
时间:2017-10-11 14:20:42

标签: c# asp.net-web-api asp.net-core jwt asp.net-core-2.0

我使用标准身份开发了具有个人用户帐户的Core 2 MVC应用程序。 MVC应用程序一切正常。






using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using TechsportiseOnline.Models.AccountViewModels;
using Microsoft.AspNetCore.Identity;
using TechsportiseOnline.Models;
using System.Security.Claims;
using System.IdentityModel.Tokens.Jwt;
using Microsoft.IdentityModel.Tokens;
using System.Text;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Options;
using TechsportiseOnline.Helpers;

namespace TechsportiseOnline.Controllers
    public class TokenController : Controller
        private readonly UserManager<ApplicationUser> _userManager;
        private readonly SignInManager<ApplicationUser> _signInManager;
        private readonly IConfiguration _configuration;
        private readonly IOptions<JWTSettings> _jwtConfig;

        public TokenController(
              UserManager<ApplicationUser> userManager,
              SignInManager<ApplicationUser> signInManager,
              IConfiguration configuration,
              IOptions<JWTSettings> jwtConfig)
                        _userManager = userManager;
                        _signInManager = signInManager;
                        _configuration = configuration;
                        _jwtConfig = jwtConfig;


        public async Task<IActionResult> GenerateToken([FromBody] LoginViewModel model)
            if (ModelState.IsValid)
                var user = await _userManager.FindByEmailAsync(model.Email);

                if (user != null)
                    var result = await _signInManager.CheckPasswordSignInAsync(user, model.Password, false);
                    if (result.Succeeded)

                        var claims = new[]
                          new Claim(JwtRegisteredClaimNames.Sub, user.Email),
                          new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),

                        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtConfig.Value.SecretKey.ToString()));
                        var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

                        var token = new JwtSecurityToken(_jwtConfig.Value.Issuer.ToString(),
                          expires: DateTime.Now.AddDays(30),
                          signingCredentials: creds);

                        return Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token) });

            return BadRequest("Could not create token");


using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using TechsportiseOnline.Data;
using TechsportiseOnline.Models;
using TechsportiseOnline.Services;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc.Authorization;
using TechsportiseOnline.Authorization;
using TechsportiseOnline.Helpers;
using Swashbuckle.AspNetCore.Swagger;
using System.IO;
using Microsoft.Extensions.PlatformAbstractions;
using static TechsportiseOnline.Helpers.Swagger;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using System.Text;

namespace TechsportiseOnline
    public class Startup
        public Startup(IConfiguration configuration)
            Configuration = configuration;

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
            services.AddDbContext<ApplicationDbContext>(options =>


                      .AddJwtBearer(cfg =>
                          cfg.IncludeErrorDetails = true;
                          cfg.RequireHttpsMetadata = false;
                          cfg.SaveToken = true;

                          var secretKey = Configuration.GetSection("JWTSettings.SecretKey").Value;
                          var issuer = Configuration.GetSection("JWTSettings.Issuer").Value;
                          var audience = Configuration.GetSection("JWTSettings.Audience").Value;
                          var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretKey));

                          cfg.TokenValidationParameters = new TokenValidationParameters()
                              ValidateIssuer = true,
                              ValidIssuer = Configuration.GetSection("JWTSettings.Issuer").Value,
                              ValidateAudience = true,
                              ValidAudience = Configuration.GetSection("JWTSettings.Audience").Value,
                              IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JWTSettings:SecretKey"]))



            services.AddIdentity<ApplicationUser, IdentityRole>(config =>
                    config.SignIn.RequireConfirmedEmail = true;

            services.Configure<IdentityOptions>(options =>
                // Password settings
                options.Password.RequireDigit = true;
                options.Password.RequiredLength = 6;
                options.Password.RequireNonAlphanumeric = false;
                options.Password.RequireUppercase = false;
                options.Password.RequireLowercase = false;
                options.Password.RequiredUniqueChars = 2;

                // Lockout settings
                options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
                options.Lockout.MaxFailedAccessAttempts = 10;
                options.Lockout.AllowedForNewUsers = true;

                // User settings
                options.User.RequireUniqueEmail = true;


            services.ConfigureApplicationCookie(options =>
                // Cookie settings
                options.Cookie.HttpOnly = true;
                options.Cookie.Expiration = TimeSpan.FromDays(150);
                options.LoginPath = "/Account/Login"; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login
                options.LogoutPath = "/Account/Logout"; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout
                options.AccessDeniedPath = "/Account/AccessDenied"; // If the AccessDeniedPath is not set here, ASP.NET Core will default to /Account/AccessDenied
                options.SlidingExpiration = true;

            // Add application services.
            services.AddTransient<IEmailSender, Email>();

            services.AddSwaggerGen(c =>
                c.SwaggerDoc("v1", new Info { Title = "Techsportise API", Version = "v1" });
                var filePath = Path.Combine(PlatformServices.Default.Application.ApplicationBasePath, "Techsportise.xml");


            var skipSSL = Configuration.GetValue<bool>("LocalTest:skipSSL");
            // requires using Microsoft.AspNetCore.Mvc;
            services.Configure<MvcOptions>(options =>
                // Set LocalTest:skipSSL to true to skip SSL requrement in 
                // debug mode. This is useful when not using Visual Studio.
                if (!skipSSL)
                    options.Filters.Add(new RequireHttpsAttribute());

            services.AddMvc(config =>
                var policy = new AuthorizationPolicyBuilder()
                config.Filters.Add(new AuthorizeFilter(policy));






        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
            if (env.IsDevelopment())



            app.UseMvc(routes =>
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");

            // Enable middleware to serve generated Swagger as a JSON endpoint.

            // Enable middleware to serve swagger-ui (HTML, JS, CSS etc.), specifying the Swagger JSON endpoint.
            app.UseSwaggerUI(c =>
                c.SwaggerEndpoint("/swagger/v1/swagger.json", "Techsportise API V1");



using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using TechsportiseOnline.Data;
using TechsportiseOnline.Helpers;
using TechsportiseOnline.Models;

namespace TechsportiseOnline.Controllers

    /// <summary>
    /// This class is used as an API for Races
    /// </summary>
    [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
    public class RaceController : Controller

        private readonly ApplicationDbContext _context;
        private readonly IAuthorizationService _authorizationService;
        private readonly UserManager<ApplicationUser> _userManager;

        public RaceController(ApplicationDbContext context,
           IAuthorizationService authorizationService,
           UserManager<ApplicationUser> userManager)
            _context = context;
            _userManager = userManager;
            _authorizationService = authorizationService;

        /// <summary>
        /// Get all Races
        /// </summary>
        /// <remarks>
        /// Gets all Races which have been created by the user
        /// </remarks>
        /// <returns>All created Races</returns>
        public IEnumerable<Race> GetAll()
            //Get only records where the OwnerId is not the logged in User.
            return _context.Races.Where(p => p.OwnerID == _userManager.GetUserId(User)).ToList();

        /// <summary>
        /// Get a single Race
        /// </summary>
        /// <remarks>
        /// Gets the details from a single Race from it's ID
        /// </remarks>
        /// <param name="id">Race ID</param>
        /// <returns>Single Race</returns>
        [HttpGet("{id}", Name = "GetRace")]
        public IActionResult GetById(long id)
            //Only return the data when it is owned by the same Id
            var item = _context.Races.Where(p => p.OwnerID == _userManager.GetUserId(User)).FirstOrDefault(t => t.ID == id);

            if (item == null)
                return NotFound();

            return new ObjectResult(item);

        /// <summary>
        /// Get all entries for a Race
        /// </summary>
        /// <remarks>
        /// Gets the all the entries from the race ID
        /// </remarks>
        /// <param name="id">Race ID</param>
        /// <returns>All Entries from the given Race ID</returns>
        [HttpGet("{id}/entries", Name = "GetEntriesByRaceID")]
        public IEnumerable<RaceEntry> GetAllEntries(long id)
            //Only return the data when it is owned by the same Id
            //Get only records where the OwnerId is not the logged in User.
            return _context.RaceEntries.Where(p => p.OwnerID == _userManager.GetUserId(User))
                                        .Where(p => p.RaceID == id)

        ///// <summary>
        ///// Get all timings for a Race
        ///// </summary>
        ///// <remarks>
        ///// Gets the all the timings from the race ID
        ///// </remarks>
        ///// <param name="id">Race ID</param>
        ///// <returns>All timings from the given Race ID</returns>
        //[HttpGet("{id}/timings", Name = "GetTimingsByRaceID")]
        //public IEnumerable<Timing> GetAllTimings(long id)

        //    //Only return the data when it is owned by the same Id
        //    //Get only records where the OwnerId is not the logged in User.
        //    return _context.Timings.Where(p => p.OwnerId == User.GetUserId())
        //                                .Where(p => p.RaceId == id)
        //                                .ToList();

        ///// <summary>
        ///// Get the results for a Race
        ///// </summary>
        ///// <remarks>
        ///// Gets the all the results from the race ID
        ///// </remarks>
        ///// <param name="id">Race ID</param>
        ///// <returns>All results from the given Race ID</returns>
        //[HttpGet("{id}/results", Name = "GetResultsByRaceID")]
        //public IEnumerable<Results> GetAllResults(long id)
        //    List<Results> raceresults = new List<Results>();
        //    var raceid = id;

        //    foreach (var raceentry in _context.RaceEntries.Where(p => p.OwnerId == User.GetUserId())
        //                                                    .Where(p => p.RaceID == id))
        //    {
        //        var raceresult = new Results();
        //        var racedetails = _context.Races.Where(t => t.OwnerId == User.GetUserId())
        //                                            .FirstOrDefault(t => t.Id == raceid);
        //        var timingdetails = _context.Timings.Where(t => t.OwnerId == User.GetUserId())
        //                                                .FirstOrDefault(t => t.BibNumber == raceentry.BibNumber);

        //        var race = _context.Races.Where(t => t.OwnerId == User.GetUserId())
        //                             .FirstOrDefault(t => t.Id == id);

        //        raceresult.AthleteUserID = raceentry.AthleteUserId;
        //        raceresult.Category = "Category";
        //        raceresult.CategoryPosition = 1;
        //        raceresult.ChipTime = DateTime.Now; //timingdetails.EndTime - timingdetails.StartTime;
        //        raceresult.Club = raceentry.Club;
        //        raceresult.ClubPosition = 1;
        //        raceresult.EntryId = raceentry.Id;
        //        raceresult.FirstName = raceentry.FirstName;
        //        raceresult.Gender = raceentry.Gender;
        //        raceresult.GenderPosition = 1;
        //        raceresult.GunTime = DateTime.Now; //race.RaceStartTime - timingdetails.EndTime;
        //        raceresult.LastName = raceentry.LastName;
        //        raceresult.OverallPosition = 0;
        //        raceresult.RaceDate = race.RaceDate;
        //        raceresult.RaceID = raceid;
        //        raceresult.RaceName = race.Name;
        //        raceresult.ResultId = 1;
        //        raceresult.Team = raceentry.Team;
        //        raceresult.TeamPosition = 1;
        //        raceresults.Add(raceresult);
        //        //build result object
        //    }
        //    //Only return the data when it is owned by the same Id
        //    //Get only records where the OwnerId is not the logged in User.
        //    return raceresults.ToList();

        ///// <summary>
        ///// Publish the results of a Race
        ///// </summary>
        ///// <remarks>
        ///// Publishes the results as Provisional or Final. Final will submit them to RunBritain/PO10
        ///// </remarks>
        ///// <returns>The JSON for the created Race</returns>
        //[HttpPost("{id}/publish", Name = "PublishResults")]
        //public IActionResult Publish([FromBody] Race item)
        //    if (item == null)
        //    {
        //        return BadRequest();
        //    }

        //    _context.Races.Add(item);

        //    //Set Owner ID
        //    item.OwnerId = User.GetUserId();

        //    _context.SaveChanges();

        //    return CreatedAtRoute("GetRace", new { id = item.Id }, item);

        /// <summary>
        /// Creates a Race
        /// </summary>
        /// <remarks>
        /// Creates a Race which can have entrants and timings assigned to it.
        /// </remarks>
        public IActionResult Create([FromBody] RacePost item)
            if (item == null)
                return BadRequest();

            if (item.Name == null)
                return BadRequest("The Race must have a Name");

            var raceitem = new Race
                CurrentEntries = item.CurrentEntries,
                Description = item.Description,
                MaxEntries = item.MaxEntries,
                Name = item.Name,
                ContactName = item.ContactName,
                ContactEmail = item.ContactEmail,
                ContactNumber = item.ContactNumber,
                OwnerID = _userManager.GetUserId(User),
                RaceDate = item.RaceDate,
                RaceStartTime = item.RaceStartTime,
                IsCompleted = item.IsCompleted,
                IsPublished = item.IsPublished,
                IsOpenForEntries = item.IsOpenForEntries,
                LastUpdated = DateTime.Now



            return CreatedAtRoute("GetRace", new { id = raceitem.ID }, raceitem);

        /// <summary>
        /// Update a Race
        /// </summary>
        /// <remarks>
        /// Update's a Race's details
        /// </remarks>
        /// <param name="id">Race ID</param>
        /// <returns>The JSON for the updated Race</returns>
        public IActionResult Update(long id, [FromBody] Race item)
            if (item == null)
                return BadRequest();

            if (item.Name == null)
                return BadRequest("The Race must have a Name");

            var race = _context.Races.Where(t => t.OwnerID == _userManager.GetUserId(User))
                                     .FirstOrDefault(t => t.ID == id);
            //var race = _context.Races.FirstOrDefault(t => t.ID == id);
            if (race == null)
                return NotFound();

            race.OwnerID = _userManager.GetUserId(User);
            race.Name = item.Name;
            race.ContactName = item.ContactName;
            race.ContactEmail = item.ContactEmail;
            race.ContactNumber = item.ContactNumber;
            race.RaceDate = item.RaceDate;
            race.RaceStartTime = item.RaceStartTime;
            race.Description = item.Description;
            race.MaxEntries = item.MaxEntries;
            race.CurrentEntries = item.CurrentEntries;
            race.IsCompleted = item.IsCompleted;
            race.IsPublished = item.IsPublished;
            race.IsOpenForEntries = item.IsOpenForEntries;
            race.LastUpdated = DateTime.Now;

            return new NoContentResult();

        /// <summary>
        /// Delete a Race
        /// </summary>
        /// <remarks>
        /// Deletes a Race. Note: This will orphan any related result data and is not recommended!
        /// </remarks>
        /// <param name="id">Race ID</param>
        /// <returns></returns>
        public IActionResult Delete(long id)
            var race = _context.Races.Where(p => p.OwnerID == _userManager.GetUserId(User)).FirstOrDefault(t => t.ID == id);
            //var race = _context.Races.FirstOrDefault(t => t.Id == id);

            if (race == null)
                return NotFound();

            var raceid = race.ID;

            ////Delete associated race entries
            //foreach (var raceentry in _context.RaceEntries.Where(p => p.OwnerId == User.GetUserId())
            //                                                .Where(p => p.RaceID == raceid))
            //    _context.RaceEntries.Remove(raceentry);

            ////Delete associated race timings
            //foreach (var timing in _context.Timings.Where(p => p.OwnerId == User.GetUserId())
            //                                                .Where(p => p.RaceId == raceid))
            //    _context.Timings.Remove(timing);

            //Delete/Save the deletion of the race
            return new NoContentResult();

答案 0 :(得分:3)

我有同样的问题,在任何授权请求中,我被重定向到/ account / login。我找到了添加Schemes进行身份验证的解决方案。

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
    public async Task<IActionResult> Like([FromBody]int contentId)
        var userId = await UserId();
        return Json(_content.IsLiked(contentId, true, userId));


[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]

答案 1 :(得分:2)

Shawn Wildermuth在他的博客中说:


请注意,我们正在指定要使用的方案。 Cookies和JwtBearer都具有默认的方案名称,因此,除非我们重命名该方案(可以在Startup.cs中进行此操作),否则我们仅可以使用方案名称来告诉API仅使用JWT,而不使用Cookies。 / p>      

如果我们在此之后再试一次,则它仅适用于JWT令牌 。如果你   确实想同时支持(但不支持)该酒店   AuthenticationSchemes采用逗号分隔的方案名称列表。


[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]


[Authorize(AuthenticationSchemes = "Identity.Application,"+JwtBearerDefaults.AuthenticationScheme)]


答案 2 :(得分:1)




            services.AddIdentity<IdentityUser, IdentityRole>(options =>

            // Need to be called after services.AddIdentity not before (it was my mistake)
            services.AddAuthentication(options =>
                // Here is what makes [Authorize] using the JWT instead of Account/Login redirection
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
                options.TokenValidationParameters = new TokenValidationParameters

答案 3 :(得分:0)


[Authorize(AuthenticationSchemes = "Identity.Application," + JwtBearerDefaults.AuthenticationScheme)]
public class TestController : Controller
    public async Task<IActionResult> Get()
        return Ok("Worked");