【发布时间】:2021-02-20 11:28:32
【问题描述】:
在我的 ASP.NET Core 3.1 MVC 应用程序中,我想将 JWT 令牌存储在 cookie 中,然后在授权期间我想中断获取用户信息。这是我如何将 JWT 令牌存储在 cookie 中的代码。
var tokenHandler = new JwtSecurityTokenHandler();
var secrect = configuration.GetValue<string>("Secret");
var key = Encoding.ASCII.GetBytes(secrect);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.UserName),
new Claim(ClaimTypes.NameIdentifier, user.UserId.ToString())
}),
Expires = DateTime.UtcNow.AddDays(1),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key),
SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var cookieOptions = new CookieOptions
{
// Set the secure flag, which Chrome's changes will require for SameSite none.
// Note this will also require you to be running on HTTPS.
Secure = false,
// Set the cookie to HTTP only which is good practice unless you really do need
// to access it client side in scripts.
HttpOnly = false,
// Add the SameSite attribute, this will emit the attribute with a value of none.
// To not emit the attribute at all set
// SameSite = (SameSiteMode)(-1)
// SameSite = SameSiteMode.Lax
};
//// Add the cookie to the response cookie collection
Response.Cookies.Append("auth-cookie", token.ToString(), cookieOptions);
【问题讨论】:
标签: c# cookies jwt asp.net-core-3.1 cookie-authentication