第一步:配置Program.cs,注册认证
// 注册认证相关组件和配置defaultScheme为Bearer
builder.Services.AddAuthentication("Bearer")
.AddJwtBearer("Bearer", options =>
{
// 指定要接入的授权服务器地址
options.Authority = "http://127.0.0.1:5001";
// 在验证token时,不验证Audience
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false
};
// 不适用Https
options.RequireHttpsMetadata = false;
});
第二步:Program.cs 使用认证权限
//使用认证
app.UseAuthentication();
//使用授权
app.UseAuthorization();
第三步:控制器加上权限特性
[HttpGet("get")]
[Authorize]
public async Task<IActionResult> GetById([FromQuery] string id)
{
.....
}
第四步:获取Token信息
using Micro.Erp.IServices;
using Micro.Erp.Utils;
using Micro.Erp.DBFactory;
using Micro.Erp.Models;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Identity;
using Microsoft.IdentityModel.Tokens;
using System.Security.Claims;
/*
var claims = HttpContext.User.Claims;
//获取用户token
var access_token = HttpContext.GetTokenAsync("access_token");
var accessToken = HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken);
var refresh_token = HttpContext.GetTokenAsync("refresh_token");
var refreshToken = HttpContext.GetTokenAsync(OpenIdConnectParameterNames.RefreshToken);
//获取用户信息
var userId = HttpContext.User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
var username = HttpContext.User.FindFirst(d => d.Type == "preferred_username")?.Value;
var roleName = HttpContext.User.FindFirst(ClaimTypes.Role)?.Value;
var clientId = HttpContext.User.FindFirst(d => d.Type == "client_id")?.Value;
var user_id = HttpContext.User.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name")?.Value;
var role_name = HttpContext.User.FindFirst(d => d.Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/role")?.Value;
*/
namespace Micro.Erp.Services
{
public class UserService : IUserService
{
private readonly IHttpContextAccessor _httpContextAccessor;
public UserService(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor;
}
/// <summary>
/// 获取当前登录客户端ID
/// </summary>
public async Task<string> GetClientIdAsync()
{
if (_httpContextAccessor.HttpContext.User.FindFirst(d => d.Type == "client_id") == null)
{
throw new ResponseException($"未授权,操作失败");
}
if (string.IsNullOrEmpty(_httpContextAccessor.HttpContext.User.FindFirst(d => d.Type == "client_id")?.Value))
{
throw new ResponseException($"您未登录,操作失败");
}
return _httpContextAccessor.HttpContext.User.FindFirst(d => d.Type == "client_id")?.Value;
}
/// <summary>
/// 判断当前登录用户是否为管理员
/// </summary>
public async Task<bool> IsAdminRoleAsync()
{
if (_httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.Role) == null)
{
return false;
}
if (UserType.Admin.ToString() == _httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.Role)?.Value)
{
return true;
}
return false;
}
/// <summary>
/// 判断当前登录用户是否为管理员
/// </summary>
public async Task<string> GetRoleIdAsync()
{
if (_httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.Role) == null)
{
throw new ResponseException($"未授权,操作失败");
}
return _httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.Role)?.Value;
}
/// <summary>
/// 获取当前登录用户ID
/// </summary>
public async Task<string> GetUserIdAsync()
{
if (_httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier) == null)
{
throw new ResponseException($"您未登录,操作失败");
}
if (string.IsNullOrEmpty(_httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier)?.Value))
{
throw new ResponseException($"您未登录,操作失败");
}
return _httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
}
/// <summary>
/// 获取当前登录用户名
/// </summary>
public async Task<string?> GetUserNameAsync()
{
if (_httpContextAccessor.HttpContext.User == null)
{
throw new ResponseException($"您未登录,操作失败");
}
if (string.IsNullOrEmpty(_httpContextAccessor.HttpContext.User.FindFirst(d => d.Type == "preferred_username")?.Value))
{
throw new ResponseException($"您未登录,操作失败");
}
return _httpContextAccessor.HttpContext.User.FindFirst(d => d.Type == "preferred_username")?.Value;
}
}
}
