.net核心中的JWT授權 - 與OAuth服務器通信

Question

我開始使用JWT授權構建新應用程序。我們的團隊已經有用Java編寫的OAuth 2服務器，所以我的目標是：使用公鑰檢查密鑰。 但我不知道該怎麼做。如果我使用.net身份，我必須使用實體框架，但我只使用Cassandra作爲數據庫。

如何在不使用EF的情況下實現它？你知道任何教程嗎？

Answer 1

有很多微軟（和其他）文件可用（確保你正在查看與你正在使用的版本相關的文檔！） - 谷歌搜索將很容易地找到它們，但是EF當然不是必需的見下面。

沒有身份或用戶信息由應用程序直接管理。相反，它將直接從JWT令牌獲取所需的所有用戶信息，以驗證呼叫者的身份。 https://blogs.msdn.microsoft.com/webdev/2017/04/06/jwt-validation-and-authorization-in-asp-net-core/

下面是1.1版 https://github.com/williamhallatt/aspnet-core-webapi-jwt-auth-example

和相同的例子一個簡單的例子爲2.0 https://github.com/williamhallatt/aspnet-core-webapi-jwt-auth-example/tree/dotnecore2.0

Answer 2

你不需要任何ASP.NET核心的東西。一個簡單的方法是：

怒江得到

System.IdentityModel.Tokens.Jwt, 
Microsoft.IdentityModel.Tokens 

設置一些參數驗證的軟件包：

var validationParameters = new TokenValidationParameters 
{ 
    RequireExpirationTime = true, 
    ValidateLifetime = true, 
    IssuerSigningKeys = keys, // Your public keys. 
    ValidAudience = "my valid audience", 
    ValidIssuer = "my valid issuer" 
} 

呼叫ValidateToken獲得ClaimsPrincipal索賠和東西。 token是您的JWT字符串，例如從授權HTTP頭解析。

var handler = new JwtSecurityTokenHandler(); 
handler.ValidateToken(token, validationParameters, out SecurityToken validatedToken); 

從上面IdentityModel.Tokens包使用JsonWebKeySet，則可以自動地獲得一個ID連接配置鍵：

https://github.com/IdentityModel/IdentityModel/blob/master/source/IdentityModel.Shared/Jwt/JsonWebKeySet.cs

Answer 3

當我試試這個方法：https://github.com/williamhallatt/aspnet-core-webapi-jwt-auth-example

我得到異常：

System.InvalidOperationException: No authentication handler is configured to handle the scheme: Automatic 
    at Microsoft.AspNetCore.Http.Authentication.Internal.DefaultAuthenticationManager.<ChallengeAsync>d__13.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
    at Microsoft.AspNetCore.Mvc.ChallengeResult.<ExecuteResultAsync>d__14.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
    at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeResultAsync>d__30.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
    at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeAsync>d__20.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
    at Microsoft.AspNetCore.Builder.RouterMiddleware.<Invoke>d__4.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
    at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.<Invoke>d__7.MoveNext()