我有一个 ASP.NET Core应用程序。
在应用程序中,我有一个身份验证控制器,例如:
[HttpPost("register")]
public async Task<IActionResult> Register([FromBody] UserForRegisterDto userForRegisterDto)
{
var userToCreate = new IdentityUser(userForRegisterDto.Username);
var result = await _userManager.CreateAsync(userToCreate, userForRegisterDto.Password);
return Ok(new
{
token = GenerateJwtToken(userToCreate).Result,
user = result
});
}
private async Task<string> GenerateJwtToken(IdentityUser user)
{
var claims = new List<Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.Id),
new Claim(ClaimTypes.Name, user.UserName)
};
var roles = await _userManager.GetRolesAsync(user);
foreach (var role in roles)
{
claims.Add(new Claim(ClaimTypes.Role, role));
}
var key = new SymmetricSecurityKey(Encoding.UTF8
.GetBytes(_config.GetSection("AppSettings:Token").Value));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddDays(1),
SigningCredentials = creds
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
return tokenHandler.WriteToken(token);
}
如您所见,在注册时,API 会将 JWT 令牌发送回客户端。 我想针对应用程序中的所有控制器验证此令牌。
我知道我必须在Startup.cs文件中添加一些逻辑,但我就是想不通是什么。谁能帮助我实现这一目标?
也许添加一个全局身份验证过滤器:
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
或者在控制器上方添加[Authorize]。