点击蓝字关注我们

课程链接:http://video.jessetalk.cn/course/explore

良心课程,大家一起来学习哈!

任务31:课时介绍

  • 1.Cookie-based认证与授权

  • 2.Cookie-based认证实现

  • 3.Jwt认证与授权介绍

  • 4.Jwt认证与授权实现

  • 5.Jwt认证与授权

  • 6.Role based授权

  • 7.Claims-based授权

任务32:Cookie-based认证介绍

任务34:Cookie-based认证实现

dotnet new mvc --name MvcCookieAuthSample

在Controllers文件夹新增AdminController.cs

using System;using System.Collections.Generic;using System.Diagnostics;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Mvc;using MvcCookieAuthSample.Models;

namespace MvcCookieAuthSample.Controllers{    public class AdminController : Controller    {        public IActionResult Index()        {            return View();        }    }}

在Views文件夹新增Admin文件夹,在Admin文件夹新增Index.cshtml

@{    ViewData["Title"] = "Admin";}<h2>@ViewData["Title"]</h2>

<p>Admin Page</p>

启动项目,浏览器访问https://localhost:5001/Admin

实际情况不应该直接让用户访问到Admin页面,所以应当跳转到登陆界面

AdminController.cs

using System;using System.Collections.Generic;using System.Diagnostics;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Mvc;using MvcCookieAuthSample.Models;// 添加引用using Microsoft.AspNetCore.Authorization;

namespace MvcCookieAuthSample.Controllers{    public class AdminController : Controller    {        [Authorize]        public IActionResult Index()        {            return View();        }    }}

startup.cs

using System;using System.Collections.Generic;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Builder;using Microsoft.AspNetCore.Hosting;using Microsoft.AspNetCore.Http;using Microsoft.AspNetCore.HttpsPolicy;using Microsoft.AspNetCore.Mvc;using Microsoft.Extensions.Configuration;using Microsoft.Extensions.DependencyInjection;// 添加引用using Microsoft.AspNetCore.Authorization;using Microsoft.AspNetCore.Authentication.Cookies;

namespace MvcCookieAuthSample{    public class Startup    {        public Startup(IConfiguration configuration)        {            Configuration = configuration;        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.        public void ConfigureServices(IServiceCollection services)        {            services.Configure<CookiePolicyOptions>(options =>            {                // This lambda determines whether user consent for non-essential cookies is needed for a given request.                options.CheckConsentNeeded = context => true;                options.MinimumSameSitePolicy = SameSiteMode.None;            });

            // Addmvc之前AddAuthentication,AddCookie            services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)            .AddCookie();            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.        public void Configure(IApplicationBuilder app, IHostingEnvironment env)        {            if (env.IsDevelopment())            {                app.UseDeveloperExceptionPage();            }            else            {                app.UseExceptionHandler("/Home/Error");                app.UseHsts();            }

            app.UseHttpsRedirection();            app.UseStaticFiles();            app.UseCookiePolicy();

            // UseMvc之前UseAuthentication,添加Middleware            app.UseAuthentication();            app.UseMvc(routes =>            {                routes.MapRoute(                    name: "default",                    template: "{controller=Home}/{action=Index}/{id?}");            });        }    }}

再次访问https://localhost:5001/Admin,跳转到登陆界面https://localhost:5001/Account/Login?ReturnUrl=%2FAdmin

在Controllers文件夹新增AccountController.cs

using System;using System.Collections.Generic;using System.Diagnostics;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Mvc;using MvcCookieAuthSample.Models;// 添加引用using Microsoft.AspNetCore.Authorization;using Microsoft.AspNetCore.Authentication;using Microsoft.AspNetCore.Authentication.Cookies;using System.Security.Claims;

namespace MvcCookieAuthSample.Controllers{    [Authorize]    public class AccountController : Controller    {        public IActionResult MakeLogin()        {            var claims = new List<Claim>()            {                new Claim(ClaimTypes.Name,"Mingson"),                new Claim(ClaimTypes.Role,"admin")            };

            var claimIdentity = new ClaimsIdentity(claims,CookieAuthenticationDefaults.AuthenticationScheme);

            HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,new ClaimsPrincipal(claimIdentity));

            return Ok();        }

        public IActionResult Logout()        {            HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);

            return Ok();        }    }}

启动项目

登出:localhost:5000/account/logout
访问admin:localhost:5000/admin,跳转到account/login
登陆:localhost:5000/account/makelogin
再次访问admin:localhost:5000/admin,登陆成功访问admin

任务35:JWT 认证授权介绍

可在官网解密:https://jwt.io

任务36:应用Jwtbearer Authentication

dotnet new webapi --name JwtAuthSampledotnet watch run

打开postman调用
http://localhost:5000/api/values

ValuesController.cs

// 添加引用using Microsoft.AspNetCore.Authorization;

    // 添加特性    [Authorize]    [Route("api/[controller]")]    [ApiController]    public class ValuesController : ControllerBase

新增一个Models文件夹,在文件夹中新增JwtSettings.cs

namespace JwtAuthSample{    public class JwtSettings    {        // token颁发者        public string Issure{get;set;}        // token使用的客户端        public string Audience{get;set;}        // 加密Key        public string SecretKey="hellokey";    }}

appsettings.json

{  "Logging": {    "LogLevel": {      "Default": "Warning"    }  },  "AllowedHosts": "*",  "JwtSettings":{    "Audience":"http://localhost:5000",    "Issuer":"http://localhost:5000",    "SecretKey":"Hello-key"  }}

Startup.cs

// 添加引用using Microsoft.AspNetCore.Authentication.JwtBearer;using Microsoft.IdentityModel.Tokens;using System.Text;

            // 添加在services.AddMvc()之前            services.Configure<JwtSettings>(Configuration);            var JwtSettings = new JwtSettings();            Configuration.Bind("JwtSettings",JwtSettings);            // 认证MiddleWare配置            services.AddAuthentication(options=>{                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;            })            // Jwt配置            .AddJwtBearer(o=>{                o.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters{                    ValidIssuer = JwtSettings.Issure,                    ValidAudience = JwtSettings.Audience,                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(JwtSettings.SecretKey))// 对称加密                };            });            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

            app.UseHttpsRedirection();            // 添加在app.UseMvc()之前            app.UseAuthentication();
dotnet watch run

postman调用
http://localhost:5000/api/values
返回401,未授权

任务37:生成 JWT Token

新建文件夹ViewModels,在文件夹中新建LoginViewModel.cs

using System.ComponentModel.DataAnnotations;

namespace JwtAuthSample{    public class LoginViewModel    {        [Required]        public string User{get;set;}        [Required]        public string Password{get;set;}    }}

AuthorizeController.cs

using System;using System.Collections.Generic;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Mvc;// 添加引用using System.Security.Claims;using Microsoft.IdentityModel.Tokens;using Microsoft.Extensions.Options;using System.Text;using System.IdentityModel.Tokens.Jwt;

namespace JwtAuthSample.Controllers{    [Route("api/[controller]")]    [ApiController]    public class AuthorizeController : ControllerBase    {        private JwtSettings _jwtSettings;

        public AuthorizeController(IOptions<JwtSettings> _jwtSettingsAccesser)        {            _jwtSettings = _jwtSettingsAccesser.Value;        }

        public IActionResult Token(LoginViewModel viewModel)        {            if (ModelState.IsValid)            {                if (!(viewModel.User == "mingson" && viewModel.Password == "123456"))                {                    return BadRequest();                }

                var claims = new Claim[]                {                    new Claim(ClaimTypes.Name, "mingson"),                    new Claim(ClaimTypes.Role, "admin")                };

                var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtSettings.SecretKey));// 对称加密算法                var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

                // VSCode安装扩展NuGet Package Manager                // ctrl + shift + p                // NuGet Package Manager:Add Pcakage                // Microsoft.AspNetCore.Authentication.JwtBearer                // 需要FQ才能添加                // 2.0.0                // 安装到csproj                // 安装成功后csproj中出现<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="2.0.0" />                // dotnet restore

                var token = new JwtSecurityToken(                    _jwtSettings.Issure,                    _jwtSettings.Audience,                    claims,                    DateTime.Now,                    DateTime.Now.AddMinutes(30),                    creds);

                return Ok(new {token = new JwtSecurityTokenHandler().WriteToken(token)});            }

            return BadRequest();        }    }}

Startup.cs

            // 添加在services.AddMvc()之前            //services.Configure<JwtSettings>(Configuration);// 获取不到JwtSettings配置            services.Configure<JwtSettings>(Configuration.GetSection("JwtSettings"));// 获取appsettings.json中的配置

appsettings.json

{  "Logging": {    "LogLevel": {      "Default": "Warning"    }  },  "AllowedHosts": "*",  "JwtSettings":{    "Audience":"http://localhost:5000",    "Issuer":"http://localhost:5000",    "SecretKey长度必须大于128bit=16字符":"",    "SecretKey":"Hello-key.jessetalk"  }}
dotnet watch run

postman调用
http://localhost:5000/Authorize/Token
返回Token

加上token调用
http://localhost:5000/api/values

token可在官网解密:https://jwt.io

输入正确的SecretKey:Hello-key.jessetalk

任务38:JWT 设计解析及定制

新建文件MyTokenValidator.cs

using System;using System.Collections.Generic;using System.IO;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore;using Microsoft.AspNetCore.Hosting;using Microsoft.Extensions.Configuration;using Microsoft.Extensions.Logging;// 添加引用using Microsoft.AspNetCore.Authentication.JwtBearer;using System.Security.Claims;using Microsoft.IdentityModel.Tokens;

namespace JwtAuthSample{    public class MyTokenValidator : ISecurityTokenValidator    {        bool ISecurityTokenValidator.CanValidateToken => true;

        int ISecurityTokenValidator.MaximumTokenSizeInBytes { get;set; }

        bool ISecurityTokenValidator.CanReadToken(string securityToken)        {            return true;        }

        ClaimsPrincipal ISecurityTokenValidator.ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)        {            validatedToken = null;            var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);

            if (securityToken == "abcdefg")            {                identity.AddClaim(new Claim("name", "mingson"));                identity.AddClaim(new Claim("SuperAdminOnly", "true"));                identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, "user"));            }

            var principal = new ClaimsPrincipal(identity);

            return principal;        }    }}

Startup.cs

            // 认证MiddleWare配置            services.AddAuthentication(options=>{                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;            })            // Jwt配置            .AddJwtBearer(o=>{                // o.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters{                //     ValidIssuer = JwtSettings.Issure,                //     ValidAudience = JwtSettings.Audience,                //     IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(JwtSettings.SecretKey))// 对称加密                // };

                // 修改token来源                o.SecurityTokenValidators.Clear();// 一个包含验证的数组,先清除                o.SecurityTokenValidators.Add(new MyTokenValidator());

                // 修改token验证方式                o.Events = new JwtBearerEvents(){                  OnMessageReceived = context => {                      var token = context.Request.Headers["mytoken"];                      context.Token = token.FirstOrDefault();                      return Task.CompletedTask;                  }                };            });

            services.AddAuthorization(Options=>{                Options.AddPolicy("SuperAdminOnly", policy => policy.RequireClaim("SuperAdminOnly"));            });

AuthorizeController.cs

                // var claims = new Claim[]                // {                //     new Claim(ClaimTypes.Name, "mingson"),                //     new Claim(ClaimTypes.Role, "admin")                // };                var claims = new Claim[]                {                    new Claim(ClaimTypes.Name, "mingson"),                    new Claim(ClaimTypes.Role, "user"),                    new Claim("SuperAdminOnly", "true")                };

ValuesController.cs

// [Authorize]// 添加标签    [Authorize(Policy="SuperAdminOnly")]
dotnet run

输入一个错误的mytoken,返回403 Forbidden,禁止访问

输入一个正确的mytoken,返回200 OK

任务39:Role以及Claims授权

Role授权

AuthorizeController.cs

                var claims = new Claim[]                {                    new Claim(ClaimTypes.Name, "mingson"),                    new Claim(ClaimTypes.Role, "admin")                };

ValuesController.cs

    [Authorize(Roles="user")]
dotnet run

带着token访问,返回403 Forbidden,禁止访问

AuthorizeController.cs修改为user,可访问

                var claims = new Claim[]                {                    new Claim(ClaimTypes.Name, "mingson"),                    new Claim(ClaimTypes.Role, "user")                };

Claims授权

Startup.cs

            // 认证MiddleWare配置            services.AddAuthentication(options=>{                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;            })            // Jwt配置            .AddJwtBearer(o=>{                o.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters{                    ValidIssuer = JwtSettings.Issure,                    ValidAudience = JwtSettings.Audience,                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(JwtSettings.SecretKey))// 对称加密                };            });

            services.AddAuthorization(Options=>{                Options.AddPolicy("SuperAdminOnly", policy => policy.RequireClaim("SuperAdminOnly"));            });

ValuesController.cs

    [Authorize(Policy="SuperAdminOnly")]

AuthorizeController.cs

                var claims = new Claim[]                {                    new Claim(ClaimTypes.Name, "mingson"),                    new Claim(ClaimTypes.Role, "user"),                    new Claim("SuperAdminOnly", "true")                };
dotnet run

带着token访问,返回200 Ok

点“在看”给我一朵小黄花

ASP.NET Core快速入门(第5章:认证与授权)--学习笔记相关推荐

  1. 【笔记目录1】【jessetalk 】ASP.NET Core快速入门_学习笔记汇总

    当前标签: ASP.NET Core快速入门 共2页: 1 2 下一页  任务50:Identity MVC:DbContextSeed初始化 GASA 2019-03-02 14:09 阅读:16 ...

  2. ASP.NET Core分布式项目实战(运行Consent Page)--学习笔记

    任务21:运行Consent Page 修改 Config.cs 中的 RequireConsent 为 true,这样登录的时候就会跳转到 Consent 页面 修改 ConsentControll ...

  3. ASP.NET Core分布式项目实战(客户端集成IdentityServer)--学习笔记

    任务9:客户端集成IdentityServer 新建 API 项目 dotnet new webapi --name ClientCredentialApi 控制器添加验证 using Microso ...

  4. ASP.NET Core快速入门(第3章:依赖注入)--学习笔记

    点击蓝字关注我们 课程链接:http://video.jessetalk.cn/course/explore 良心课程,大家一起来学习哈! 任务16:介绍 1.依赖注入概念详解 从UML和软件建模来理 ...

  5. ASP.NET Core快速入门(第4章:ASP.NET Core HTTP介绍)--学习笔记

    点击蓝字关注我们 课程链接:http://video.jessetalk.cn/course/explore 良心课程,大家一起来学习哈! 任务22:课程介绍 1.HTTP 处理过程 2.WebHos ...

  6. ASP.NET Core快速入门(第2章:配置管理)--学习笔记

    点击蓝字关注我们 课程链接:http://video.jessetalk.cn/course/explore 良心课程,大家一起来学习哈! 任务9:配置介绍 命令行配置 Json文件配置 从配置文件文 ...

  7. ASP.NET Core快速入门(第1章:介绍与引入)--学习笔记

    点击蓝字关注我们 课程链接:http://video.jessetalk.cn/course/explore 良心课程,大家一起来学习哈! 任务1:课程介绍 1.介绍与引入 2.配置管理 3.依赖注入 ...

  8. ASP.NET Core 快速入门

    ASP.NET Core 是一个由微软创建的,用于构建 web 应用.API.微服务 的 web 框架.通过本文的学习就能快速的入门ASP.NET Core,对大家的学习或者工作具有一定的参考学习价值 ...

  9. ASP.NET Core 快速入门(实战篇)

    上篇讲了<asp.net core在linux上的环境部署>.今天我们将做几个小玩意实战一下.用到的技术和工具有mysql.websocket.AngleSharp(爬虫html解析).n ...

  10. ASP.NET Core WebAPI中使用JWT Bearer认证和授权

    为什么是 JWT Bearer ASP.NET Core 在 Microsoft.AspNetCore.Authentication 下实现了一系列认证, 包含 Cookie, JwtBearer,  ...

最新文章

  1. 打造自己的树莓派监控系统2--内存监控-matplotlib显示数据
  2. python写入文件-Python写入文件(write和writelines)详解
  3. 从海天信息化的三起三落领悟CIO的真谛
  4. 53.Maximum Subarray
  5. java web响应式框架_Web开发的十佳HTML5响应式框架
  6. python module错误_python 解决方法:ImportError: No module
  7. 如歌将两个数组合并_将数组数据拆分后再合并,作为字典的键,实现多条件数据汇总...
  8. 一起谈.NET技术,基于Visual Studio 2010 阐述C#4个特性
  9. C#中的常量、类型推断和作用域
  10. [小甲鱼]汇编语言笔记 基础知识
  11. 单位工作制度牌展示_员工工号牌管理制度
  12. 服务器怎么读取加密狗信息,[求助]菜鸟请教:加密狗读取数据如下,请问如何分析这些数据,怎样复制这个加密狗!...
  13. git checkout -b
  14. 永洪报表工具_国内报表工具排行?
  15. 18c新特性——PDB snapshot Carousel 快照轮转
  16. POI解析docx与doc文档中的难点归纳
  17. 【PMP认证考试感悟】走向管理的开始
  18. 如何运用MATLAB实现K-MEANS聚类分析
  19. 华为设备配置Smart Link负载分担
  20. css图片按键变手指,CSS-悬停button标签时如何使光标变为手形

热门文章

  1. Unity中使用RequireComponent,没有添加上组件
  2. windows变量延迟_Windows 10的2018年10月更新可能推迟到11月(这就是原因)
  3. ios numlock_从“提示”框:默认情况下启用NumLock,无广告的iOS应用和立体声供电的派对灯...
  4. 网站常见漏洞-- XSS攻击
  5. fir.im 持续集成技术实践
  6. linux下的常用命令
  7. 基于jQuery的ajax系列之用FormData实现页面无刷新上传
  8. snmpd服务无法更改默认端口
  9. Windows 11 新版 22593 发布:文件资源管理器全新主页,开始菜单图标优化
  10. 真快!10秒内将k8s集群运行起来