我有一个默认的ASP.NET Core 3应用程序,它是使用最新的"create-react-app"模板构建的。也就是说,在startup.cs中,我有以下代码来实例化JWT令牌生成器,我假设它使用OpenID。我已经创建了React模板,但我认为这在这种情况下并不重要。,
services.AddDefaultIdentity<ApplicationUser>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
services.AddAuthentication()
.AddIdentityServerJwt();
登录后,我可以看到存储的cookie不是我的JWT令牌(这就是我想要的(。cookie删除了属性.AspNetCore.Identity.Application,我认为它与JWT令牌有某种关系,但我不知道如何。
我想将JWT令牌存储为cookie参数,以便在下一个请求时将其发布回服务器。我如何将JWT签名的代币作为cookie存储在我的asp.net核心3应用程序中?
对于JWT Authentication,它通过标头authorization: Bearer检查请求。没有必要将令牌存储在cookie中。
如果您想获得用于自定义身份验证的令牌,可以尝试从标头中获取。
为了通过jwt身份验证,您需要传递带有authorizaion标头的令牌,而不是cookie。
更新:
对于React和Identity库,身份验证是通过AuthorizeService.js进行的,您可以通过下面的User访问令牌:
async signIn(state) {
await this.ensureUserManagerInitialized();
try {
const silentUser = await this.userManager.signinSilent(this.createArguments());
this.updateState(silentUser);
return this.success(state);
} catch (silentError) {
// User might not be authenticated, fallback to popup authentication
console.log("Silent authentication error: ", silentError);
try {
if (this._popUpDisabled) {
throw new Error('Popup disabled. Change 'AuthorizeService.js:AuthorizeService._popupDisabled' to false to enable it.')
}
const popUpUser = await this.userManager.signinPopup(this.createArguments());
this.updateState(popUpUser);
return this.success(state);
} catch (popUpError) {
if (popUpError.message === "Popup window closed") {
// The user explicitly cancelled the login action by closing an opened popup.
return this.error("The user closed the window.");
} else if (!this._popUpDisabled) {
console.log("Popup authentication error: ", popUpError);
}
// PopUps might be blocked by the user, fallback to redirect
try {
await this.userManager.signinRedirect(this.createArguments(state));
return this.redirect();
} catch (redirectError) {
console.log("Redirect authentication error: ", redirectError);
return this.error(redirectError);
}
}
}
}