在ASP.NET Core 3.1启动类和控制器之间共享配置对象的最佳方式是什么?
我看到了一些使用DI的例子,这似乎是个好主意,但我需要在public void ConfigureServices(IServiceCollection services)中使用依赖关系。
此外,该对象依赖于一个Microsoft.Extensions.Configuration.IConfiguration实例。
对象将在
Startup.cs、ConfigureServices本身以及Controllers中使用。
DI能工作吗?或者这个解决方案是一个带参数的Singleton?
以下是需要共享的特定代码:
// openssl rand -hex 16 => 256 bits when read
var jwt_key = Configuration.GetSection("JwtOption:IssuerSigningKey").Value;
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwt_key));
var tokenValidationParameters = new TokenValidationParameters
{
// The signing key must match!
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
// Validate the JWT Issuer (iss) claim
ValidateIssuer = true,
ValidIssuer = "some host name",
// Validate the JWT Audience (aud) claim
ValidateAudience = true,
ValidAudience = "web_intranet",
// Validate the token expiry
ValidateLifetime = true,
// If you want to allow a certain amount of clock drift, set that here:
ClockSkew = TimeSpan.Zero
};
该对象在public void ConfigureServices(IServiceCollection services)方法中使用如下
services
.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.TicketDataFormat = new CustomJwtDataFormat(
SecurityAlgorithms.HmacSha256,
tokenValidationParameters);
});
尽量避免传递IConfiguration。共享代码可以在启动中完成,模型填充并添加到容器中
您可以直接在Startup.ConfigureServices中的容器中注册实例
void ConfigureServices(IServiceCollection services) {
var jwt_key = Configuration.GetSection("JwtOption:IssuerSigningKey").Value;
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwt_key));
var tokenValidationParameters = new TokenValidationParameters {
//...code omitted for brevity
}
services.AddSingleton(tokenValidationParameters);
//...can still use tokenValidationParameters
services
.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.TicketDataFormat = new CustomJwtDataFormat(
SecurityAlgorithms.HmacSha256,
tokenValidationParameters);
});
}
并在需要的地方显式注入
//ctr
public MyController(TokenValidationParameters tokenParameters) {
//...
}
或者你可以使用选项模式
ASP.NET Core 中的引用选项模式
void ConfigureServices(IServiceCollection services) {
//...code omitted for brevity
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwt_key));
services.Configure<TokenValidationParameters>(options => {
// The signing key must match!
options.ValidateIssuerSigningKey = true;
options.IssuerSigningKey = signingKey;
// Validate the JWT Issuer (iss) claim
options.ValidateIssuer = true;
options.ValidIssuer = "some host name";
// Validate the JWT Audience (aud) claim
options.ValidateAudience = true;
options.ValidAudience = "web_intranet";
// Validate the token expiry
options.ValidateLifetime = true;
// If you want to allow a certain amount of clock drift, set that here:
options.ClockSkew = TimeSpan.Zero;
});
//...
//Use DI services to configure cookie options
var scheme = CookieAuthenticationDefaults.AuthenticationScheme;
services.AddOptions<CookieAuthenticationOptions>(scheme)
.Configure<IOptions<TokenValidationParameters>>((options, token) => {
options.TicketDataFormat = new CustomJwtDataFormat(
SecurityAlgorithms.HmacSha256,
token.Value); //<--
});
services
.AddAuthentication(scheme)
.AddCookie();
}
参考使用DI服务配置选项
并在需要的地方注入IOptions<TokenValidationParameters>
//ctr
public MyController(IOptions<TokenValidationParameters> options) {
TokenValidationParameters tokenParameters = options.Value;
//...
}
这是我使用DI测试的选项。
创建POCO对象:
public sealed class JwtConfig
{
public TokenValidationParameters tokenValidationParameters;
public JwtConfig(IConfiguration configuration)
{
// configure the object: tokenValidationParameters
}
}
启动时:
public void ConfigureServices(IServiceCollection services)
{
// register
services.AddSingleton<JwtConfig>();
// retrieve
var serviceProvider = services.BuildServiceProvider();
var jwtConfig = serviceProvider.GetService<JwtConfig>();
// use the jwtConfig <IMPORTANT to be able to do this here>
}
在控制器构造函数中,注入对象:
public LoginController(IUserService userService, JwtConfig jwtConfig)
{
this.jwtConfig = jwtConfig;
}