Authentication in dot net core preview-2.0

2019-07-15 03:42发布

问题:

I tried jwt token authentication in my web api project in .net-core preview-2, but it's not working properly.

JwtBearerAppBuilderExtensions.UseJwtBearerAuthentication(IA‌​pplicationBuilder, JwtBearerOptions)' is obsolete: 'See go.microsoft.com/fwlink/?linkid=845470';

When i try same code to dot net core 1.2, it runs properly. What should i do?

回答1:

i think you should use:

 var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration.GetSection("TokenAuthentication:SecretKey").Value));


        var tokenValidationParameters = new TokenValidationParameters
        {
            // The signing key must match!
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = signingKey,
            // Validate the JWT Issuer (iss) claim
            ValidateIssuer = true,
            ValidIssuer = Configuration.GetSection("TokenAuthentication:Issuer").Value,
            // Validate the JWT Audience (aud) claim
            ValidateAudience = true,
            ValidAudience = Configuration.GetSection("TokenAuthentication:Audience").Value,
            // Validate the token expiry
            ValidateLifetime = true,
            // If you want to allow a certain amount of clock drift, set that here:
            ClockSkew = TimeSpan.Zero
        };
        services.AddJwtBearerAuthentication(options =>
        {
            options.TokenValidationParameters = tokenValidationParameters;
        });
        services.AddAuthorization(options =>
        {
            options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme).RequireAuthenticatedUser().Build();
        });
        services.AddCors(options =>
        {
            options.AddPolicy("CorsPolicy",
                builder => builder.AllowAnyOrigin()
                .AllowAnyMethod()
                .AllowAnyHeader()
                .AllowCredentials());
        });


回答2:

In the released version it can be used like the following:

var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration.GetSection("TokenAuthentication:SecretKey").Value));

var tokenValidationParameters = new TokenValidationParameters
{
    // The signing key must match!
    ValidateIssuerSigningKey = true,
    IssuerSigningKey = signingKey,
    // Validate the JWT Issuer (iss) claim
    ValidateIssuer = true,
    ValidIssuer = Configuration.GetSection("TokenAuthentication:Issuer").Value,
    // Validate the JWT Audience (aud) claim
    ValidateAudience = true,
    ValidAudience = Configuration.GetSection("TokenAuthentication:Audience").Value,
    // Validate the token expiry
    ValidateLifetime = true,
    // If you want to allow a certain amount of clock drift, set that here:
    ClockSkew = TimeSpan.Zero
};

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options => {
        jwtOptions.TokenValidationParameters = tokenValidationParameters;
});

services.AddAuthorization(options =>
{
    options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme).RequireAuthenticatedUser().Build();
});
services.AddCors(options =>
{
    options.AddPolicy("CorsPolicy",
        builder => builder.AllowAnyOrigin()
        .AllowAnyMethod()
        .AllowAnyHeader()
        .AllowCredentials());
});

Source: https://docs.microsoft.com/en-us/aspnet/core/migration/1x-to-2x/identity-2x (See JWT Bearer Authentication)



回答3:

The configuration with options moved to the IServiceCollection. The IApplicationBuilder should just be told to UseAuthentication.

app.UseAuthentication();

In the ConfigureServices for IServiceCollection, you can configure it with your options.

services.AddJwtBearerAuthentication( o => 
        {
            o.Audience = "someaudience";
            o.Authority = "someAuthoriy";
        });