/// <summary>
/// 添加webapi,会将api token 提供者注册好的
/// </summary>
/// <param name="services"></param>
/// <param name="action"></param>
public static void AddWebApi(this IServiceCollection services, Action <WebApiOptions> action)
{
var apiOptions = new WebApiOptions();
action?.Invoke(apiOptions);
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = GetSigningKey(apiOptions.SecretKey),
ValidateIssuer = true,
ValidIssuer = apiOptions.ValidIssuer, //EntityAbstract
ValidateAudience = true,
ValidAudience = apiOptions.ValidAudience, //EntityAbstractAudience
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero,
};
services.Configure <TokenProviderOptions>(options =>
{
options.Issuer = apiOptions.Issuer;
options.Audience = apiOptions.Audience;
options.SigningCredentials = new SigningCredentials(GetSigningKey(apiOptions.SecretKey), SecurityAlgorithms.HmacSha256);
})
.AddAuthorization(options =>
{
apiOptions.PolicyBuilder(options);
})
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.RequireHttpsMetadata = apiOptions.UseHttps; //不使用https
options.Audience = apiOptions.Audience; //??
options.ClaimsIssuer = apiOptions.Issuer;
options.TokenValidationParameters = tokenValidationParameters;
options.SaveToken = true;
});
}
