Created Authorization JWT (markdown)

2025-02-08 02:39:26 +08:00 · 2019-10-22 17:28:47 +08:00 · 2019-10-22 17:28:47 +08:00 · 1c19d19a91
commit 1c19d19a91
parent 83dd867039
1 changed files with 157 additions and 0 deletions
--- a/Authorization-JWT.md
+++ b/Authorization-JWT.md
@ -0,0 +1,157 @@
+# 参考文章
+
+[https://www.cnblogs.com/laozhang-is-phi/category/1413402.html](https://www.cnblogs.com/laozhang-is-phi/category/1413402.html)
+
+阅读顺序：从下往上。
+
+
+# 参考视频
+
+[https://www.bilibili.com/video/av58096866/?p=4](https://www.bilibili.com/video/av58096866/?p=4)
+
+
+# 项目步骤
+
+### 配置服务
+
+```
+ #region Authorize 权限认证三步走
+
+
+
+#region 【3、复杂策略授权】
+
+#region 参数
+//读取配置文件
+var audienceConfig = Configuration.GetSection("Audience");
+var symmetricKeyAsBase64 = AppSecretConfig.Audience_Secret_String;
+var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
+var signingKey = new SymmetricSecurityKey(keyByteArray);
+
+
+var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
+
+// 如果要数据库动态绑定，这里先留个空，后边处理器里动态赋值
+var permission = new List<PermissionItem>();
+
+// 角色与接口的权限要求参数
+var permissionRequirement = new PermissionRequirement(
+    "/api/denied",// 拒绝授权的跳转地址（目前无用）
+    permission,
+    ClaimTypes.Role,//基于角色的授权
+    audienceConfig["Issuer"],//发行人
+    audienceConfig["Audience"],//听众
+    signingCredentials,//签名凭据
+    expiration: TimeSpan.FromSeconds(60 * 60)//接口的过期时间
+    );
+#endregion
+
+//【授权】
+services.AddAuthorization(options =>
+{
+    options.AddPolicy(Permissions.Name,
+             policy => policy.Requirements.Add(permissionRequirement));
+});
+
+
+#endregion
+
+
+#endregion
+
+
+
+
+
+#region 【第二步：配置认证服务】
+// 令牌验证参数
+var tokenValidationParameters = new TokenValidationParameters
+{
+    ValidateIssuerSigningKey = true,
+    IssuerSigningKey = signingKey,
+    ValidateIssuer = true,
+    ValidIssuer = audienceConfig["Issuer"],//发行人
+    ValidateAudience = true,
+    ValidAudience = audienceConfig["Audience"],//订阅人
+    ValidateLifetime = true,
+    ClockSkew = TimeSpan.FromSeconds(30),
+    RequireExpirationTime = true,
+};
+
+//2.1【认证】、core自带官方JWT认证
+// 开启Bearer认证
+services.AddAuthentication("Bearer")
+             // 添加JwtBearer服务
+             .AddJwtBearer(o =>
+             {
+    o.TokenValidationParameters = tokenValidationParameters;
+    o.Events = new JwtBearerEvents
+    {
+        OnAuthenticationFailed = context =>
+        {
+            // 如果过期，则把<是否过期>添加到，返回头信息中
+            if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
+            {
+                context.Response.Headers.Add("Token-Expired", "true");
+            }
+            return Task.CompletedTask;
+        }
+    };
+});
+
+
+
+
+services.AddSingleton<IAuthorizationHandler, PermissionHandler>();
+services.AddSingleton(permissionRequirement);
+#endregion
+
+#endregion
+
+```
+
+
+
+### 中间件
+
+```
+  app.UseRouting();
+  
+  app.UseAuthentication(); 
+
+  app.UseAuthorization();
+
+
+```
+
+
+### 设计处理器
+
+Blog.Core/AuthHelper/Policys/PermissionHandler.cs
+
+```
+    /// <summary>
+    /// 权限授权处理器
+    /// </summary>
+    public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
+    {
+
+    }
+```
+
+
+
+### 调用
+
+```
+/// <summary>
+/// 接口管理
+/// </summary>
+[Route("api/[controller]/[action]")]
+[ApiController]
+[Authorize(Permissions.Name)]
+public class ModuleController : ControllerBase
+
+```
+
+