.netcore 认证和权限(Authentication 和 Authorization)
首先我们需要了解什么是认证,什么是权限。
通俗的点讲,认证就是指对身份的校验,生活中我们去做交通工具,办理政府业务,这都需要一个身份证,而这个身份证就是我们的认证工具。在我们程序里也是一样的道理,当我们需要请求某一接口时,我们也需要一个类型身份证的认证工具,而这个工具就是我们通 常用token。权限是指我们是否有做这件事情的权力,在代码里也是一样的道理。
废话不到说了,下面直接上dome。 学习关键字 JwtSecurityToken , Claim ,AddJwtBearer ,UseAuthentication , UseAuthorization
TokenController 控制器
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using WebApplication3.Models; namespace WebApplication3.Controllers { [Route("api/[controller]/[action]")] public class TokenController: ControllerBase { private ITokenHelper tokenHelper = null; public TokenController(ITokenHelper _tokenHelper) { tokenHelper = _tokenHelper; } [HttpGet] [AllowAnonymous] public IActionResult Get(string code, string pwd) { User user = TemporaryData.GetUser(code); if (null != user && user.Password.Equals(pwd)) { return Ok(tokenHelper.CreateToken(user)); } return BadRequest(); } } }
WeatherForecastController 控制器
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging; using System; using System.Collections.Generic; using System.Linq; using System.Security.Claims; using System.Threading.Tasks; namespace WebApplication3.Controllers { [ApiController] [Route("api/[controller]/[action]")] public class WeatherForecastController : ControllerBase { private static readonly string[] Summaries = new[] { "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching" }; private readonly ILogger<WeatherForecastController> _logger; public WeatherForecastController(ILogger<WeatherForecastController> logger) { _logger = logger; } [HttpGet] [Authorize(Roles = "Tenant")] public IEnumerable<WeatherForecast> GetName() { var rng = new Random(); return Enumerable.Range(1, 5).Select(index => new WeatherForecast { Date = DateTime.Now.AddDays(index), TemperatureC = rng.Next(-20, 55), Summary = Summaries[rng.Next(Summaries.Length)] }) .ToArray(); } [HttpGet] [Authorize(Roles = "Admin")] public GetName GetAllName() { var Name = HttpContext.User.Identity.Name; var userId = HttpContext.User.Claims.FirstOrDefault(s => s.Type == ClaimTypes.Name); var sysRole = HttpContext.User.Claims.FirstOrDefault(s => s.Type == ClaimTypes.Role); return new GetName { Description = userId.Value, Name = sysRole.Value }; } } }
JWTConfig 模型
namespace WebApplication3.Models { public class JWTConfig { /// <summary> /// 证书颁发者 /// </summary> public string Issuer { get; set; } = "FlyLolo"; /// <summary> /// 允许使用的角色 /// </summary> public string Audience { get; set; } = "TestAudience"; /// <summary> /// 加密字符串 /// </summary> public string IssuerSigningKey { get; set; } = "FlyLolo1234567890"; public int AccessTokenExpiresMinutes { get; set; } = 30; } }
TemporaryData 模型
using System.Collections.Generic; using System.Linq; namespace WebApplication3.Models { public static class TemporaryData { private static List<User> Users = new List<User>() { new User { Code = "001", Name = "张三", Password = "111111" }, new User { Code = "002", Name = "李四", Password = "222222" } }; public static User GetUser(string code) { return Users.FirstOrDefault(m => m.Code.Equals(code)); } } }
Token 模型
using System; namespace WebApplication3.Models { public class Token { public string TokenContent { get; set; } public DateTime Expires { get; set; } } }
User 模型
namespace WebApplication3.Models { public class User { public string Code { get; set; } public string Name { get; set; } public string Password { get; set; } } }
ITokenHelper 接口
using WebApplication3.Models; namespace WebApplication3 { public interface ITokenHelper { Token CreateToken(User user); } }
TokenHelper 实现接口的方法
using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; using System; using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using System.Text; using WebApplication3.Models; namespace WebApplication3 { public class TokenHelper: ITokenHelper { private IOptions<JWTConfig> _options; public TokenHelper(IOptions<JWTConfig> options) { _options = options; } public Token CreateToken(User user) { //Claim[] claims = { new Claim(ClaimTypes.NameIdentifier, user.Code), new Claim(ClaimTypes.Name, user.Name) }; //Tenant // //foreach (var item in userRoles) // options.AddPolicy(item, policy => policy.RequireClaim(nameof(SysRole), item)); var claims = new Claim[] { new Claim(ClaimTypes.Name, user.Name), new Claim(ClaimTypes.Role, "Admin") }; return CreateToken(claims); } private Token CreateToken(Claim[] claims) { var now = DateTime.Now; var expires = now.Add(TimeSpan.FromMinutes(_options.Value.AccessTokenExpiresMinutes)); var token = new JwtSecurityToken( issuer: _options.Value.Issuer, audience: _options.Value.Audience, claims: claims, notBefore: now, expires: expires, signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.Value.IssuerSigningKey)), SecurityAlgorithms.HmacSha256)); return new Token { TokenContent = new JwtSecurityTokenHandler().WriteToken(token), Expires = expires }; } } }
appsettings.json 配置文件
{ "Logging": { "LogLevel": { "Default": "Information", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" } }, "JWT": { "Issuer": "FlyLolo", "Audience": "TestAudience", "IssuerSigningKey": "FlyLolo1234567890", "AccessTokenExpiresMinutes": "30" }, "AllowedHosts": "*" }
Startup 文件
using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Logging; using Microsoft.IdentityModel.Tokens; using Microsoft.OpenApi.Models; using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using WebApplication3.Models; namespace WebApplication3 { public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddControllers(); services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new OpenApiInfo { Title = "WebApplication3", Version = "v1" }); }); services.AddSingleton<ITokenHelper, TokenHelper>(); //读取配置信息 services.Configure<JWTConfig>(Configuration.GetSection("JWTConfig")); JWTConfig setting = new JWTConfig(); Configuration.Bind("JWTConfig", setting); //启用JWT services.AddAuthentication(Options => { Options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; Options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidIssuer = setting.Issuer, ValidAudience = setting.Audience, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(setting.IssuerSigningKey)), ClockSkew = TimeSpan.FromMinutes(1) }; }); //services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); app.UseSwagger(); app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "WebApplication3 v1")); } app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); } } }
文章参考学习地址 :
https://www.cnblogs.com/wangyulong/p/8734495.html
https://www.cnblogs.com/wyt007/p/11459547.html
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· .NET10 - 预览版1新功能体验(一)