我正在使用ASP.NET Core WebAPI构建Web服务。我想使用身份以及JWTbearer身份验证。我的代码在配置启动类别ID的Configureservice方法:
services.AddIdentity<User, Role>()
.AddDefaultTokenProviders();
//JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.Audience = Configuration.GetSection("JwtIssuer").Value;
options.ClaimsIssuer = Configuration.GetSection("JwtIssuer").Value;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = Configuration["JwtIssuer"],
ValidAudience = Configuration["JwtIssuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtKey"]))
};
});
配置启动类的方法包含:
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();
app.UseMvc();
我的问题是,当我调用signInManager.PasswordSignInAsync时,它包括具有身份验证令牌的cookie来响应。但是我只想在标题中使用jwtbearer。是否有任何选择如何禁用SignInManager?
使用SignInManager.CheckPasswordSignInAsync():它执行完全相同的检查,但与SignInManager.PasswordSignInAsync不同,不返回任何cookie。