我正在我的应用程序中使用 JwtBearer 配置 AuthenticationService 。
我将 JWT 配置抽象为服务,以便在整个应用程序中使用它。这就是我的代码。
builder.Services.AddSingleton<JWTService>();
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("UserPolicy", p => p.RequireAuthenticatedUser().RequireClaim("Profession"));
});
builder.Services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.TokenValidationParameters = ...;
});
public class JWTService
{
private IConfiguration _configuration;
public JWTService(IConfiguration configuration)
{
_configuration = configuration;
}
public TokenValidationParameters Config()
{
return new TokenValidationParameters()
{
ValidateActor = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ClockSkew = TimeSpan.Zero,
ValidAudience = _configuration["JwtBearerTokenSettings:Audience"],
ValidIssuer = _configuration["JwtBearerTokenSettings:Issuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JwtBearerTokenSettings:SecretKey"]))
};
}
}
那么,如何通过 Config 方法让 JWTService 将其用作 AddJwtBearer 的参数? 我设法使用 builder.Services.BuildServiceProvider().GetServices 来做到这一点,但我读到不建议这样做。 还有别的办法吗?
您应该能够添加一个委托,该委托将在服务解析时被调用,然后还可以拥有您需要的其他服务,例如提供给它的
IConfiguration
,以便您可以在使用选项之前动态配置选项:
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("UserPolicy", p => p.RequireAuthenticatedUser().RequireClaim("Profession"));
});
builder.Services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer();
builder.Services
.AddOptions<JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme)
.Configure<IConfiguration>((options, configuration) =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateActor = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ClockSkew = TimeSpan.Zero,
ValidAudience = configuration["JwtBearerTokenSettings:Audience"],
ValidIssuer = configuration["JwtBearerTokenSettings:Issuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["JwtBearerTokenSettings:SecretKey"])),
};
});