public LoginController(ISysUserInfoServices sysUserInfoServices, IUserRoleServices userRoleServices, IRoleServices roleServices, PermissionRequirement requirement)
{
_sysUserInfoServices = sysUserInfoServices;
_requirement = requirement;
_roleServices = roleServices;
_userRoleServices = userRoleServices;
}
/// <summary>
/// 构造函数注入
/// </summary>
/// <param name="sysUserInfoServices"></param>
/// <param name="userRoleServices"></param>
/// <param name="roleServices"></param>
/// <param name="requirement"></param>
public LoginController(IsysUserInfoServices sysUserInfoServices, IUserRoleServices userRoleServices, IRoleServices roleServices, PermissionRequirement requirement)
{
this.sysUserInfoServices = sysUserInfoServices;
this.userRoleServices = userRoleServices;
this.roleServices = roleServices;
_requirement = requirement;
}
/// <summary>
/// 自定义的一组授权策略,组名 Permission【Permissions.Name】,组内角色:自定义
/// </summary>
/// <param name="services"></param>
public static void AddCustomAuthorization(this IServiceCollection services)
{
//读取配置文件
var symmetricKeyAsBase64 = AppSecretConfig.Audience_Secret_String;
var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
var signingKey = new SymmetricSecurityKey(keyByteArray);
var Issuer = Appsettings.app(new string[] { "Audience", "Issuer" });
var Audience = Appsettings.app(new string[] { "Audience", "Audience" });
var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
// 如果要数据库动态绑定,这里先留个空,后边处理器里动态赋值
var permission = new List <PermissionItem>();
// 角色与接口的权限要求参数
PermissionRequirement permissionRequirement = new PermissionRequirement(
deniedAction: "/api/denied", // 拒绝授权的跳转地址(目前无用)
permissions: permission,
claimType: ClaimTypes.Role, //基于角色的授权
issuer: Issuer, //发行人
audience: Audience, //听众
signingCredentials: signingCredentials, //签名凭据
expiration: TimeSpan.FromSeconds(60 * 60) //接口的过期时间
);
services.AddAuthorization(options =>
{
options.AddPolicy(Permissions.Name,
policy => policy.Requirements.Add(permissionRequirement));
});
// 替换默认的授权过滤器权限处理器,先把 permissionRequirement 注册单例
services.AddSingleton(permissionRequirement);
services.AddSingleton <IAuthorizationHandler, PermissionHandler>();
}
/// <summary>
/// 初始化
/// </summary>
/// <param name="requirement"></param>
/// <param name="userService"></param>
/// <param name="userLogonService"></param>
/// <param name="mapper"></param>
public LoginController(PermissionRequirement requirement, ISysUserService userService, ISysUserLogonService userLogonService, IMapper mapper)
{
_requirement = requirement;
_userService = userService;
_userLogonService = userLogonService;
_mapper = mapper;
}
public AuthRepository(PermissionRequirement requirement, RedisClient redisClient, IConfig config, IEventBus eventBus)
{
_requirement = requirement;
_redisClient = redisClient;
_config = config;
_eventBus = eventBus;
}
public EFCoreTestController(PermissionRequirement permissionRequirement, IMainServices iMainServices
, IChildrenServices iChildrenServices)
{
_permissionRequirement = permissionRequirement;
_iMainServices = iMainServices;
_iChildrenServices = iChildrenServices;
}
/// <summary>
/// 依赖注入
/// </summary>
/// <param name="userService"></param>
/// <param name="requirement"></param>
/// <param name="cacheService"></param>
public LoginController(IUserService userService, PermissionRequirement requirement, IServiceProvider cacheService)
{
_userService = userService;
_requirement = requirement;
_cacheRedis = cacheService.GetService <RedisCacheService>();
_cacheMemory = cacheService.GetService <MemoryCacheService>();
}
/// <summary>
/// 获取基于JWT的Token
/// </summary>
/// <param name="claims">需要在登陆的时候配置</param>
/// <param name="permissionRequirement">在startup中定义的参数</param>
/// <returns></returns>
public static TokenInfoViewModel BuildJwtToken(Claim[] claims, PermissionRequirement permissionRequirement)
{
var now = DateTime.Now;
// 实例化JwtSecurityToken
var jwt = new JwtSecurityToken(
issuer: permissionRequirement.Issuer,
audience: permissionRequirement.Audience,
claims: claims,
notBefore: now,
expires: now.Add(permissionRequirement.Expiration),
signingCredentials: permissionRequirement.SigningCredentials
);
// 生成 Token
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
//打包返回前台
var responseJson = new TokenInfoViewModel
{
success = true,
token = encodedJwt,
expires_in = permissionRequirement.Expiration.TotalSeconds,
token_type = "Bearer"
};
return(responseJson);
}
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddAuthorization(options =>
{
//这个集合模拟用户权限表,可从数据库中查询出来
var permission = new List <Permission> {
new Permission {
Url = "/", Name = "admin"
},
new Permission {
Url = "/home/permissionadd", Name = "admin"
},
new Permission {
Url = "/", Name = "system"
},
new Permission {
Url = "/home/contact", Name = "system"
}
};
//如果第三个参数,是ClaimTypes.Role,上面集合的每个元素的Name为角色名称,如果ClaimTypes.Name,即上面集合的每个元素的Name为用户名
var permissionRequirement = new PermissionRequirement("/denied", permission, ClaimTypes.Role);
options.AddPolicy("Permission",
policy => policy.Requirements.Add(permissionRequirement));
}).AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options => {
options.LoginPath = new PathString("/login");
options.AccessDeniedPath = new PathString("/denied");
});
//注入授权Handler
services.AddSingleton <IAuthorizationHandler, PermissionHandler>();
}
/// <summary>
/// 构造函数注入
/// </summary>
/// <param name="sysUserInfoServices"></param>
/// <param name="userRoleServices"></param>
/// <param name="roleServices"></param>
/// <param name="requirement"></param>
public LoginController(IUserInfoService sysUserInfoServices, IUserRoleService userRoleServices, IRoleInfoService roleServices, PermissionRequirement requirement)
{
this._userInfoService = sysUserInfoServices;
this._userRoleService = userRoleServices;
this._roleService = roleServices;
_requirement = requirement;
}
/// <summary>
/// 配置服务
/// </summary>
public void ConfigureServices(IServiceCollection services)
{
// auth 默认配置
var audienceConfig = Configuration.GetSection("Audience");
var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(audienceConfig["Secret"])), SecurityAlgorithms.HmacSha256);
var permissionRequirement = new PermissionRequirement(audienceConfig["Issuer"], audienceConfig["Audience"], signingCredentials, TimeSpan.FromHours(4));
services.AddSingleton(permissionRequirement);
// 添加基础设施服务
services.AddBucket();
// 添加数据ORM
services.AddSQLSugarClient <SqlSugarClient>(config => {
config.ConnectionString = Configuration.GetSection("SqlSugarClient")["ConnectionString"];
config.DbType = DbType.MySql;
config.IsAutoCloseConnection = false;
config.InitKeyType = InitKeyType.Attribute;
});
// 添加错误码服务
services.AddErrorCodeServer(Configuration);
// 添加配置服务
services.AddConfigService(Configuration);
// 添加事件驱动
services.AddEventBus(builder => { builder.UseRabbitMQ(Configuration); });
// 添加服务发现
services.AddServiceDiscovery(builder => { builder.UseConsul(Configuration); });
// 添加事件队列日志
services.AddEventLog();
// 添加链路追踪
services.AddTracer(Configuration);
services.AddEventTrace();
// 添加业务注册
services.AddScoped <IAuthBusiness, AuthBusiness>();
// 添加过滤器
services.AddMvc(options =>
{
options.Filters.Add(typeof(WebApiActionFilterAttribute));
}).AddJsonOptions(options =>
{
options.SerializerSettings.ContractResolver = new DefaultContractResolver();
options.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss.fff";
});
// 添加接口文档
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info {
Title = "品值认证授权中心", Version = "v1"
});
c.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, "Pinzhi.Identity.WebApi.xml"));
// Swagger验证部分
c.AddSecurityDefinition("Bearer", new ApiKeyScheme {
In = "header", Description = "请输入带有Bearer的Token", Name = "Authorization", Type = "apiKey"
});
c.AddSecurityRequirement(new Dictionary <string, IEnumerable <string> > {
{ "Bearer", Enumerable.Empty <string>() }
});
});
// 添加工具
services.AddUtil();
}
public static void AddAuthorizationSetup(this IServiceCollection services)
{
if (services == null)
{
throw new ArgumentNullException(nameof(services));
}
//读取配置
var symmetricKeyAsBase64 = Appsettings.app("Audience", "Secret");
var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
var signingKey = new SymmetricSecurityKey(keyByteArray);
//令牌验证参,之前写在AddJwtBearer里面
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true, //验证发行人的签名秘钥
IssuerSigningKey = signingKey,
ValidateIssuer = true, //验证发行人
ValidIssuer = Appsettings.app("Audience", "Issuer"),
ValidateAudience = true, //验证订阅人
ValidateLifetime = true, //验证生命周期
ClockSkew = TimeSpan.Zero, //定义的过期缓存时间
RequireExpirationTime = true, //是否要求过期
};
var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
//数据库动态绑定
var permission = new List <PermissionItem>();
//角色与接口的权限要求参数
var permissionRequirenment = new PermissionRequirement(
"拒绝授权的跳转地址", //(目前无用)
permission,
ClaimTypes.Role, //角色授权,
Appsettings.app("Audience", "Issuer"), //发行人
Appsettings.app("Audience", "Audience"), //订阅人
signingCredentials,
expiration: TimeSpan.FromSeconds(60 * 2) ///接口的过期时间,注意这里没有了缓冲时间,
//你也可以自定义,在上边的TokenValidationParameters的 ClockSkew
);
// ① 核心之一,配置授权服务,也就是具体的规则,已经对应的权限策略,比如公司不同权限的门禁卡
services.AddAuthorization(options =>
{
options.AddPolicy("Client",
policy => policy.RequireRole("Client").Build());
options.AddPolicy("Admin",
policy => policy.RequireRole("Admin").Build());
options.AddPolicy("SystemOrAdmin",
policy => policy.RequireRole("Admin", "System"));
})
.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o => {
o.TokenValidationParameters = tokenValidationParameters;
});
services.AddSingleton <IAuthorizationHandler, PermissionHandler>();
//将授权的必要类注入生命周期
services.AddSingleton(permissionRequirenment);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// 定义角色
var audience = Configuration.GetSection("Audience")["Audience"];
var secret = Configuration.GetSection("Audience")["Secret"];
var issuer = Configuration.GetSection("Audience")["Issuer"];
//对称加密
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secret));
//签署凭证
var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
var userPerssions = new List <UserPermission> {
new UserPermission {
Url = "/weatherforecast", Name = "admin"
}
};
// 权限设置
var permissionRequirement = new PermissionRequirement("/denied", userPerssions, ClaimTypes.Role, issuer, audience, signingCredentials, TimeSpan.FromSeconds(1000));
services.AddAuthorization(opt =>
{
opt.AddPolicy("Permission", policy =>
{
policy.Requirements.Add(permissionRequirement);
});
})
.AddAuthentication(opt =>
{
opt.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
opt.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, opt =>
{
opt.RequireHttpsMetadata = false;
opt.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
ValidateIssuer = true,
ValidIssuer = issuer,
ValidateAudience = true,
ValidAudience = audience,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero,
RequireExpirationTime = true
};
});
services.AddSingleton <IAuthorizationHandler, PermissionHandler>();
services.AddSingleton(permissionRequirement);
services.AddControllers(opt =>
{
opt.EnableEndpointRouting = false;
});
}
public LoginController(ILogger <LoginController> logger, IUserServices services, ICache cache, PermissionRequirement requirement, IoperatingLogServices ioperatingLogServices)
{
this.logger = logger;
this.services = services;
this.cache = cache;
this.requirement = requirement;
this.ioperatingLogServices = ioperatingLogServices;
}
public EFCoreTestController(PermissionRequirement permissionRequirement, IMainServices iMainServices/*, AuthorDomainSvc authorDomainSvc*/
, IChildrenServices iChildrenServices)
{
_permissionRequirement = permissionRequirement;
//_authorDomainSvc = authorDomainSvc;
_iMainServices = iMainServices;
_iChildrenServices = iChildrenServices;
}
public RequiresPermissionAttributeImpl(ILogger <RequiresPermissionAttribute> logger,
IAuthorizationService authService,
PermissionRequirement permissionRequirement)
{
_logger = logger;
_authService = authService;
_permissionRequirement = permissionRequirement;
}
/// <summary>
/// 构造函数注入
/// </summary>
/// <param name="SysAdminRepository"></param>
/// <param name="userRoleRepository"></param>
/// <param name="roleRepository"></param>
/// <param name="requirement"></param>
public LoginController(ISysAdminRepository SysAdminRepository, IUserRoleRepository userRoleRepository, IRoleRepository roleRepository, PermissionRequirement requirement, ITeacherRepository iTeacherRepository)
{
this._SysAdminRepository = SysAdminRepository;
this._userRoleRepository = userRoleRepository;
this._roleRepository = roleRepository;
this._requirement = requirement;
this._iTeacherRepository = iTeacherRepository;
}
/// <summary>
/// 构造函数注入
/// </summary>
/// <param name="sysUserInfoServices"></param>
/// <param name="userRoleServices"></param>
/// <param name="roleServices"></param>
/// <param name="requirement"></param>
/// <param name="roleModulePermissionServices"></param>
public LoginController(ISysUserInfoServices sysUserInfoServices, IUserRoleServices userRoleServices, IRoleServices roleServices, PermissionRequirement requirement, IRoleModulePermissionServices roleModulePermissionServices)
{
this._sysUserInfoServices = sysUserInfoServices;
this._userRoleServices = userRoleServices;
this._roleServices = roleServices;
_requirement = requirement;
_roleModulePermissionServices = roleModulePermissionServices;
}
/// <summary>
/// 构造函数注入
/// </summary>
/// <param name="mapper"></param>
/// <param name="userSvc"></param>
/// <param name="roleSvc"></param>
/// <param name="menuSvc"></param>
/// <param name="requirement"></param>
public LoginController(IMapper mapper, IUserSvc userSvc, IRoleSvc roleSvc, IMenuSvc menuSvc, PermissionRequirement requirement)
{
_mapper = mapper;
_userSvc = userSvc;
_roleSvc = roleSvc;
_menuSvc = menuSvc;
_requirement = requirement;
}
/// <summary>
/// 配置服务
/// </summary>
public void ConfigureServices(IServiceCollection services)
{
// auth 默认配置
var audienceConfig = Configuration.GetSection("Audience");
var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(audienceConfig["Secret"])), SecurityAlgorithms.HmacSha256);
var permissionRequirement = new PermissionRequirement(audienceConfig["Issuer"], audienceConfig["Audience"], signingCredentials, TimeSpan.FromHours(4));
services.AddSingleton(permissionRequirement);
// 添加基础设施服务
services.AddBucket();
// 添加数据ORM
services.AddSQLSugarClient <SqlSugarClient>(config => {
config.ConnectionString = Configuration.GetSection("SqlSugarClient")["ConnectionString"];
config.DbType = DbType.MySql;
config.IsAutoCloseConnection = false;
config.InitKeyType = InitKeyType.Attribute;
});
// 添加错误码服务
services.AddErrorCodeService(Configuration);
// 添加配置服务
services.AddConfigService(Configuration);
// 添加事件驱动
var eventConfig = Configuration.GetSection("EventBus").GetSection("RabbitMQ");
services.AddEventBus(option =>
{
option.UseRabbitMQ(opt =>
{
opt.HostName = eventConfig["HostName"];
opt.Port = Convert.ToInt32(eventConfig["Port"]);
opt.ExchangeName = eventConfig["ExchangeName"];
opt.QueueName = eventConfig["QueueName"];
});
});
// 添加服务发现
services.AddServiceDiscoveryConsul(Configuration);
// 添加业务注册
services.AddScoped <IAuthBusiness, AuthBusiness>();
// 添加过滤器
services.AddMvc(options =>
{
options.Filters.Add <WebApiActionFilterAttribute>();
}).AddJsonOptions(options =>
{
options.SerializerSettings.ContractResolver = new DefaultContractResolver();
options.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss";
});
// 添加接口文档
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info {
Title = "品值认证授权中心", Version = "v1"
});
c.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, "Pinzhi.Identity.WebApi.xml"));
});
// 添加工具
services.AddUtil();
}
/// <summary>
/// 构造函数注入
/// </summary>
/// <param name="loginServce"></param>
/// <param name="sysUserInfoServices"></param>
/// <param name="userRoleServices"></param>
/// <param name="roleServices"></param>
/// <param name="requirement"></param>
/// <param name="roleModulePermissionServices"></param>
public LoginController(ILoginService loginServce, ISysUserInfoService sysUserInfoServices, IUserRoleService userRoleServices, IRoleService roleServices, PermissionRequirement requirement, IRoleModulePermissionService roleModulePermissionServices)
{
this._sysUserInfoServices = sysUserInfoServices;
this._userRoleServices = userRoleServices;
this._roleServices = roleServices;
_requirement = requirement;
_roleModulePermissionServices = roleModulePermissionServices;
this.loginService = loginServce;
}
public PowerRoleController(IPowerGroupServices powerGroupServices, IUser user, IPowerDetailServices powerDetailServices, IUnitOfWork unitOfWork, IMapper mapper, PermissionRequirement requirement)
{
this._powerGroupServices = powerGroupServices;
this.user = user;
this.powerDetailServices = powerDetailServices;
this.unitOfWork = unitOfWork;
this.mapper = mapper;
this.requirement = requirement;
}
public LoginController_Should()
{
var container = dI_Test.DICollections();
_sysUserInfoServices = container.Resolve <ISysUserInfoServices>();
_userRoleServices = container.Resolve <IUserRoleServices>();
_roleServices = container.Resolve <IRoleServices>();
_requirement = container.Resolve <PermissionRequirement>();
loginController = new LoginController(_sysUserInfoServices, _userRoleServices, _roleServices, _requirement);
}
public HomeController(IIdentityServerInteractionService interaction, IAuthenticationSchemeProvider schemeProvider, IClientStore clientStore, IRepository <UsersEntities> repository, IEventService events, PermissionRequirement permission, IHttpClientFactory httpClientFactory)
{
this._interaction = interaction;
this._schemeProvider = schemeProvider;
this._clientStore = clientStore;
this._repository = repository;
this._events = events;
this._requirement = permission;
this._httpClientFactory = httpClientFactory;
}
/// <summary>
/// 构造函数
/// </summary>
/// <param name="permissionServices"></param>
/// <param name="moduleServices"></param>
/// <param name="roleModulePermissionServices"></param>
/// <param name="userRoleServices"></param>
/// <param name="httpContext"></param>
/// <param name="user"></param>
/// <param name="requirement"></param>
public PermissionController(IPermissionServices permissionServices, IModuleServices moduleServices, IRoleModulePermissionServices roleModulePermissionServices, IUserRoleServices userRoleServices, IHttpContextAccessor httpContext, IUser user, PermissionRequirement requirement)
{
_permissionServices = permissionServices;
_moduleServices = moduleServices;
_roleModulePermissionServices = roleModulePermissionServices;
_userRoleServices = userRoleServices;
_httpContext = httpContext;
_user = user;
_requirement = requirement;
}
/// <summary>
/// 构造函数
/// </summary>
/// <param name="_jwtSettingsAccesser"></param>
/// <param name="userServer"></param>
/// <param name="permissionRequirement"></param>
/// <param name="hostingEnvironment"></param>
/// <param name="logger"></param>
public AuthorizeController(IOptions <JwtSettings> _jwtSettingsAccesser,
IUserServer userServer,
PermissionRequirement permissionRequirement, IWebHostEnvironment hostingEnvironment, ILogger <AuthorizeController> logger
) : base(logger)
{
this._jwtSettings = _jwtSettingsAccesser.Value;
this._userserver = userServer;
this._requirement = permissionRequirement;
this._hostingEnvironment = hostingEnvironment;
}
public void ConfigureServices(IServiceCollection services)
{
//【1数据库连接字符串】数据库连接字符串读取方式
var connectionString1 = Configuration.GetConnectionString("ConnectionString1");
var connectionString2 = Configuration.GetConnectionString("ConnectionString2");
#region 【2固定角色Cookie验证】 注入验证 2.0
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, m =>
{
m.LoginPath = new PathString("/login");
m.AccessDeniedPath = new PathString("/home/error");
m.LogoutPath = new PathString("/logout");
m.Cookie.Path = "/";
});
#endregion
#region 【4自定义策略Cookie验证】与固定角色Cookie验证二选一
services.AddAuthorization(options =>
{
//这个集合模拟用户权限表,可从数据库中查询出来
var permission = new List <Permission> {
new Permission {
Url = "/", Name = "admin"
},
new Permission {
Url = "/home/permissionadd", Name = "admin"
},
new Permission {
Url = "/", Name = "system"
},
new Permission {
Url = "/home/contact", Name = "system"
}
};
//如果第三个参数,是ClaimTypes.Role,上面集合的每个元素的Name为角色名称,如果ClaimTypes.Name,即上面集合的每个元素的Name为用户名
var permissionRequirement = new PermissionRequirement("/denied", permission, ClaimTypes.Role);
options.AddPolicy("Permission",
policy => policy.Requirements.Add(permissionRequirement));
}).AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>
{
options.LoginPath = new PathString("/login");
options.AccessDeniedPath = new PathString("/denied");
options.ExpireTimeSpan = TimeSpan.FromSeconds(20);
});
//注入授权Handler
services.AddSingleton <IAuthorizationHandler, PermissionHandler>();
#endregion
services.AddMvc();
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddGrpc();
#region 集成JWT
// 将公共的信息提取出来,这里可以放到配置文件中,统一读取;以下直接在程序中写死了
// 秘钥,这是生成Token需要秘钥,就是理论提及到签名那块的秘钥
string secret = "TestSecretTestSecretTestSecretTestSecret";
// 签发者,是由谁颁发的
string issuer = "TestgRPCIssuer";
// 接受者,是给谁用的
string audience = "TestgRPCAudience";
// 注册服务,显示指定为Bearer
services.AddAuthentication("Bearer")
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
// 是否验证秘钥
ValidateIssuerSigningKey = true,
// 指定秘钥
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret)),
// 是否验证颁发者
ValidateIssuer = true,
// 指定颁发者
ValidIssuer = issuer,
// 是否验证接受者
ValidateAudience = true,
// 指定接受者
ValidAudience = audience,
// 设置必须要有超时时间
RequireExpirationTime = true,
// 设置必须验证超时
ValidateLifetime = true,
// 将其赋值为0时,即设置有效时间到期,就马上失效
ClockSkew = TimeSpan.Zero
};
});
#endregion
var permissionRequirement = new PermissionRequirement
{
Permissions = new List <PermissionData>()
};
//针对授权定义策略
services.AddAuthorization(option =>
{
// 同样是策略模式,只是基于Requirement进行权限验证,验证逻辑自己写
option.AddPolicy("Permission", p => p.Requirements.Add(permissionRequirement));
});
// 将权限验证的关键类注册,Jwt的策略模式指定为Requirements时就会自动执行该类方法
services.AddScoped <IAuthorizationHandler, PermissionHandler>();
// 将permissionRequirement实例注册为单例模式,保证系统中就一个实例,方便权限数据共享
services.AddSingleton(permissionRequirement);
// 注册IHttpContextAccessor,后续可以通过它可以获取HttpContext,操作方便
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
}
/// <summary>
/// 构造函数
/// </summary>
/// <param name="_jwtSettingsAccesser"></param>
/// <param name="userServer"></param>
/// <param name="redisCacheManager"></param>
/// <param name="rabbitMQ">消息队列</param>
/// <param name="permissionRequirement"></param>
/// <param name="hostingEnvironment"></param>
/// <param name="schedulerCenter"></param>
public AuthorizeController(IOptions <JwtSettings> _jwtSettingsAccesser,
IUserServer userServer, IRedisCacheManager redisCacheManager, IRabbitMQ rabbitMQ,
PermissionRequirement permissionRequirement, IHostingEnvironment hostingEnvironment, ISchedulerCenter schedulerCenter)
{
this._jwtSettings = _jwtSettingsAccesser.Value;
this._userserver = userServer;
this._redisCacheManager = redisCacheManager;
this._requirement = permissionRequirement;
this._hostingEnvironment = hostingEnvironment;
this._rabbitMQ = rabbitMQ;
}
public PermissionFilter(
IAuthorizationService authService,
PermissionRequirement requirement)
{
//you can inject dependencies via DI
_authService = authService;
//the requirement contains permissions you set in attribute above
//for example: Permission.Foo, Permission.Bar
_requirement = requirement;
}
