参考文章

https://www.cnblogs.com/laozhang-is-phi/category/1413402.html

阅读顺序：从下往上。

参考视频

https://www.bilibili.com/video/av58096866/?p=4

项目步骤

配置服务

  
//读取配置文件
var audienceConfig = Configuration.GetSection("Audience");
var symmetricKeyAsBase64 = AppSecretConfig.Audience_Secret_String;
var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
var signingKey = new SymmetricSecurityKey(keyByteArray);


var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);

// 如果要数据库动态绑定，这里先留个空，后边处理器里动态赋值
var permission = new List<PermissionItem>();

// 角色与接口的权限要求参数
var permissionRequirement = new PermissionRequirement(
    "/api/denied",// 拒绝授权的跳转地址（目前无用）
    permission,
    ClaimTypes.Role,//基于角色的授权
    audienceConfig["Issuer"],//发行人
    audienceConfig["Audience"],//听众
    signingCredentials,//签名凭据
    expiration: TimeSpan.FromSeconds(60 * 60)//接口的过期时间
    ); 

//【授权】
services.AddAuthorization(options =>
{
    options.AddPolicy(Permissions.Name,
             policy => policy.Requirements.Add(permissionRequirement));
});

 
 


 
// 令牌验证参数
var tokenValidationParameters = new TokenValidationParameters
{
    ValidateIssuerSigningKey = true,
    IssuerSigningKey = signingKey,
    ValidateIssuer = true,
    ValidIssuer = audienceConfig["Issuer"],//发行人
    ValidateAudience = true,
    ValidAudience = audienceConfig["Audience"],//订阅人
    ValidateLifetime = true,
    ClockSkew = TimeSpan.FromSeconds(30),
    RequireExpirationTime = true,
};

//2.1【认证】、core自带官方JWT认证
// 开启Bearer认证
services.AddAuthentication("Bearer")
             // 添加JwtBearer服务
             .AddJwtBearer(o =>
             {
    o.TokenValidationParameters = tokenValidationParameters;
    o.Events = new JwtBearerEvents
    {
        OnAuthenticationFailed = context =>
        {
            // 如果过期，则把<是否过期>添加到，返回头信息中
            if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
            {
                context.Response.Headers.Add("Token-Expired", "true");
            }
            return Task.CompletedTask;
        }
    };
});




services.AddSingleton<IAuthorizationHandler, PermissionHandler>();
services.AddSingleton(permissionRequirement);

中间件

  app.UseRouting();
  
  app.UseAuthentication(); 

  app.UseAuthorization();

设计处理器

Blog.Core/AuthHelper/Policys/PermissionHandler.cs

    /// <summary>
    /// 权限授权处理器
    /// </summary>
    public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
    {

    }

调用

/// <summary>
/// 接口管理
/// </summary>
[Route("api/[controller]/[action]")]
[ApiController]
[Authorize(Permissions.Name)]
public class ModuleController : ControllerBase

入门指南

框架说明
快速运行
主要知识点
- AOP
- Appsettings
- Async-Await
- Authorization-Ids4
- Authorization-JWT
- AutoMapper
- CORS
- DI-AutoFac
- DI-NetCore
- Filter
- GlobalExceptionsFilter
- HttpContext
- Log4
- MemoryCache
- Middleware
- MiniProfiler
- publish
- Redis
- Repository
- SeedData
- SignalR
- SqlSugar
- SqlSugar-Codefirst&DataSeed
- SqlSugar-SqlAOP
- Swagger
- T4
- Test-xUnit
- Temple-Nuget
API 地址

前端项目

交流与反馈

FAQ page is a good place to see whether your question is already asked.
Ask a question in cnblogs if you need help.
Submit an issue if you found a bug or have a feature request.
Open a pull request when you prepared to contribute. Before that, it is encouraged to open an issue to discuss.

更新日志

Change Log

有疑问，请自行查看博客园文章：https://www.cnblogs.com/laozhang-is-phi/p/9495618.html#autoid-1-0-0

或者加 QQ 群：867095512