我想做的是在我的API中提出一种可以通过Windows身份验证或JWT承载身份验证访问的端点。
// Add JWT Bearer
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(tokenManagement.Secret)),
ValidIssuer = tokenManagement.Issuer,
ValidateIssuer = true,
ValidateLifetime = true,
ValidateAudience = false,
ClockSkew = TimeSpan.FromSeconds(tokenManagement.ClockSkewSeconds)
};
});
// THIS WAY I CAN LIMIT TO WINDOWS CREDENTIAL
[Authorize]
[HttpGet("[action]")]
public IActionResult AuthorizeWindowsUser()
{
var user = HttpContext.User;
if (user.GetType() == typeof(System.Security.Principal.WindowsPrincipal))
{
return Ok();
}
return Unauthorized();
}
// THIS WAY I CAN LIMIT TO JWT
[Authorize]
[HttpGet("[action]")]
public IActionResult AuthorizeLoginUser()
{
var user = HttpContext.User;
if (user.GetType() == typeof(System.Security.Claims.ClaimsPrincipal))
{
return Ok();
}
return Unauthorized();
}
感谢您的建议!
答案 0 :(得分:0)
似乎没有必要工作
那是因为WebHost.CreateDefaultBuilder(args)
为您做到了。该方法将调用.UseIISIntegration();
并在幕后添加相关服务。有关更多详细信息,请参见
Source code of invoking UseIISIntegration()和Source of UseIISIntegration() method。
有没有更聪明/更漂亮的方法来检查用户类型?也许像是自定义属性
您无需在action方法中手动检查if( user.GetType() == typeof(System.Security.Principal.WindowsPrincipal) {return ok;} return Unauthorized()
。使用内置的AuthorizeAttribute
代替:
[Authorize(AuthenticationSchemes = "Windows")] [HttpGet("[action]")] public IActionResult AuthorizeWindowsUser() {var user = HttpContext.User; if (user.GetType() == typeof(System.Security.Principal.WindowsPrincipal)) { return Ok(); } return Unauthorized();return Ok(); // only users who are authorized with the Windows scheme can access this method }
Jwt Bearer也是如此。由于您已将JwtBearerDefaults.AuthenticationScheme
配置为默认身份验证方案,因此在使用AuthenticationSchemes
属性注释时,可以省略[Authorize()]
参数:
[Authorize] [HttpGet("[action]")] public IActionResult AuthorizeLoginUser() {var user = HttpContext.User; if (user.GetType() == typeof(System.Security.Claims.ClaimsPrincipal)) { return Ok(); } return Unauthorized();return Ok(); // only users who are authorized with the default scheme can access this method }