public ActionResult WMall()
{
try
{
FansInfo Fans = Session["FansInfo"] as FansInfo;
//Fans.Openid = "oDRuD1A65qVf-QjFFpdnQccRo7HA";
Entity.Entities.HmjMemberDetail result = _hmjMember.GetMemberDetailByOpenId(Fans.Openid);
//如果是未注册用户
if (result == null)
{
return(Redirect(ConfigurationManager.AppSettings["WebUrl"] + "/hmjmember/tozhuce.do"));
}
#region 获取用户信息并进行封装后跳转
//拼接参数
var code = ConfigurationManager.AppSettings["WMallCode"];
var queryStr = $"userId={result.MEMBERNO}&code={code}&phone={result.MOBILE}&username={result.NAME}";
// 私钥加密 并进行urlencode
var sign = HttpUtility.UrlEncode(RSAUtils.RSAEncryptByPrivateKey("", queryStr));
#endregion
return(Redirect(ConfigurationManager.AppSettings["WMallUrl"] + "?r=" + sign));
}
catch (System.Exception ex)
{
ViewBag.MyMessage = ex.ToString();
return(View());
}
}
static void Main(string[] args)
{
string keyDir = AppDomain.CurrentDomain.BaseDirectory;
if (RSAUtils.TryGetKeyParameters(keyDir, true, out RSAParameters keyParams) == false)
{
Console.WriteLine("按任意键开始生产RSAKey文件。");
Console.Read();
keyParams = RSAUtils.GenerateAndSaveKey(keyDir);
Console.WriteLine("RSAKey文件生存成功!");
}
else
{
//Console.WriteLine("RSAKey文件已经存在!");
Console.WriteLine("生成jwtToken");
JwtTokenUtils jwtTokenUtils = new JwtTokenUtils();
string jwtToken = jwtTokenUtils.GenerateJwtToken("zhuqp", "", "pbirs");
Console.WriteLine(jwtToken);
Console.WriteLine("验证jwtToken");
string username = jwtTokenUtils.ValidateJwtToken(jwtToken, "pbirs");
Console.WriteLine(username);
Console.Read();
}
}
private void encryptTextIn_TextChanged(object sender, EventArgs e)
{
if ("".Equals(primaryKeyIn.Text))
{
MessageBox.Show("没有输入私钥");
encryptTextIn.Text = "";
return;
}
decryptTextOut.Text = RSAUtils.Decrypt(primaryKeyIn.Text, encryptTextIn.Text);
}
private void decryptTextIn_TextChanged(object sender, EventArgs e)
{
if ("".Equals(publicKeyIn.Text))
{
MessageBox.Show("没有输入公钥");
decryptTextIn.Text = "";
return;
}
encryptTextOut.Text = RSAUtils.Encrypt(publicKeyIn.Text, decryptTextIn.Text);
}
public string SignTrue(string source)
{
//==========================
//读取私钥
string FilePath = AppDomain.CurrentDomain.BaseDirectory;
string file = FilePath + "certs\\";
string PrivateKey = File.ReadAllText(file + "Alipay_" + app_id + "_private.cer");
//==========================
return(RSAUtils.RSASign(source, PrivateKey, SignType, charset));
}
private void buttonCreate_Click(object sender, EventArgs e)
{
String primaryKey, publicKey;
RSAUtils.Create(out primaryKey, out publicKey);
primaryKeyXML.Text = primaryKey;
publicKeyXML.Text = publicKey;
primaryKeyPEM.Text = RSAUtils.XML2PEM(true, primaryKey);
publicKeyPEM.Text = RSAUtils.XML2PEM(false, publicKey);
publicKeyIn.Text = publicKey;
primaryKeyIn.Text = primaryKey;
}
// This method gets called by the runtime. Use this method to add services to the container.
public IServiceProvider ConfigureServices(IServiceCollection services)
{
// 从文件读取密钥
string keyDir = PlatformServices.Default.Application.ApplicationBasePath;
if (RSAUtils.TryGetKeyParameters(keyDir, true, out RSAParameters keyParams) == false)
{
keyParams = RSAUtils.GenerateAndSaveKey(keyDir);
}
JWTTokenOptions _tokenOptions = new JWTTokenOptions();
_tokenOptions.Key = new RsaSecurityKey(keyParams);
_tokenOptions.Issuer = "EcpB2bIssuer"; // 签发者名称
_tokenOptions.Credentials = new SigningCredentials(_tokenOptions.Key, SecurityAlgorithms.RsaSha256Signature);
// 添加到 IoC 容器 有可能报错 改为不是单例
services.AddSingleton(_tokenOptions);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(jwtOptions =>
{
jwtOptions.TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = _tokenOptions.Key,
ValidAudience = _tokenOptions.Audience,
ValidIssuer = _tokenOptions.Issuer,
ValidateLifetime = true
};
});
services.AddDataProtection(options =>
{
options.ApplicationDiscriminator = "localhost";
});
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Domain = "localhost";
options.Cookie.Name = ".AspNetCore.Cookies";
});
services.AddMvc();
return
(Util.AutofacIoc.AutofacHelp.AutofacProviderBuilderCore(
services,
ApplicationContainer,
new B2b.ClientRegisterModuleIoc.GrpcClientModule()
));
}
public void Test_RSAUtil_GetCode()
{
string pub_Key_File = @"-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDl3JJzcEHnVhnbSWvjXAGpy7M
Dfkyw8+cxtBzrE7rdLvMvOSuLXnAAya/BAhB7hx2nIAonSaSwjLxqIVo8n97y7h/
l94eMzaAiTb4is2lew/fZmJeKLEdjvn/IaWDQgCq5TDn4cgLp4kQMtbAsddjoEWq
xeBqwbgg5VAp5wZyjQIDAQAB
-----END PUBLIC KEY-----
";
string key = RSAUtils.GetKey(pub_Key_File);
string re = RSAUtils.RSA("admin", key);
Assert.AreEqual("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDy2GIpXsgdPX1uf4dXv97Ny1DyVKP/NlQIiOUCLKQKZmC32I06iU/mrKYTvxPzfaiae8YN02fFMFhiSoNgApI4BK8Q0n5poVd2gywaS+EmD+A+t7DXC+Y4uylTshG80uNhvJlvy1LShkx4MjiVGjMAcBXELLKad8HU9UV2KzjLWwIDAQAB", RSAUtils.GetKey(pub_Key_File));
//byte[] obj = Convert.FromBase64String(RSAUtils.GetKey(pub_Key_File));
}
/// <summary>
/// 使用配置文件初始化
/// </summary>
private void initByConfigs()
{
try
{
Dictionary <String, String> config = JSONFileReader.Read(CONFIG_FILE_NAME);
this.Text = RSAUtils.Decrypt(RSAUtils.PEM2XML(true, PRIMARY_KEY), DictionaryUtils.GetString(config, "Title", "LichKin"));
webBrowser.Url = new Uri(RSAUtils.Decrypt(RSAUtils.PEM2XML(true, PRIMARY_KEY), DictionaryUtils.GetString(config, "Url", "http://www.lichkin.com/")));
this.Icon = System.Drawing.Icon.ExtractAssociatedIcon(ICON_FILE_NAME);
}
catch
{
MessageBox.Show("配置信息被篡改或已丢失,请联系管理员。", "程序即将退出");
Application.Exit();
}
}
private ResponseModel DeserializeResponse(string rpXml)
{
var result = new ResponseModel();
using (var sr = new StringReader(rpXml))
{
var el = XElement.Load(sr);
result.retcode = el.XPathSelectElement("/retcode").Value;
result.retmsg = el.XPathSelectElement("/retmsg").Value;
result.retmsg = Encoding.UTF8.GetString(Encoding.GetEncoding("gb2312").GetBytes(result.retmsg));
var cipher_data = el.XPathSelectElement("/cipher_data").Value;
var priKey = RSAUtils.RSAPrivateKeyJava2DotNet(PrivateKey);
result.cipher_data = RSAUtils.RSADecrypt(priKey, Convert.FromBase64String(cipher_data), Encoding.UTF8);
}
return(result);
}
protected void Page_Load(object sender, EventArgs e)
{
var options = new QuickRefundOptions
{
spid = spid,
sp_serialno = GenerateOrderNo(),
tran_amt = "100",
business_type = business_type,
acct_name = acct_name,
acct_id = acct_id,
};
var factory = new QuickRefundFactory(key);
var request = factory.GenerateRequestModel(options);
var data = factory.GenerateRequestFormString(request);
WriteLog("2.1 单笔代付接口请求参数", data);
var pubKey = RSAUtils.RSAPublicKeyJava2DotNetP(PublicKey);
string encData = RSAUtils.RSAEncrypt(data, pubKey);
var cipher_data = Server.UrlEncode(encData);
var response = factory.GetRefundResult(cipher_data);
var model = DeserializeResponse(response);
var settings = new Newtonsoft.Json.JsonSerializerSettings
{
Formatting = Newtonsoft.Json.Formatting.Indented,
NullValueHandling = Newtonsoft.Json.NullValueHandling.Ignore,
};
var dendata = Newtonsoft.Json.JsonConvert.SerializeObject(model, settings);
WriteLog("2.1 单笔代付接口返回参数", dendata);
Response.Write($"天付宝代付API<br>");
Response.Write($"请求地址:{factory.Url}<br>");
Response.Write($"请求参数未加密:{data}<br>");
Response.Write($"请求参数已加密cipher_data:{cipher_data}<br>");
Response.Write($"返回参数密文:{response}<br>");
Response.Write($"返回参数明文:{dendata}<br>");
Response.End();
}
public void OnClick(View v)
{
switch (v.Id)
{
case Resource.Id.login:
var account = editAccount.Text;
var password = editPassword.Text;
if (account.Trim() == "")
{
Toast.MakeText(this, Resources.GetString(Resource.String.need_account), ToastLength.Short).Show();
return;
}
if (password.Trim() == "")
{
Toast.MakeText(this, Resources.GetString(Resource.String.need_password), ToastLength.Short).Show();
return;
}
//var publicKey = Resources.GetString(Resource.String.PublicKey);
var publicKey = "";
if (publicKey == "")
{
Toast.MakeText(this, Resources.GetString(Resource.String.publicKey_error), ToastLength.Short).Show();
return;
}
RSAUtils rsaUtils = new RSAUtils(publicKey);
dialog.SetMessage(Resources.GetString(Resource.String.logining));
dialog.Show();
var basic = Square.OkHttp3.Credentials.Basic(Resources.GetString(Resource.String.ClientId), Resources.GetString(Resource.String.ClientSercret));
loginPresenter.LoginAsync(TokenShared.GetAccessToken(this), basic, rsaUtils.Encrypt(account), rsaUtils.Encrypt(password));
break;
default:
InputMethodManager imm = (InputMethodManager)GetSystemService(Context.InputMethodService);
imm.HideSoftInputFromWindow(editPassword.WindowToken, 0);
SetResult(Result.Canceled);
ActivityCompat.FinishAfterTransition(this);
break;
}
}
public static void AddSiteRegisterJwt(this IServiceCollection services, string Issuer, string audience)
{
// 从文件读取密钥
JWTTokenOptions _tokenOptions = new JWTTokenOptions();
string keyDir = PlatformServices.Default.Application.ApplicationBasePath;
if (RSAUtils.TryGetKeyParameters(keyDir, false, out RSAParameters keyparams) == false)
{
_tokenOptions.Key = default(RsaSecurityKey);
}
else
{
_tokenOptions.Key = new RsaSecurityKey(keyparams);
}
_tokenOptions.Issuer = Issuer; // 设置签发者
_tokenOptions.Audience = audience; // 设置签收者,也就是这个应用服务器的名称
_tokenOptions.Credentials = new SigningCredentials(_tokenOptions.Key, SecurityAlgorithms.RsaSha256Signature);
services.AddAuthorization(auth =>
{
auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
//.AddRequirements(new ValidJtiRequirement()) // 添加上面的验证要求
.Build());
});
// 注册验证要求的处理器,可通过这种方式对同一种要求添加多种验证
//services.AddSingleton<IAuthorizationHandler, ValidJtiHandler>();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(jwtOptions =>
{
jwtOptions.TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = _tokenOptions.Key,
ValidAudience = _tokenOptions.Audience,
ValidIssuer = _tokenOptions.Issuer,
ValidateLifetime = true
};
});
}
static void Main(string[] args)
{
//2048 公钥
string publicKey =
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQh0wEqx/R2H1v00IU12Oc30fosRC/frhH89L6G+fzeaqI19MYQhEPMU13wpeqRONCUta+2iC1sgCNQ9qGGf19yGdZUfueaB1Nu9rdueQKXgVurGHJ+5N71UFm+OP1XcnFUCK4wT5d7ZIifXxuqLehP9Ts6sNjhVfa+yU+VjF5HoIe69OJEPo7OxRZcRTe17khc93Ic+PfyqswQJJlY/bgpcLJQnM+QuHmxNtF7/FpAx9YEQsShsGpVo7JaKgLo+s6AFoJ4QldQKir2vbN9vcKRbG3piElPilWDpjXQkOJZhUloh/jd7QrKFimZFldJ1r6Q59QYUyGKZARUe0KZpMQIDAQAB";
//2048 私钥
string privateKey =
"MIIEpAIBAAKCAQEAoQh0wEqx/R2H1v00IU12Oc30fosRC/frhH89L6G+fzeaqI19MYQhEPMU13wpeqRONCUta+2iC1sgCNQ9qGGf19yGdZUfueaB1Nu9rdueQKXgVurGHJ+5N71UFm+OP1XcnFUCK4wT5d7ZIifXxuqLehP9Ts6sNjhVfa+yU+VjF5HoIe69OJEPo7OxRZcRTe17khc93Ic+PfyqswQJJlY/bgpcLJQnM+QuHmxNtF7/FpAx9YEQsShsGpVo7JaKgLo+s6AFoJ4QldQKir2vbN9vcKRbG3piElPilWDpjXQkOJZhUloh/jd7QrKFimZFldJ1r6Q59QYUyGKZARUe0KZpMQIDAQABAoIBAQCRZLUlOUvjIVqYvhznRK1OG6p45s8JY1r+UnPIId2Bt46oSLeUkZvZVeCnfq9k0Bzb8AVGwVPhtPEDh73z3dEYcT/lwjLXAkyPB6gG5ZfI/vvC/k7JYV01+neFmktw2/FIJWjEMMF2dvLNZ/Pm4bX1Dz9SfD/45Hwr8wqrvRzvFZsj5qqOxv9RPAudOYwCwZskKp/GF+L+3Ycod1Wu98imzMZUH+L5dQuDGg3kvf3ljIAegTPoqYBg0imNPYY/EGoFKnbxlK5S5/5uAFb16dGJqAz3XQCz9Is/IWrOTu0etteqV2Ncs8uqPdjed+b0j8CMsr4U1xjwPQ8WwdaJtTkRAoGBANAndgiGZkCVcc9975/AYdgFp35W6D+hGQAZlL6DmnucUFdXbWa/x2rTSEXlkvgk9X/PxOptUYsLJkzysTgfDywZwuIXLm9B3oNmv3bVgPXsgDsvDfaHYCgz0nHK6NSrX2AeX3yO/dFuoZsuk+J+UyRigMqYj0wjmxUlqj183hinAoGBAMYMOBgF77OXRII7GAuEut/nBeh2sBrgyzR7FmJMs5kvRh6Ck8wp3ysgMvX4lxh1ep8iCw1R2cguqNATr1klOdsCTOE9RrhuvOp3JrYzuIAK6MpH/uBICy4w1rW2+gQySsHcH40r+tNaTFQ7dQ1tef//iy/IW8v8i0t+csztE1JnAoGABdtWYt8FOYP688+jUmdjWWSvVcq0NjYeMfaGTOX/DsNTL2HyXhW/Uq4nNnBDNmAz2CjMbZwt0y+5ICkj+2REVQVUinAEinTcAe5+LKXNPx4sbX3hcrJUbk0m+rSu4G0B/f5cyXBsi9wFCAzDdHgBduCepxSr04Sc9Hde1uQQi7kCgYB0U20HP0Vh+TG2RLuE2HtjVDD2L/CUeQEiXEHzjxXWnhvTg+MIAnggvpLwQwmMxkQ2ACr5sd/3YuCpB0bxV5o594nsqq9FWVYBaecFEjAGlWHSnqMoXWijwu/6X/VOTbP3VjH6G6ECT4GR4DKKpokIQrMgZ9DzaezvdOA9WesFdQKBgQCWfeOQTitRJ0NZACFUn3Fs3Rvgc9eN9YSWj4RtqkmGPMPvguWo+SKhlk3IbYjrRBc5WVOdoX8JXb2/+nAGhPCuUZckWVmZe5pMSr4EkNQdYeY8kOXGSjoTOUH34ZdKeS+e399BkBWIiXUejX/Srln0H4KoHnTWgxwNpTsBCgXu8Q==";
var rsa = new RSAUtils(RSAType.RSA2, Encoding.UTF8, privateKey, publicKey);
string str = "博客园 http://www.cnblogs.com/";
Console.WriteLine("原始字符串:" + str);
//加密
string enStr = rsa.Encrypt(str);
Console.WriteLine("加密字符串:" + enStr);
//解密
string deStr = rsa.Decrypt(enStr);
Console.WriteLine("解密字符串:" + deStr);
//私钥签名
string signStr = rsa.Sign(str);
Console.WriteLine("字符串签名:" + signStr);
//公钥验证签名
bool signVerify = rsa.Verify(str, signStr);
Console.WriteLine("验证签名:" + signVerify);
Console.ReadKey();
Console.ReadKey(true);
}
public string GetPublicKey()
{
return(RSAUtils.GetPublicKey());
}
/// <summary>
/// 注入服务
/// </summary>
/// <param name="services">IServiceCollection</param>
/// <param name="Configuration">IConfiguration</param>
public static void AddServiceSingleton(this IServiceCollection services, IConfiguration Configuration)
{
services.Configure <IdentityOption>(Configuration.GetSection("IdentityOption"));
//var identityConfigurationSection = Configuration.GetSection("IdentityOption");
// 添加服务设置实例配置
var identity = Configuration.GetSection("IdentityOption");
#region 【读取配置】
var symmetricKeyAsBase64 = Configuration["IdentityOption:Secret"];
var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
var signingKey = new SymmetricSecurityKey(keyByteArray);
var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
IdentityOption identityOption = new IdentityOption
{
Secret = Configuration["IdentityOption:Secret"], //密钥
Issuer = Configuration["IdentityOption:Issuer"], //发行者
Audience = Configuration["IdentityOption:Audience"], //令牌的观众
TokenType = Configuration["IdentityOption:TokenType"], //表示令牌类型,该值大小写不敏感,必选项,可以是bearer类型或mac类型。
Scope = Configuration["IdentityOption:Scope"], //表示权限范围,如果与客户端申请的范围一致,此项可省略
Subject = Configuration["IdentityOption:Subject"], //主题
ExpiresIn = Convert.ToInt32(Configuration["IdentityOption:ExpiresIn"]), //表示过期时间,单位为秒。如果省略该参数,必须其他方式设置过期时间。
ClientId = Configuration["IdentityOption:ClientId"], //表示客户端的ID,必选项
ResponseType = Configuration["IdentityOption:ResponseType"], //表示授权类型,必选项,此处的值固定为"code"
RedirectUri = Configuration["IdentityOption:RedirectUri"],
State = Configuration["IdentityOption:State"], //表示客户端的当前状态,可以指定任意值,认证服务器会原封不动地返回这个值。
SigningCredentials = signingCredentials
};
#endregion
#region 【客户端模式】【密码模式】
LicensingMode.SetResourceOwnerPasswordAndClientCredentials(services, identityOption);
#endregion
#region JWT JwtRegisteredClaimNames 方式 直接读取配置文件信息,初始化Token 需要验证的信息,如果不同在一台服务,则产生的Token与验证的Token的服务器验证信息与产生的信息要一致
var jwtKeyAsBase64 = Configuration["JWTTokenOption:Secret"];
var jwtKeyByteArray = Encoding.ASCII.GetBytes(jwtKeyAsBase64);
var jwtSigningKey = new SymmetricSecurityKey(jwtKeyByteArray);
var jwtSigningCredentials = new SigningCredentials(jwtSigningKey, SecurityAlgorithms.RsaSha256Signature);
JWTTokenOption jwtOption = new JWTTokenOption
{
Issuer = Configuration["JWTTokenOption:Issuer"], //发行者
Audience = Configuration["JWTTokenOption:Audience"], //令牌的观众
ExpiresIn = Convert.ToInt32(Configuration["JWTTokenOption:ExpiresIn"]), //表示过期时间,单位为秒。如果省略该参数,必须其他方式设置过期时间。
ClientId = Configuration["JWTTokenOption:ClientId"], //表示客户端的ID,必选项
SigningCredentials = jwtSigningCredentials
};
// 从文件读取密钥
string keyDir = PlatformServices.Default.Application.ApplicationBasePath;
if (RSAUtils.TryGetKeyParameters(keyDir, false, out RSAParameters keyParams) == false)
{
keyParams = RSAUtils.GenerateAndSaveKey(keyDir);
}
jwtOption.RsaSecurityKey = new RsaSecurityKey(keyParams);
// 添加到 IoC 容器
// services.SigningCredentials(_tokenOptions);
var tokenValidationParameters = new TokenValidationParameters
{
#region 面三个参数是必须
// 签名秘钥
ValidateIssuerSigningKey = true,
IssuerSigningKey = jwtSigningKey,
// 发行者(颁发机构)
ValidateIssuer = true,
ValidIssuer = jwtOption.Issuer,
// 令牌的观众(颁发给谁)
ValidateAudience = true,
ValidAudience = jwtOption.Audience,
#endregion
// 是否验证Token有效期
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero //ClockSkew:允许的服务器时间偏移量,默认是5分钟,如果不设置,时间有效期间到了以后,5分钟之内还可以访问资源
/***********************************TokenValidationParameters的参数默认值***********************************/
// RequireSignedTokens = true,
// SaveSigninToken = false,
// ValidateActor = false,
// 将下面两个参数设置为false,可以不验证Issuer和Audience,但是不建议这样做。
// ValidateAudience = true,
// ValidateIssuer = true,
// ValidateIssuerSigningKey = false,
// 是否要求Token的Claims中必须包含Expires
// RequireExpirationTime = true,
// 允许的服务器时间偏移量
// ClockSkew = TimeSpan.FromSeconds(300),//TimeSpan.Zero
// 是否验证Token有效期,使用当前时间与Token的Claims中的NotBefore和Expires对比
// ValidateLifetime = true
};
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
//不使用https
//o.RequireHttpsMetadata = false;
o.TokenValidationParameters = tokenValidationParameters;
});
#endregion
#region 【密码模式 OIDC】和用户有关,一般用于第三方登录
//services.AddAuthentication(options =>
//{
// options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
// options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
// options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
//})
// .AddCookie()
// .AddOpenIdConnect(o =>
// {
// o.ClientId = "oidc.hybrid";
// o.ClientSecret = "secret";
// // 若不设置Authority,就必须指定MetadataAddress
// o.Authority = "https://oidc.faasx.com/";
// // 默认为Authority+".well-known/openid-configuration"
// //o.MetadataAddress = "https://oidc.faasx.com/.well-known/openid-configuration";
// o.RequireHttpsMetadata = false;
// // 使用混合流
// o.ResponseType = OpenIdConnectResponseType.CodeIdToken;
// // 是否将Tokens保存到AuthenticationProperties中
// o.SaveTokens = true;
// // 是否从UserInfoEndpoint获取Claims
// o.GetClaimsFromUserInfoEndpoint = true;
// // 在本示例中,使用的是IdentityServer,而它的ClaimType使用的是JwtClaimTypes。
// o.TokenValidationParameters.NameClaimType = "name"; //JwtClaimTypes.Name;
// // 以下参数均有对应的默认值,通常无需设置。
// //o.CallbackPath = new PathString("/signin-oidc");
// //o.SignedOutCallbackPath = new PathString("/signout-callback-oidc");
// //o.RemoteSignOutPath = new PathString("/signout-oidc");
// //o.Scope.Add("openid");
// //o.Scope.Add("profile");
// //o.ResponseMode = OpenIdConnectResponseMode.FormPost;
// /***********************************相关事件***********************************/
// // 未授权时,重定向到OIDC服务器时触发
// //o.Events.OnRedirectToIdentityProvider = context => Task.CompletedTask;
// // 获取到授权码时触发
// //o.Events.OnAuthorizationCodeReceived = context => Task.CompletedTask;
// // 接收到OIDC服务器返回的认证信息(包含Code, ID Token等)时触发
// //o.Events.OnMessageReceived = context => Task.CompletedTask;
// // 接收到TokenEndpoint返回的信息时触发
// //o.Events.OnTokenResponseReceived = context => Task.CompletedTask;
// // 验证Token时触发
// //o.Events.OnTokenValidated = context => Task.CompletedTask;
// // 接收到UserInfoEndpoint返回的信息时触发
// //o.Events.OnUserInformationReceived = context => Task.CompletedTask;
// // 出现异常时触发
// //o.Events.OnAuthenticationFailed = context => Task.CompletedTask;
// // 退出时,重定向到OIDC服务器时触发
// //o.Events.OnRedirectToIdentityProviderForSignOut = context => Task.CompletedTask;
// // OIDC服务器退出后,服务端回调时触发
// //o.Events.OnRemoteSignOut = context => Task.CompletedTask;
// // OIDC服务器退出后,客户端重定向时触发
// //o.Events.OnSignedOutCallbackRedirect = context => Task.CompletedTask;
//});
#endregion
//注册简单的定时任务执行
//services.AddSingleton<Microsoft.Extensions.Hosting.IHostedService, MainService>();
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext <CrazyBullDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("Conn")));
services.AddScoped <CrazyBullDbContext>();
services.AddScoped <ICategoryService, CategoryService>();
services.AddScoped(typeof(IRepository <>), typeof(Repository <>));
// Add framework services.
services.AddMvc();
// Register the Swagger generator, defining one or more Swagger documents
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info {
Title = "My API", Version = "v1"
});
//添加header过滤器
c.OperationFilter <HttpHeaderOperation>();
//Set the comments path for the swagger json and ui.
var basePath = PlatformServices.Default.Application.ApplicationBasePath;
var xmlPath = Path.Combine(basePath, "CrazyBull.Api.xml");
c.IncludeXmlComments(xmlPath);
});
#region 发放Token
// 从文件读取密钥
string keyDir = PlatformServices.Default.Application.ApplicationBasePath;
if (RSAUtils.TryGetKeyParameters(keyDir, true, out RSAParameters keyParams) == false)
{
keyParams = RSAUtils.GenerateAndSaveKey(keyDir);
}
var _key = new RsaSecurityKey(keyParams);
var _options = new JWTTokenOptions()
{
Key = _key,
Audience = "TestAudience",
Issuer = "TestIssuer", // 签发者名称
Credentials = new SigningCredentials(_key, SecurityAlgorithms.RsaSha256Signature)
};
services.AddAuthorization(auth =>
{
auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build());
});
#endregion
//.net core 2.0 鉴权和1.1写法不一样,参数JwtBearerOption是一样的,之前写在Configure方法里,现在只需要在Configurez方法中写一句app.UseAuthentication()
#region 鉴权Token
services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = _options.Key,
ValidAudience = _options.Audience, // 设置接收者必须是 TestAudience
ValidIssuer = _options.Issuer, // 设置签发者必须是 TestIssuer
ValidateLifetime = true
};
});
#endregion
//services.AddMvc().AddJsonOptions(options => { options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver(); });
services.AddSingleton(_options);
//添加允许跨域
services.AddCors(options =>
options.AddPolicy("AllowSameDomain",
builder => builder.WithOrigins("*").WithHeaders("date").
AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin().AllowCredentials())
);
//return services.BuilderInterceptableServiceProvider(builder=>builder.SetDynamicProxyFactory());
}
