堆栈内存溢出
  简体   繁体   English

具有用户权限的基于JWT令牌的授权Asp.net core 2.0

[英]JWT Token based Authorization with user permission Asp.net core 2.0

 原文  2018-07-17 11:14:03       c#/ asp.net-core/ jwt

问题描述

I, have created a JWT token with claim as permission Read or Write or Delete as shown in the figure below. 我已经创建了一个JWT令牌,其声明为具有读取,写入或删除权限,如下图所示。

允许

Now, both the Admin/Normal User log on to the system. 现在,管理员/普通用户都登录到系统。 Admin and normal user get the token and store in the local storage. 管理员和普通用户将获得令牌并将其存储在本地存储中。

For the first time the normal user won't get Read/Write/Create/Delete UI controls. 普通用户第一次不会获得读取/写入/创建/删除UI控件。 The token expire time is 2 min. 令牌到期时间为2分钟。

Now the admin change the permission for the normal user in the database as below 现在,管理员如下更改数据库中普通用户的权限 允许 .

Since, the token is not expire for the normal user. 因为,令牌对于普通用户不会过期。 Still he can't read and write. 仍然他不会读写。 The logic works if token expire then user login again then he can view the read/write UI control 如果令牌过期,则逻辑起作用,然后用户再次登录,然后他可以查看读/写UI控件

How can I, achieve this simultaneously with permission changes by admin. 我如何通过管理员更改权限同时实现这一点。

Some of the reference link https://jonhilton.net/identify-users-permissions-with-jwts-and-asp-net-core-webapi/ 一些参考链接https://jonhilton.net/identify-users-permissions-with-jwts-and-asp-net-core-webapi/

https://www.jerriepelser.com/blog/using-roles-with-the-jwt-middleware/ https://www.jerriepelser.com/blog/using-roles-with-the-jwt-middleware/

1 个解决方案

解决方案1
 0  2018-07-17 11:24:28

As this logic is handling in the server you need to inform the UI of a change in permissions for that user. 由于此逻辑正在服务器中处理,因此您需要通知UI该用户的权限更改。 In this situation something like SignalR which is really easy to get working with .NET Core would work perfectly. 在这种情况下,SignalR之类的东西非常容易与.NET Core一起使用,它将可以完美地工作。 This can alert the UI of a change in the permissions and go and get the user another JWT token passed through websockets events, which unlocks the UI logic. 这样可以向UI发出权限更改警报,并通过websockets事件传递给用户另一个JWT令牌,从而解锁UI逻辑。 This then can be re-saved in local storage for that user (obviously if there currently using the platform) 然后可以将其重新保存到该用户的本地存储中(显然,如果当前正在使用该平台)

https://docs.microsoft.com/en-us/aspnet/core/signalr/dotnet-client?view=aspnetcore-2.1 https://docs.microsoft.com/zh-cn/aspnet/core/signalr/dotnet-client?view=aspnetcore-2.1

I do not think there a prebuilt way in JWT to do what you are trying to do, JWT creates the tokens for authenticated users. 我认为JWT中没有预构建的方式可以执行您要尝试执行的操作,JWT为经过身份验证的用户创建令牌。 It is up to you to expiry and create new valid tokens with valid permissions. 由您决定是否要到期并创建具有有效许可权的新有效令牌。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.NET Core 2.0 JWT 验证失败,并显示“用户授权失败:(空)”错误 - ASP.NET Core 2.0 JWT Validation fails with `Authorization failed for user: (null)` error asp.net core 2.0 - 基于声明和策略的授权 - asp.net core 2.0 - Claims and policy based Authorization 如何在 ASP.net core Identity 中实现基于权限的授权? - How to implement permission based authorization in ASP.net core Identity? ASP.NET Core:具有范围的JWT令牌 - ASP.NET Core: JWT token with Scopes ASP.NET Core 中的 Jwt 令牌身份验证 - Jwt token authentication in ASP.NET Core ASP.Net Core JWT 令牌验证 - ASP.Net Core JWT Token validation asp.net 内核中的无效 jwt 令牌 - Invalid jwt Token in asp.net core ASP.NET Core 和 JWT 令牌生命周期 - ASP.NET Core and JWT token lifetime 通过使用JWT令牌在Web API上声明角色授权-Asp.net核心标识 - Authorization by a Claim of a Role on Web API using JWT Token- Asp.net Core Identity 授权成功后,在 ASP.NET Core 3.1 MVC 中从 AWS Cognito 检索 JWT 令牌 - Retrieving JWT token from AWS Cognito in ASP.NET Core 3.1 MVC after successful authorization
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM