在實際使用中,可能會遇到,aspi介面驗證和view頁面的登入驗證情況。asp.core 同樣支援兩種相容。
首先在startup.cs 啟用身份驗證。
var secrityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecurityKey"]));
services.AddSingleton(secrityKey);
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(option => //cookies 方式
{
option.LoginPath = "/Login";
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => //jwt 方式
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,//是否驗證Issuer
ValidateAudience = true,//是否驗證Audience
ValidateLifetime = true,//是否驗證失效時間
ClockSkew = TimeSpan.FromSeconds(30),
ValidateIssuerSigningKey = true,//是否驗證SecurityKey
ValidAudience = Configuration["JWTDomain"],//Audience
ValidIssuer = Configuration["JWTDomain"],//Issuer
IssuerSigningKey = secrityKey//拿到SecurityKey
};
});
Configure 方法中須加入
app.UseAuthentication(); //授權
app.UseAuthorization(); //認證 認證方式有使用者名稱密碼認證
app.MapWhen(context =>
{
var excludeUrl = new string[] { "/api/login/getinfo", "/api/login/login", "/api/login/modifypwd" }; //注意小寫
return context.Request.Path.HasValue
&& context.Request.Path.Value.Contains("Login")
&& context.Request.Headers.ContainsKey("Authorization")
&& !(excludeUrl.Contains(context.Request.Path.Value.ToLower()));
}, _app =>
{
_app.Use(async (context, next) =>
{
context.Response.StatusCode = 401;
});
});
在login頁面,後臺程式碼
var uid = Request.Form["code"] + ""; var pwd = Request.Form["pwd"] + ""; var info = _mysql.users.Where(m => m.user_code == uid&&m.delflag==0).FirstOrDefault(); if (info == null) { return new JsonResult(new { success = false, msg = "使用者不存在" }); } if (info.pwd != pwd) { return new JsonResult(new { success = false, msg = "使用者密碼不正確" }); } //建立一個身份認證 var claims = new List<Claim>() { new Claim(ClaimTypes.Sid,info.id), //使用者ID new Claim(ClaimTypes.Name,info.user_code) //使用者名稱稱 }; var claimsIdentity = new ClaimsIdentity( claims, CookieAuthenticationDefaults.AuthenticationScheme); //var identity = new ClaimsIdentity(claims, "Login"); //var userPrincipal = new ClaimsPrincipal(identity); //HttpContext.SignInAsync("MyCookieAuthenticationScheme", userPrincipal, new AuthenticationProperties //{ // ExpiresUtc = DateTime.UtcNow.AddMinutes(30), // IsPersistent = true //}).Wait(); var authProperties = new AuthenticationProperties { //AllowRefresh = <bool>, // Refreshing the authentication session should be allowed. ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(60), // The time at which the authentication ticket expires. A // value set here overrides the ExpireTimeSpan option of // CookieAuthenticationOptions set with AddCookie. IsPersistent = true, // Whether the authentication session is persisted across // multiple requests. When used with cookies, controls // whether the cookie's lifetime is absolute (matching the // lifetime of the authentication ticket) or session-based. //IssuedUtc = <DateTimeOffset>, // The time at which the authentication ticket was issued. //RedirectUri = <string> // The full path or absolute URI to be used as an http // redirect response value. }; await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties);
Controler控制器部分,登入程式碼:
[HttpPost("Login")] public async Task<JsonResult> Login(getdata _getdata) { var userName = _getdata.username; var passWord = _getdata.password; var info = _mysql.users.Where(m => m.user_code == userName && m.delflag == 0).FirstOrDefault(); if (info == null) { return new JsonResult(new { state = false, code = -1, data = "", msg = "使用者名稱不存在!" }); } if (CommonOp.MD5Hash(info.pwd).ToLower() != passWord) { return new JsonResult(new { state = false, code = -2, data = "", msg = "使用者密碼不正確!" }); } #region 身份認證處理 var secrityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["SecurityKey"])); List<Claim> claims = new List<Claim>(); claims.Add(new Claim("user_code", info.user_code)); claims.Add(new Claim("id", info.id)); var creds = new SigningCredentials(secrityKey, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( issuer: _config["JWTDomain"], audience: _config["JWTDomain"], claims: claims, expires: DateTime.Now.AddMinutes(120), signingCredentials: creds); return new JsonResult(new { state = true, code = 0, data = new JwtSecurityTokenHandler().WriteToken(token), msg = "獲取token成功" }); #endregion }
注意, 受身份驗證的控制器部分,要加入如下屬性頭,才可以生效。
[Authorize(AuthenticationSchemes = "Bearer,Cookies")] public class ControllerCommonBase : ControllerBase { }
這樣一個Controler 控制器,能夠相容兩種模式啦。