.NET Core中的JWT授权-与OAuth服务器通信
[英]JWT Authorization in .net Core - communicate with OAuth server
问题描述
I start building new application with JWT authorization. 
我开始使用JWT授权构建新的应用程序。 Our team already have OAuth 2 server written in java, so my target is: check key with public key. 我们的团队已经有用Java编写的OAuth 2服务器,所以我的目标是:用公钥检查密钥。 But I don't know how to do it. 但是我不知道该怎么做。 If I use .net identity I have to use entity framework but I use only Cassandra as a database. 如果使用.net身份,则必须使用实体框架,但仅将Cassandra用作数据库。
How I can implement it without using EF? 在不使用EF的情况下如何实现它? Do you know any tutorials? 你知道任何教程吗?
2 个解决方案
解决方案1
1 2017-09-13 10:14:06
You don't need any ASP.NET Core stuff. 您不需要任何ASP.NET Core内容。 A simple approach would be: 一种简单的方法是:
Nu-get the Packages Nu-get软件包
System.IdentityModel.Tokens.Jwt,
Microsoft.IdentityModel.Tokens
Set up some validation parameters: 设置一些验证参数:
var validationParameters = new TokenValidationParameters
{
RequireExpirationTime = true,
ValidateLifetime = true,
IssuerSigningKeys = keys, // Your public keys.
ValidAudience = "my valid audience",
ValidIssuer = "my valid issuer"
}
Call ValidateToken to get a ClaimsPrincipal with claims and stuff. 调用ValidateToken以获取具有索赔和其他内容的ClaimsPrincipal 。 token is your JWT string, eg parsed from Authorization HTTP header. token是您的JWT字符串,例如从Authorization HTTP标头解析。
var handler = new JwtSecurityTokenHandler();
handler.ValidateToken(token, validationParameters, out SecurityToken validatedToken);
Using JsonWebKeySet from the above IdentityModel.Tokens package, you can automagically obtain keys from an OpenID Connect configuration: 使用上述IdentityModel.Tokens包中的JsonWebKeySet ,可以从OpenID Connect配置自动获取密钥:
https://github.com/IdentityModel/IdentityModel/blob/master/source/IdentityModel.Shared/Jwt/JsonWebKeySet.cs https://github.com/IdentityModel/IdentityModel/blob/master/source/IdentityModel.Shared/Jwt/JsonWebKeySet.cs
解决方案2
0 2017-09-13 09:52:23
There are quite a few Microsoft (and other) documents available (make sure you are looking at documents relevant to the version that you are working with!) - googling will find them pretty easily, but EF is certainly not required as seen below. 有很多Microsoft(及其他)文档可用(请确保您正在查看与您使用的版本有关的文档!)-使用Google搜索可以很容易地找到它们,但是如下所示,EF绝对不是必需的。
No identity or user information is managed by the app directly.
Here is a simple example for version 1.1 https://github.com/williamhallatt/aspnet-core-webapi-jwt-auth-example 这是1.1版的一个简单示例https://github.com/williamhallatt/aspnet-core-webapi-jwt-auth-example
and the same example for 2.0 https://github.com/williamhallatt/aspnet-core-webapi-jwt-auth-example/tree/dotnecore2.0 和2.0的相同示例https://github.com/williamhallatt/aspnet-core-webapi-jwt-auth-example/tree/dotnecore2.0
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.