【发布时间】:2017-12-01 14:57:21
【问题描述】:
我在 React JS 中有一个 .net core web api 和 SPA 客户端。我想允许用户使用在 Azure AD 中注册的电子邮件从客户端登录,并使用 JWT 令牌保护我的 web api。我尝试使用简单的硬编码用户名和密码生成令牌,但我不知道如何从 Azure AD 获取用户并生成 JWT 令牌。
这是我的 JWTController:
[Route("api/[controller]")]
public class JwtController : Controller
{
private readonly JwtIssuerOptions _jwtOptions;
private readonly ILogger _logger;
private readonly JsonSerializerSettings _serializerSettings;
public JwtController(IOptions<JwtIssuerOptions> jwtOptions, ILoggerFactory loggerFactory)
{
_jwtOptions = jwtOptions.Value;
ThrowIfInvalidOptions(_jwtOptions);
_logger = loggerFactory.CreateLogger<JwtController>();
_serializerSettings = new JsonSerializerSettings
{
Formatting = Formatting.Indented
};
}
[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Get([FromForm] string Username, string Password)
{
var applicationUser = new ApplicationUser();
applicationUser.UserName = Username;
applicationUser.Password = Password;
var identity = await GetClaimsIdentity(applicationUser);
if (identity == null)
{
_logger.LogInformation($"Invalid username({applicationUser.UserName}) or password ({applicationUser.Password})");
return BadRequest("Invalid credentials");
}
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, applicationUser.UserName),
new Claim(JwtRegisteredClaimNames.Jti, await _jwtOptions.JtiGenerator()),
new Claim(JwtRegisteredClaimNames.Iat,
ToUnixExpochDate(_jwtOptions.IssuedAt).ToString(),
ClaimValueTypes.Integer64),
identity.FindFirst("Disney")
};
//Create the JWT security token and encode it.
var jwt = new JwtSecurityToken(
issuer: _jwtOptions.Issuer,
audience: _jwtOptions.Audience,
claims:claims,
notBefore:_jwtOptions.NotBefore,
expires:_jwtOptions.Expiration,
signingCredentials:_jwtOptions.SigningCredentials);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
//Serialize and return the response.
var response = new
{
access_token = encodedJwt,
expires_in = (int)_jwtOptions.ValidFor.TotalSeconds
};
var json = JsonConvert.SerializeObject(response, _serializerSettings);
return new OkObjectResult(json);
}
private static void ThrowIfInvalidOptions(JwtIssuerOptions options)
{
if (options == null) throw new ArgumentNullException(nameof(options));
if (options.ValidFor <= TimeSpan.Zero)
{
throw new ArgumentException("Must be a non-zero TimeSpan.", nameof(JwtIssuerOptions.ValidFor));
}
if (options.SigningCredentials == null)
{
throw new ArgumentNullException(nameof(JwtIssuerOptions.SigningCredentials));
}
if (options.JtiGenerator == null)
{
throw new ArgumentNullException(nameof(JwtIssuerOptions.JtiGenerator));
}
}
private static long ToUnixExpochDate(DateTime date)
=> (long)Math.Round((date.ToUniversalTime() -
new DateTimeOffset(1970, 1, 1, 0, 0, 0, TimeSpan.Zero))
.TotalSeconds);
private Task<ClaimsIdentity> GetClaimsIdentity(ApplicationUser user)
{
if (user.UserName == "mickey" && user.Password == "mouse")
{
return Task.FromResult(new ClaimsIdentity(
new GenericIdentity(user.UserName, "Token"),
new[]
{
new Claim("Disney", "mickey")
}));
}
if (user.UserName == "notmickey" && user.Password == "mouse")
{
return Task.FromResult(new ClaimsIdentity(
new GenericIdentity(user.UserName, "Token"),
new Claim[] { }));
}
return Task.FromResult<ClaimsIdentity>(null);
}
}
有人知道如何实现吗?
【问题讨论】:
标签: jwt azure-active-directory asp.net-core-webapi