【问题标题】:Is there any way to save a user's role in a token from this code?有什么方法可以从此代码中将用户角色保存在令牌中?
【发布时间】:2021-08-23 20:44:55
【问题描述】:

如何找到一个人的角色并将其包含在令牌中,以便我可以使用它来授权角色?想法,解决方案? 用[Authorize (Role = "Administrator")]装饰的控制器返回403,所以我不认识也不能访问!

public class AuthController : ControllerBase
{
    private readonly AuthOptions _authOptions;
    private readonly SignInManager<User> _signInManager;
    private readonly UserManager<User> _userManager;
    private readonly IMapper _mapper;

    public AuthController(IOptions<AuthOptions> authOption, SignInManager<User> signInManager, UserManager<User> userManager,  IMapper mapper)
    {
        _authOptions = authOption.Value;
        _signInManager = signInManager;
        _userManager = userManager;
        _mapper = mapper;
    }

    [AllowAnonymous]
    [HttpPost("login")]
    public async Task<IActionResult> Login([FromBody]UserForLoginDto userLoginDto)
    {
        var checkPassword = await _signInManager.PasswordSignInAsync(userLoginDto.Username, userLoginDto.Password,false,false);
       
        if (checkPassword.Succeeded)
        {
            var signinCredentials = new SigningCredentials(_authOptions.GetSymmetricSecurityKey(), SecurityAlgorithms.HmacSha256);
            var jwtSecurityToken = new JwtSecurityToken(
                 issuer: _authOptions.Issuer,
                 audience: _authOptions.Audience,
                 claims: new List<Claim>(),
                 expires: DateTime.Now.AddDays(30),
                 signingCredentials: signinCredentials);
            

            var tokenHandler = new JwtSecurityTokenHandler();
            
            var encodedToken = tokenHandler.WriteToken(jwtSecurityToken);
            return Ok(new { AccessToken = encodedToken });
        }

        return Unauthorized();
    }
}

【问题讨论】:

    标签: asp.net asp.net-core jwt identity


    【解决方案1】:

    更改您的令牌生成方法,例如,

    var tokenHandler = new JwtSecurityTokenHandler();
    var key = Encoding.ASCII.GetBytes("your secret key");
    
    var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = new ClaimsIdentity(new Claim[]
                {
                    new Claim(ClaimTypes.Name, "your_user_id"),
                    new Claim(ClaimTypes.Role, "your_role_name") //in your case here value "Administrator"
                }),
                Expires = DateTime.UtcNow.AddDays(30),
                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), 
                                                  SecurityAlgorithms.HmacSha256Signature)
            };
    var token = tokenHandler.CreateToken(tokenDescriptor);
    var encodedToken = tokenHandler.WriteToken(token);
    

    那么你就可以在角色中使用Authorize标签了。

    [Authorize (Role = "Administrator")]
    

    【讨论】:

      猜你喜欢
      • 2016-12-27
      • 1970-01-01
      • 1970-01-01
      • 2021-12-09
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2020-12-03
      • 2022-12-12
      相关资源
      最近更新 更多