我正在使用ASP.Net Core WebApi构建Web服务。我想使用Identity和JWTBearer身份验证。我在Startup类id的ConfigureService方法中的代码:
services.AddIdentity<User, Role>()
.AddDefaultTokenProviders();
//JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.Audience = Configuration.GetSection("JwtIssuer").Value;
options.ClaimsIssuer = Configuration.GetSection("JwtIssuer").Value;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = Configuration["JwtIssuer"],
ValidAudience = Configuration["JwtIssuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtKey"]))
};
});
Startup类的Configure方法包含:
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();
app.UseMvc();
我的问题是,当我呼叫signInManager.PasswordSignInAsync时,它包含带有身份验证令牌的cookie以进行响应。但我只想在标题中使用JwtBearer。有没有选项如何禁用SignInManager的Cookie?
答案 0 :(得分:7)
使用SignInManager.CheckPasswordSignInAsync():它执行完全相同的检查,但与SignInManager.PasswordSignInAsync不同,不会返回任何Cookie。