XCKJ
/
EI-Image-Viewer-Api
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
EI-Image-Viewer-Api/IRaCIS.Core.API/_ServiceExtensions/Authorization/JWTAuthSetup.cs

134 lines
5.0 KiB
C#
Raw Permalink Blame History

using IRaCIS.Core.Application.Auth;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Primitives;
using Microsoft.IdentityModel.Tokens;
using System;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace IRaCIS.Core.API
{
public static class JWTAuthSetup
{
public static void AddJWTAuthSetup(this IServiceCollection services, IConfiguration configuration)
{
services.Configure<JwtSetting>(configuration.GetSection("JwtSetting"));
var jwtSetting = new JwtSetting();
configuration.Bind("JwtSetting", jwtSetting);
services
.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = nameof(ApiResponseHandler);
o.DefaultForbidScheme = nameof(ApiResponseHandler);
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = jwtSetting.Issuer,
ValidAudience = jwtSetting.Audience,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSetting.SecurityKey)),
// 默认 300s
ClockSkew = TimeSpan.Zero
};
options.Events = new JwtBearerEvents
{
OnMessageReceived = (context) =>
{
if (context.Request.Query.TryGetValue("access_token", out StringValues values))
{
var queryToken = values.FirstOrDefault();
if (!String.IsNullOrWhiteSpace(queryToken))
{
context.Token = queryToken;
return Task.CompletedTask;
}
}
//仅仅是访问文件的时候才会去取token认证 前端对cookie设置了有效期
if (context.Request.Path.ToString().Contains("IRaCISData") || context.Request.Path.ToString().Contains("SystemData") )
{
var cookieToken = context.Request.Cookies["access_token"];
if (!String.IsNullOrWhiteSpace(cookieToken))
{
context.Token = cookieToken;
}
}
return Task.CompletedTask;
}
};
// OPTION 1: use `Invio.Extensions.Authentication.JwtBearer`
//options.AddQueryStringAuthentication();
// OPTION 2: do it manually
#region
//options.Events = new JwtBearerEvents
//{
// OnMessageReceived = (context) => {
// if (!context.Request.Query.TryGetValue("access_token", out StringValues values))
// {
// return Task.CompletedTask;
// }
// if (values.Count > 1)
// {
// context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
// context.Fail(
// "Only one 'access_token' query string parameter can be defined. " +
// $"However, {values.Count:N0} were included in the request."
// );
// return Task.CompletedTask;
// }
// var token = values.Single();
// if (String.IsNullOrWhiteSpace(token))
// {
// context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
// context.Fail(
// "The 'access_token' query string parameter was defined, " +
// "but a value to represent the token was not included."
// );
// return Task.CompletedTask;
// }
// context.Token = token;
// return Task.CompletedTask;
// }
//};
#endregion
})
.AddScheme<AuthenticationSchemeOptions, ApiResponseHandler>(nameof(ApiResponseHandler), o => { });
}
}
}
Reference in New Issue View Git Blame Copy Permalink