证MiddleWare配置 services.AddAuthentication(options=>{ options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) // Jwt配置 .AddJwtBearer(o=>{ // o.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters{ // ValidIssuer = JwtSettings.Issure, // ValidAudience = JwtSettings.Audience, // IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(JwtSettings.SecretKey))// 对称加密 // };
// 修改token来源 o.SecurityTokenValidators.Clear();// 一个包含验证的数组,先清除 o.SecurityTokenValidators.Add(new MyTokenValidator());
// 修改token验证方式 o.Events = new JwtBearerEvents(){ OnMessageReceived = context => { var token = context.Request.Headers["mytoken"]; context.Token = token.FirstOrDefault(); return Task.CompletedTask; } }; });
services.AddAuthorization(Options=>{ Options.AddPolicy("SuperAdminOnly", policy => policy.RequireClaim("SuperAdminOnly")); });
AuthorizeController.cs
// var claims = new Claim[] // { // new Claim(ClaimTypes.Name, "mingson"), // new Claim(ClaimTypes.Role, "admin") // }; var claims = new Claim[] { new Claim(ClaimTypes.Name, "mingson"), new Claim(ClaimTypes.Role, "user"), new Claim("SuperAdminOnly", "true") };
ValuesController.cs
// [Authorize]// 添加标签 [Authorize(Policy="SuperAdminOnly")]
dotnet run
输入一个错误的mytoken,返回403 Forbidden,禁止访问
输入一个正确的mytoken,返回200 OK
任务39:Role以及Claims授权
Role授权
AuthorizeController.cs
var claims = new Claim[] { new Claim(ClaimTypes.Name, "mingson"), new Claim(ClaimTypes.Role, "admin") };
ValuesController.cs
[Authorize(Roles="user")]
dotnet run
带着token访问,返回403 Forbidden,禁止访问
AuthorizeController.cs修改为user,可访问
var claims = new Claim[] { new Claim(ClaimTypes.Name, "mingson"), new Claim(ClaimTypes.Role, "user") };
Claims授权
Startup.cs
// 认证MiddleWare配置 services.AddAuthentication(options=>{ options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) // Jwt配置 .AddJwtBearer(o=>{ o.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters{ ValidIssuer = JwtSettings.Issure, ValidAudience = JwtSettings.Audience, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(JwtSettings.SecretKey))// 对称加密 }; });
services.AddAuthorization(Options=>{ Options.AddPolicy("SuperAdminOnly", policy => policy.RequireClaim("SuperAdminOnly")); });
ValuesController.cs
[Authorize(Policy="SuperAdminOnly")]
AuthorizeController.cs
var claims = new Claim[] { new Claim(ClaimTypes.Name, "mingson"), new Claim(ClaimTypes.Role, "user"), new Claim("SuperAdminOnly", "true") };
dotnet run
带着token访问,返回200 Ok
点“在看”给我一朵小黄花
ASP.NET Core快速入门(第5章:认证与授权)--学习笔记相关推荐
- 【笔记目录1】【jessetalk 】ASP.NET Core快速入门_学习笔记汇总
当前标签: ASP.NET Core快速入门 共2页: 1 2 下一页 任务50:Identity MVC:DbContextSeed初始化 GASA 2019-03-02 14:09 阅读:16 ...
- ASP.NET Core分布式项目实战(运行Consent Page)--学习笔记
任务21:运行Consent Page 修改 Config.cs 中的 RequireConsent 为 true,这样登录的时候就会跳转到 Consent 页面 修改 ConsentControll ...
- ASP.NET Core分布式项目实战(客户端集成IdentityServer)--学习笔记
任务9:客户端集成IdentityServer 新建 API 项目 dotnet new webapi --name ClientCredentialApi 控制器添加验证 using Microso ...
- ASP.NET Core快速入门(第3章:依赖注入)--学习笔记
点击蓝字关注我们 课程链接:http://video.jessetalk.cn/course/explore 良心课程,大家一起来学习哈! 任务16:介绍 1.依赖注入概念详解 从UML和软件建模来理 ...
- ASP.NET Core快速入门(第4章:ASP.NET Core HTTP介绍)--学习笔记
点击蓝字关注我们 课程链接:http://video.jessetalk.cn/course/explore 良心课程,大家一起来学习哈! 任务22:课程介绍 1.HTTP 处理过程 2.WebHos ...
- ASP.NET Core快速入门(第2章:配置管理)--学习笔记
点击蓝字关注我们 课程链接:http://video.jessetalk.cn/course/explore 良心课程,大家一起来学习哈! 任务9:配置介绍 命令行配置 Json文件配置 从配置文件文 ...
- ASP.NET Core快速入门(第1章:介绍与引入)--学习笔记
点击蓝字关注我们 课程链接:http://video.jessetalk.cn/course/explore 良心课程,大家一起来学习哈! 任务1:课程介绍 1.介绍与引入 2.配置管理 3.依赖注入 ...
- ASP.NET Core 快速入门
ASP.NET Core 是一个由微软创建的,用于构建 web 应用.API.微服务 的 web 框架.通过本文的学习就能快速的入门ASP.NET Core,对大家的学习或者工作具有一定的参考学习价值 ...
- ASP.NET Core 快速入门(实战篇)
上篇讲了<asp.net core在linux上的环境部署>.今天我们将做几个小玩意实战一下.用到的技术和工具有mysql.websocket.AngleSharp(爬虫html解析).n ...
- ASP.NET Core WebAPI中使用JWT Bearer认证和授权
为什么是 JWT Bearer ASP.NET Core 在 Microsoft.AspNetCore.Authentication 下实现了一系列认证, 包含 Cookie, JwtBearer, ...
最新文章
- 打造自己的树莓派监控系统2--内存监控-matplotlib显示数据
- python写入文件-Python写入文件(write和writelines)详解
- 从海天信息化的三起三落领悟CIO的真谛
- 53.Maximum Subarray
- java web响应式框架_Web开发的十佳HTML5响应式框架
- python module错误_python 解决方法:ImportError: No module
- 如歌将两个数组合并_将数组数据拆分后再合并,作为字典的键,实现多条件数据汇总...
- 一起谈.NET技术,基于Visual Studio 2010 阐述C#4个特性
- C#中的常量、类型推断和作用域
- [小甲鱼]汇编语言笔记 基础知识
- 单位工作制度牌展示_员工工号牌管理制度
- 服务器怎么读取加密狗信息,[求助]菜鸟请教:加密狗读取数据如下,请问如何分析这些数据,怎样复制这个加密狗!...
- git checkout -b
- 永洪报表工具_国内报表工具排行?
- 18c新特性——PDB snapshot Carousel 快照轮转
- POI解析docx与doc文档中的难点归纳
- 【PMP认证考试感悟】走向管理的开始
- 如何运用MATLAB实现K-MEANS聚类分析
- 华为设备配置Smart Link负载分担
- css图片按键变手指,CSS-悬停button标签时如何使光标变为手形
热门文章
- Unity中使用RequireComponent,没有添加上组件
- windows变量延迟_Windows 10的2018年10月更新可能推迟到11月(这就是原因)
- ios numlock_从“提示”框:默认情况下启用NumLock,无广告的iOS应用和立体声供电的派对灯...
- 网站常见漏洞-- XSS攻击
- fir.im 持续集成技术实践
- linux下的常用命令
- 基于jQuery的ajax系列之用FormData实现页面无刷新上传
- snmpd服务无法更改默认端口
- Windows 11 新版 22593 发布:文件资源管理器全新主页,开始菜单图标优化
- 真快!10秒内将k8s集群运行起来