/// <summary>
/// 颁发JWT字符串 /// </summary>
/// <param name="tokenModel"></param>
/// <returns></returns>
public static string IssueJWT(TokenModel tokenModel)
{
var jwtConfig = new JwtAuthConfigModel();
//过期时间(分钟)
double exp = 0;
switch (tokenModel.TokenType)
{
case "Web":
exp = jwtConfig.WebExp;
break;
case "App":
exp = jwtConfig.AppExp;
break;
case "Wx":
exp = jwtConfig.WxExp;
break;
case "Other":
exp = jwtConfig.OtherExp;
break;
}
var dateTime = DateTime.UtcNow;
var claims = new Claim[]
{
new Claim(JwtRegisteredClaimNames.Jti, tokenModel.Uid),
new Claim("UserName", tokenModel.UserName.ToString()), //用户名
//new Claim("AppId", tokenModel.AppId.ToString()),//应用id
//new Claim("AppName", tokenModel.AppName.ToString()),//应用名称
//new Claim("TokenType", tokenModel.TokenType.ToString()),//TokenType
//new Claim("Role", tokenModel.Role.ToString()),//角色
new Claim(JwtRegisteredClaimNames.Iat, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"),
new Claim(JwtRegisteredClaimNames.Nbf, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"),
//这个就是过期时间,目前是过期100秒,可自定义,注意JWT有自己的缓冲过期时间
new Claim(JwtRegisteredClaimNames.Exp, $"{new DateTimeOffset(DateTime.Now.AddMinutes(exp)).ToUnixTimeSeconds()}"),
new Claim(JwtRegisteredClaimNames.Iss, jwtConfig.Issuer),
new Claim(JwtRegisteredClaimNames.Aud, jwtConfig.Audience),
//new Claim(ClaimTypes.Role,tokenModel.Role),
new Claim("GroupId", tokenModel.GroupId), //群组id
};
//秘钥
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtConfig.JWTSecretKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var jwt = new JwtSecurityToken(
issuer: jwtConfig.Issuer,
audience: jwtConfig.Audience,
claims: claims,
expires: dateTime.AddMinutes(exp),
signingCredentials: creds);
var jwtHandler = new JwtSecurityTokenHandler();
var encodedJwt = jwtHandler.WriteToken(jwt);
return(encodedJwt);
}
/// <summary>
/// 注册服务到[依赖注入容器]
/// </summary>
/// <param name="services"></param>
public void ConfigureServices(IServiceCollection services)
{
//注册控制器
services.AddControllers(options =>
{
options.Filters.Add(typeof(WebApiResultFilterAttribute));
options.RespectBrowserAcceptHeader = true;
}).AddNewtonsoftJson(options =>
{
options.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss";//设置时间格式
});
//注册配置管理服务
services.AddSingleton <IConfiguration>(_configuration);
services.AddMyOptions();
services.AddConfigService(_env.ContentRootPath);
AllConfigModel allConfig = services.GetImplementationInstanceOrNull <AllConfigModel>();
//注册Swagger
services.AddSwaggerService();
//注册授权认证
JwtAuthConfigModel jwtConfig = allConfig.JwtAuthConfigModel;
var jwtOption = new JwtOption//todo:使用AutoMapper替换
{
Issuer = jwtConfig.Issuer,
Audience = jwtConfig.Audience,
WebExp = jwtConfig.WebExp,
AppExp = jwtConfig.AppExp,
MiniProgramExp = jwtConfig.MiniProgramExp,
OtherExp = jwtConfig.OtherExp,
SecurityKey = jwtConfig.SecurityKey
};
services.AddSingleton(jwtOption);
services.AddRayAuthService(jwtOption);
//services.AddSecurityService();
//注册Cors跨域
services.AddCorsService();
//注册http上下文访问器
services.AddSingleton <Microsoft.AspNetCore.Http.IHttpContextAccessor, Microsoft.AspNetCore.Http.HttpContextAccessor>();
//注册仓储
//string connStr = allConfig.ConnectionStringsModel.SqlServerDatabase;
services.AddMyRepository();
//注册业务逻辑
services.AddMyAppServices();
LogServices(services);
}
/// <summary>
/// 颁发JWT字符串
/// </summary>
/// <param name="tokenModel"></param>
/// <returns></returns>
public static string IssueJWT(TokenModel tokenModel)
{
var dateTime = DateTime.UtcNow;
var claims = new Claim[]
{
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), //用户Id
new Claim("Role", tokenModel.Role), //身份
new Claim("Project", tokenModel.Project), //项目名称
new Claim(JwtRegisteredClaimNames.Sub, tokenModel.Uid.ToString()), //用户UserId
new Claim(JwtRegisteredClaimNames.Iat, dateTime.ToString(), ClaimValueTypes.Integer64)
};
//秘钥
var jwtConfig = new JwtAuthConfigModel();
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtConfig.JWTSecretKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
//过期时间
double exp = 0;
switch (tokenModel.TokenType)
{
case "Web":
exp = jwtConfig.WebExp;
break;
case "App":
exp = jwtConfig.AppExp;
break;
case "MiniProgram":
exp = jwtConfig.MiniProgramExp;
break;
case "Other":
exp = jwtConfig.OtherExp;
break;
}
var jwt = new JwtSecurityToken(
issuer: "User",
audience: "User",
claims: claims, //声明集合
expires: dateTime.AddHours(exp),
signingCredentials: creds);
var jwtHandler = new JwtSecurityTokenHandler();
var encodedJwt = jwtHandler.WriteToken(jwt);
return(encodedJwt);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
#region 注册服务
services.AddTransient <IonlineusersService, onlineusersService>();
services.AddTransient <ISysUserInfoService, SysUserInfoService>();
services.AddTransient <ISysmenuService, SysmenuService>();
#endregion
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
{
o.LoginPath = new PathString("/Account/login");
}).AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, o =>
{
JwtAuthConfigModel jwtConfig = new JwtAuthConfigModel();
o.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "FytSos",
ValidAudience = "wr",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtConfig.JWTSecretKey)),
RequireSignedTokens = true,
ValidateAudience = false,
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
RequireExpirationTime = true,
ValidateLifetime = true
};
});
services.AddAuthorization(options =>
{
options.AddPolicy("RequireApp", policy => policy.RequireRole("App").Build());
options.AddPolicy("RequireAdmin", policy => policy.RequireRole("Admin").Build());
options.AddPolicy("RequireAdminOrApp", policy => policy.RequireRole("Admin,App").Build());
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
// var security = new Dictionary<string, IEnumerable<string>> { { "Bearer", new string[] { } }, };
}
/// <summary>
/// This method gets called by the runtime. Use this method to add services to the container.
/// </summary>
/// <param name="services"></param>
public void ConfigureServices(IServiceCollection services)
{
//注册MVC
services.AddMvc()
.AddJsonOptions(options =>
{
options.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss"; //设置时间格式
});
//注册配置管理服务
services.AddConfigService(_env.ContentRootPath);
AllConfigModel allConfig = services.GetSingletonInstanceOrNull <AllConfigModel>();
//注册Swagger
services.AddSwaggerService();
//注册授权认证
JwtAuthConfigModel jwtConfig = allConfig.JwtAuthConfigModel;
var jwtOption = new JwtOption//todo:使用AutoMapper替换
{
WebExp = jwtConfig.WebExp,
AppExp = jwtConfig.AppExp,
MiniProgramExp = jwtConfig.MiniProgramExp,
OtherExp = jwtConfig.OtherExp,
SecurityKey = jwtConfig.SecurityKey
};
services.AddAuthService(jwtOption);
//注册Cors跨域
services.AddCorsService();
//注册http上下文访问器
services.AddSingleton <Microsoft.AspNetCore.Http.IHttpContextAccessor, Microsoft.AspNetCore.Http.HttpContextAccessor>();
//注册仓储
string connStr = allConfig.ConnectionStringsModel.SqlServerDatabase;
services.AddRepository(connStr);
//注册业务逻辑
services.AddBusiness();
}
/// <summary>
/// 注册服务到[依赖注入容器]
/// </summary>
/// <param name="services"></param>
public void ConfigureServices(IServiceCollection services)
{
//注册控制器
services.AddControllers(options =>
{
//options.Filters.Add(typeof(WebApiResultFilterAttribute));
options.RespectBrowserAcceptHeader = true;
})
.AddNewtonsoftJson(options =>
{
options.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss"; //设置时间格式
});
//注册配置管理服务
services.AddConfigService(_env.ContentRootPath);
AllConfigModel allConfig = services.GetImplementationInstanceOrNull <AllConfigModel>();
//注册Swagger
services.AddSwaggerService();
//注册授权认证
JwtAuthConfigModel jwtConfig = allConfig.JwtAuthConfigModel;
var jwtOption = AutoMapperHelper.Map <JwtAuthConfigModel, JwtOption>(jwtConfig);
services.AddSingleton(jwtOption);
services.AddRayAuthService(jwtOption);
//services.AddSecurityService();
//注册Cors跨域
services.AddCorsService();
//注册http上下文访问器
services.AddSingleton <Microsoft.AspNetCore.Http.IHttpContextAccessor, Microsoft.AspNetCore.Http.HttpContextAccessor>();
//注册业务逻辑
services.AddMyAppServices(_configuration);
services.AddMyRepository(_configuration);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddSkyApmExtensions();//add track
services.AddHorizonORM(Configuration);//add orm
//跨域
services.AddCors();
services.AddCors(options =>
{
options.AddPolicy("AllowAll", p => p.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials());
});
//注入jwt,添加JWT Scheme
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
var jwtConfig = new JwtAuthConfigModel();
o.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true, //是否验证Issuer
ValidateAudience = true, //是否验证Audience
ValidateIssuerSigningKey = true, //是否验证SecurityKey
ValidateLifetime = true, //是否验证超时 当设置exp和nbf时有效 同时启用ClockSkew
ClockSkew = TimeSpan.FromSeconds(30), //注意这是缓冲过期时间,总的有效时间等于这个时间加上jwt的过期时间,如果不配置,默认是5分钟
ValidAudience = jwtConfig.Audience, //Audience
ValidIssuer = jwtConfig.Issuer, //Issuer,这两项和前面签发jwt的设置一致
RequireExpirationTime = true,
IssuerSigningKey =
new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(Configuration["JwtAuth:SecurityKey"])) //拿到SecurityKey
};
o.Events = new JwtBearerEvents
{
//验证失败后停止响应
OnChallenge = p =>
{
p.HandleResponse();
var payload = "{\"Success\":false,\"Msg\":\"很抱歉,您无权访问该接口\",\"StatusCode\":401}";
//自定义返回的数据类型
p.Response.ContentType = "application/json";
//自定义返回状态码,默认为401 我这里改成 200
p.Response.StatusCode = 200;
//context.Response.StatusCode = StatusCodes.Status401Unauthorized;
//输出Json数据结果
p.Response.WriteAsync(payload);
return(Task.FromResult(0));
},
OnAuthenticationFailed = context =>
{
// 如果过期,则把<是否过期>添加到,返回头信息中
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return(Task.CompletedTask);
}
};
});
}
public Startup(IConfiguration configuration)
{
Configuration = configuration;
JwtAuthConfigModel.CreateInstance(configuration);
}
/// <summary>
///
/// </summary>
/// <param name="services"></param>
public void ConfigureServices(IServiceCollection services)
{
AddAssembly(services, "BookingTest.Service");
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(JwtAuthorizeAttribute.JwtAuthenticationScheme, x =>
{
var jwtConfig = new JwtAuthConfigModel();
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true, //是否验证Issuer
ValidateAudience = true, //是否验证Audience
ValidateIssuerSigningKey = true, //是否验证SecurityKey
//ValidateLifetime = true,//是否验证超时 当设置exp和nbf时有效 同时启用ClockSkew
//ClockSkew = TimeSpan.FromSeconds(30),//注意这是缓冲过期时间,总的有效时间等于这个时间加上jwt的过期时间,如果不配置,默认是5分钟
//RequireExpirationTime = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["JwtAuth:SecurityKey"])), //拿到SecurityKey
ValidIssuer = jwtConfig.Issuer, //Issuer,这两项和前面签发jwt的设置一致
ValidAudience = jwtConfig.Audience //Audience
};
x.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
// 如果过期,则把<是否过期>添加到,返回头信息中
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return(Task.CompletedTask);
}
};
});
//注册 Swagger
services.AddSwaggerGen(c =>
{
//Locate the XML file being generated by ASP.NET...
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = System.IO.Path.Combine(AppContext.BaseDirectory, xmlFile);
//... and tell Swagger to use those XML comments.
c.IncludeXmlComments(xmlPath);
c.SwaggerDoc("v1", new OpenApiInfo
{
Version = "v5.0.0",
Title = "一体化预约平台PC后端 api",
Description = "基于.net core 3.1 开发工具VS2019",
TermsOfService = new Uri("http://cnblogs.com/microfisher"),
Contact = new OpenApiContact {
Name = "卓健科技", Email = "*****@*****.**", Url = new Uri("http://www.zhuojianchina.com/")
}
});
var bearerScheme = new OpenApiSecurityScheme
{
Description = "在下框中输入请求头中需要添加Jwt授权Token:Bearer Token",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey
};
// 开启加权小锁
c.OperationFilter <AddResponseHeadersFilter>();
c.OperationFilter <AppendAuthorizeToSummaryOperationFilter>();
// 在header中添加token,传递到后台
c.OperationFilter <SecurityRequirementsOperationFilter>();
c.AddSecurityDefinition("oauth2", bearerScheme);
});
//配置文件大小限制
services.Configure <Microsoft.AspNetCore.Http.Features.FormOptions>(options =>
{
options.ValueLengthLimit = int.MaxValue;
options.MultipartBodyLengthLimit = int.MaxValue;// 60000000;
options.MultipartHeadersLengthLimit = int.MaxValue;
options.ValueLengthLimit = int.MaxValue;
});
services.AddControllers(configure =>
{
configure.Filters.Add <LogFilterAttribute>();
configure.Filters.Add <HospitalUserFilterAttribute>();//全局过滤器,不用添加特性头
}).AddNewtonsoftJson(options =>
{
//修改属性名称的序列化方式,首字母小写
//options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
options.SerializerSettings.ContractResolver = new DefaultContractResolver();//json字符串大小写原样输出
//修改时间的序列化方式
options.SerializerSettings.Converters.Add(new IsoDateTimeConverter()
{
DateTimeFormat = "yyyy/MM/dd HH:mm:ss"
});
});
#region CORS
services.AddCorsSetup();
#endregion
}
/// <summary>
/// This method gets called by the runtime. Use this method to add services to the container.
/// 第一次请求时配置各个实例对象(bean)
/// </summary>
/// <param name="services"></param>
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().AddJsonOptions(o =>
{
o.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss";
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.Configure <MvcOptions>(options =>
{
//给全局路由添加统一前缀
options.Conventions.Insert(0, new RouteConvention(new RouteAttribute("services/v1/")));
});
#region swagger
services.AddSwaggerGen(c =>
{
//文档左上角的描述
var swaggerInfo = new Info
{
Version = "v1.0.0",
Title = "hepeng's dotnetcore test",
Description = "路漫漫其修远兮 吾将上下而求索<br />愿你出走半生 归来仍是少年",
TermsOfService = "http://www.baidu.com",
License = new License()
{
Name = "license", Url = "http://www.baidu.com"
},
Contact = new Contact()
{
Name = "hepeng", Email = "*****@*****.**", Url = "https://www.cnblogs.com/hepeng/"
}
};
c.SwaggerDoc("v1", swaggerInfo);
//读取注释用于显示
c.IncludeXmlComments(AppDomain.CurrentDomain.BaseDirectory + "CoreTest.xml", true);
//在swagger中显示JWT信息
var security = new Dictionary <string, IEnumerable <string> > {
{ "Bearer", new string[] { } }
};
c.AddSecurityRequirement(security);//添加一个必须的全局安全信息,和AddSecurityDefinition方法指定的方案名称要一致,这里是Bearer。
c.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
Description = "JWT授权(数据将在请求头中进行传输) 参数结构: \"Authorization: Bearer {token}\"",
Name = "Authorization", //jwt默认的参数名称
In = "header", //jwt默认存放Authorization信息的位置(请求头中)
Type = "apiKey"
});
});
#endregion
#region 认证
//bearer “持票人”约定俗成
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(o =>
{
JwtAuthConfigModel jwtConfig = new JwtAuthConfigModel();
o.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "CoreTest",//发行人
ValidAudience = "wr",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtConfig.JWTSecretKey)),
/***********************************TokenValidationParameters的参数默认值***********************************/
RequireSignedTokens = true,
// SaveSigninToken = false,
// ValidateActor = false,
// 将下面两个参数设置为false,可以不验证Issuer和Audience,但是不建议这样做。
ValidateAudience = false,
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
// 是否要求Token的Claims中必须包含 Expires
RequireExpirationTime = true,
// 允许的服务器时间偏移量
// ClockSkew = TimeSpan.FromSeconds(300),
// 是否验证Token有效期,使用当前时间与Token的Claims中的NotBefore和Expires对比
ValidateLifetime = true
};
});
#endregion
#region 授权
services.AddAuthorization(options =>
{
//此处与控制器中的[Authorize(Roles = "Admin,hepeng")]对应
//可通过读取数据角色动态添加
options.AddPolicy("RequireClient", policy => policy.RequireRole("Client").Build());
options.AddPolicy("RequireAdmin", policy => policy.RequireRole("Admin").Build());
options.AddPolicy("RequireAdminOrClient", policy => policy.RequireRole("Admin,Client").Build());
});
#endregion
#region CORS 启用跨域请求
//同源三要素: 协议 域名 端口 不同的资源的这三个要素同时相同才叫同源
//https://i.cnblogs.com/EditLinks.aspx?catid=1357952
services.AddCors(c =>
{
//添加策略
//此处与控制器中的[EnableCors("Any")]对应
c.AddPolicy("Any", policy =>
{
policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials();
});
c.AddPolicy("Limit", policy =>
{
policy
.WithOrigins("localhost:8083")
.WithMethods("get", "post", "put", "delete")
//.WithHeaders("Authorization");
.AllowAnyHeader();
});
});
#endregion
}
public void ConfigureServices(IServiceCollection services)
{
//自定注册
AddAssembly(services, "FytSoa.Service");
//解决视图输出内容中文编码问题
services.AddSingleton(HtmlEncoder.Create(UnicodeRanges.All));
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
#region 认证
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
{
o.LoginPath = new PathString("/fytadmin/login");
})
//新增一个新的方案
.AddCookie(BbsUserAuthorizeAttribute.BbsUserAuthenticationScheme, o =>
{
o.LoginPath = new PathString("/bbs/nologin");
})
.AddJwtBearer(JwtAuthorizeAttribute.JwtAuthenticationScheme, o =>
{
var jwtConfig = new JwtAuthConfigModel();
o.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true, //是否验证Issuer
ValidateAudience = true, //是否验证Audience
ValidateIssuerSigningKey = true, //是否验证SecurityKey
ValidateLifetime = true, //是否验证超时 当设置exp和nbf时有效 同时启用ClockSkew
ClockSkew = TimeSpan.FromSeconds(30), //注意这是缓冲过期时间,总的有效时间等于这个时间加上jwt的过期时间,如果不配置,默认是5分钟
ValidAudience = jwtConfig.Audience, //Audience
ValidIssuer = jwtConfig.Issuer, //Issuer,这两项和前面签发jwt的设置一致
RequireExpirationTime = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtAuth:SecurityKey"])) //拿到SecurityKey
};
o.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
// 如果过期,则把<是否过期>添加到,返回头信息中
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return(Task.CompletedTask);
}
};
});
#endregion
#region 授权
services.AddAuthorization(options =>
{
options.AddPolicy("App", policy => policy.RequireRole("App").Build());
options.AddPolicy("Admin", policy => policy.RequireRole("Admin").Build());
options.AddPolicy("AdminOrApp", policy => policy.RequireRole("Admin,App").Build());
});
#endregion
#region 缓存配置
services.AddMemoryCache();
services.AddSingleton <ICacheService, MemoryCacheService>();
RedisHelper.Initialization(new CSRedis.CSRedisClient(Configuration["Cache:Configuration"]));
#endregion
services.AddMvc().AddJsonOptions(option => {
option.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss";
});
services.AddSingleton(GetScheduler());
#region Swagger UI
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new Info
{
Version = "v1",
Title = "FytSoa API",
Contact = new Contact {
Name = "feiyit", Email = "*****@*****.**", Url = ""
}
});
var basePath = PlatformServices.Default.Application.ApplicationBasePath;
var xmlPath = Path.Combine(basePath, "FytSoa.Web.xml");
var entityXmlPath = Path.Combine(basePath, "FytSoa.Core.xml");
options.IncludeXmlComments(xmlPath, true);
options.IncludeXmlComments(entityXmlPath);
//添加header验证信息
//c.OperationFilter<SwaggerHeader>();
var security = new Dictionary <string, IEnumerable <string> > {
{ "Bearer", new string[] { } },
};
//添加一个必须的全局安全信息,和AddSecurityDefinition方法指定的方案名称要一致,这里是Bearer。
options.AddSecurityRequirement(security);
options.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
Description = "JWT-Test: \"Authorization: Bearer {token}\"",
//jwt默认的参数名称
Name = "Authorization",
//jwt默认存放Authorization信息的位置(请求头中)
In = "header",
Type = "apiKey"
});
});
#endregion
#region CORS
services.AddCors(c =>
{
c.AddPolicy("Any", policy =>
{
policy.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
});
c.AddPolicy("Limit", policy =>
{
policy
.WithOrigins("localhost:4909")
.WithMethods("get", "post", "put", "delete")
//.WithHeaders("Authorization");
.AllowAnyHeader();
});
});
#endregion
#region 性能 压缩
services.AddResponseCompression();
#endregion
//NLog 数据库配置
//NLog.LogManager.Configuration.FindTargetByName<NLog.Targets.DatabaseTarget>("db").ConnectionString = Configuration.GetConnectionString("LogConnectionString");
}
public void ConfigureServices(IServiceCollection services)
{
//自定注册
AddAssembly(services, "FytSoa.Service");
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
{
o.LoginPath = new PathString("/fytadmin/login");
o.SlidingExpiration = true;
o.ExpireTimeSpan = TimeSpan.FromHours(config.GetValue(KeyHelper.LOGINCOOKIEEXPIRES, 0.5D));
})
.AddJwtBearer(JwtAuthorizeAttribute.JwtAuthenticationScheme, o =>
{
var jwtConfig = new JwtAuthConfigModel();
o.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true, //是否验证Issuer
ValidateAudience = true, //是否验证Audience
ValidateIssuerSigningKey = true, //是否验证SecurityKey
ValidateLifetime = true, //是否验证超时 当设置exp和nbf时有效 同时启用ClockSkew
ClockSkew = TimeSpan.FromSeconds(30), //注意这是缓冲过期时间,总的有效时间等于这个时间加上jwt的过期时间,如果不配置,默认是5分钟
ValidAudience = jwtConfig.Audience, //Audience
ValidIssuer = jwtConfig.Issuer, //Issuer,这两项和前面签发jwt的设置一致
RequireExpirationTime = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["JwtAuth:SecurityKey"])) //拿到SecurityKey
};
o.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
// 如果过期,则把<是否过期>添加到,返回头信息中
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return(Task.CompletedTask);
}
};
});
services
.AddDataProtection(p => p.ApplicationDiscriminator = "ytjbk")
.PersistKeysToStackExchangeRedis(ConnectionMultiplexer.Connect(config["Cache:Configuration"]));
services
.AddAuthorization(options =>
{
options.AddPolicy("App", policy => policy.RequireRole("App").Build());
options.AddPolicy("Admin", policy => policy.RequireRole("Admin").Build());
options.AddPolicy("AdminOrApp", policy => policy.RequireRole("Admin,App").Build());
})
.AddStackExchangeRedisCache(p => p.Configuration = config["Cache:Configuration"])
.AddSingleton(HtmlEncoder.Create(UnicodeRanges.All))
.AddSingleton(GetScheduler())
.AddResponseCompression()
.AddHttpClient()
.AddSingleton <IHttpContextAccessor, HttpContextAccessor>()
.AddCors(c =>
{
c.AddPolicy("Any", policy =>
{
policy.SetIsOriginAllowed(p => true)
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
});
})
.AddMvc(p =>
{
p.EnableEndpointRouting = false;
})
.AddNewtonsoftJson();
services.Configure <KestrelServerOptions>(option => option.AllowSynchronousIO = true);
services.Configure <IISServerOptions>(option => option.AllowSynchronousIO = true);
}
/// <summary>
/// 颁发JWT字符串
/// </summary>
/// <param name="tokenModel"></param>
/// <returns></returns>
public static string IssueJWT(TokenModel tokenModel)
{
var dateTime = DateTime.UtcNow;
var claims = new Claim[]
{
new Claim(JwtRegisteredClaimNames.Jti, tokenModel.Uid.ToString()), //用户Id
new Claim("Role", tokenModel.Role), //身份
new Claim("Project", tokenModel.Project), //项目名称
new Claim(JwtRegisteredClaimNames.Iat, dateTime.ToString(), ClaimValueTypes.Integer64)
};
//秘钥
var jwtConfig = new JwtAuthConfigModel();
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtConfig.JWTSecretKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
//过期时间
int exp = 0;
switch (tokenModel.TokenType.ToLower())
{
case "web":
exp = jwtConfig.WebExp;
break;
case "app":
exp = jwtConfig.AppExp;
break;
case "miniprogram":
exp = jwtConfig.MiniProgramExp;
break;
case "other":
exp = jwtConfig.OtherExp;
break;
}
DateTime expires = DateTime.Now;
switch (tokenModel.EffectiveTimeType)
{
case "year":
expires = expires.AddYears(exp);
break;
case "month":
expires = expires.AddMonths(exp);
break;
case "day":
expires = expires.AddDays(exp);
break;
case "hours":
expires = expires.AddHours(exp);
break;
case "min":
expires = expires.AddMinutes(exp);
break;
case "sec":
expires = expires.AddSeconds(exp);
break;
}
var jwt = new JwtSecurityToken(
issuer: "CoreApi",
claims: claims, //声明集合
expires: expires,
signingCredentials: creds);
var jwtHandler = new JwtSecurityTokenHandler();
var encodedJwt = jwtHandler.WriteToken(jwt);
return(encodedJwt);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
#region Swagger
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info
{
Version = "v0.1.0",
Title = "学习Swagger",
Description = "框架说明文档",
TermsOfService = "None",
Contact = new Swashbuckle.AspNetCore.Swagger.Contact {
Name = "Learn.Swagger", Email = "*****@*****.**", Url = "https://www.facai.com"
}
});
//如果不加入以下两个xml 也是可以的 但是不会对api有中文说明,使用了一下两个xml 就需要对成员使用///注释
//本webapi的xml
var basePath = Microsoft.DotNet.PlatformAbstractions.ApplicationEnvironment.ApplicationBasePath;
var xmlPath = Path.Combine(basePath, "CoreApiSwagger.xml"); //这个就是刚刚配置的xml文件名
c.IncludeXmlComments(xmlPath, true); //默认的第二个参数是false,这个是controller的注释,记得修改
//如果不引用别的类库项目,那么以上就是一个webapi项目添加swagger服务的全部
//webapi引用model的xml
var xmlModelPath = Path.Combine(basePath, "CoreApiSwagger.xml"); //这个就是Model层的xml文件名
c.IncludeXmlComments(xmlPath, true); //默认的第二个参数是false,这个是controller的注释,记得修改
c.IncludeXmlComments(xmlModelPath);
//添加header验证信息
//c.OperationFilter<SwaggerHeader>();
var security = new Dictionary <string, IEnumerable <string> > {
{ "Bearer", new string[] { } },
};
c.AddSecurityRequirement(security);//添加一个必须的全局安全信息,和AddSecurityDefinition方法指定的方案名称要一致,这里是Bearer。
c.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
Description = "JWT授权(数据将在请求头中进行传输) 参数结构: \"Authorization: Bearer {token}\"",
Name = "Authorization", //jwt默认的参数名称
In = "header", //jwt默认存放Authorization信息的位置(请求头中)
Type = "apiKey"
});
});
#endregion
#region 认证
services.AddAuthentication(x =>
{
//2、Authentication
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(o =>
{
JwtAuthConfigModel jwtConfig = new JwtAuthConfigModel();
o.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = jwtConfig.Issuer,
ValidAudience = jwtConfig.Audience,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtConfig.JWTSecretKey)),
/***********************************TokenValidationParameters的参数默认值***********************************/
RequireSignedTokens = true,
// SaveSigninToken = false,
// ValidateActor = false,
// 将下面两个参数设置为false,可以不验证Issuer和Audience,但是不建议这样做。
ValidateAudience = false,
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
// 是否要求Token的Claims中必须包含 Expires
RequireExpirationTime = true,
// 允许的服务器时间偏移量
// ClockSkew = TimeSpan.FromSeconds(300),
// 是否验证Token有效期,使用当前时间与Token的Claims中的NotBefore和Expires对比
ValidateLifetime = true
};
});
#endregion
#region 授权
services.AddAuthorization(options =>
{
options.AddPolicy("Client", policy => policy.RequireRole("Client").Build());
options.AddPolicy("Admin", policy => policy.RequireRole("Admin").Build());
options.AddPolicy("AdminOrClient", policy => policy.RequireRole("Admin", "Client").Build());
});
services.AddDefaultIdentity <IdentityUser>().AddRoles <IdentityRole>();
#endregion
#region CORS 跨域
services.AddCors(c =>
{
c.AddPolicy("AllowAnyOrigin", policy =>
{
policy.AllowAnyOrigin() //允许任何源
.AllowAnyMethod() //允许任何方式
.AllowAnyHeader() //允许任何头
.AllowCredentials(); //允许cookie
});
c.AddPolicy("AllowSpecificOrigin", policy =>
{
policy.WithOrigins("http://localhost:8083")
.WithMethods("GET", "POST", "PUT", "DELETE")
.WithHeaders("authorization");
});
});
#endregion
#region Redis
services.AddDistributedRedisCache(options =>
{
options.Configuration = BaseConfigModel.Configuration["Redis:ConnectionString"];
});
#endregion
#region WebSockets
services.AddSingleton <ICustomWebSocketFactory, CustomWebSocketFactory>();
services.AddSingleton <ICustomWebSocketMessageHandler, CustomWebSocketMessageHandler>();
#endregion
}
public void ConfigureServices(IServiceCollection services)
{
AddAssembly(services, "FytSoa.Service");
services.AddSingleton(HtmlEncoder.Create(UnicodeRanges.All));
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
services.AddSingleton <ITaskSchedulingService, TaskSchedulingService>();
#region
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
{
o.LoginPath = new PathString("/fytadmin/login");
})
.AddCookie(BbsUserAuthorizeAttribute.BbsUserAuthenticationScheme, o =>
{
o.LoginPath = new PathString("/bbs/nologin");
})
.AddJwtBearer(JwtAuthorizeAttribute.JwtAuthenticationScheme, o =>
{
var jwtConfig = new JwtAuthConfigModel();
o.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromSeconds(30),
ValidAudience = jwtConfig.Audience,
ValidIssuer = jwtConfig.Issuer,
RequireExpirationTime = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtAuth:SecurityKey"]))
};
o.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return(Task.CompletedTask);
}
};
});
#endregion
#region
services.AddAuthorization(options =>
{
options.AddPolicy("App", policy => policy.RequireRole("App").Build());
options.AddPolicy("Admin", policy => policy.RequireRole("Admin").Build());
options.AddPolicy("AdminOrApp", policy => policy.RequireRole("Admin,App").Build());
});
#endregion
#region
services.AddMemoryCache();
services.AddSingleton <ICacheService, MemoryCacheService>();
RedisHelper.Initialization(new CSRedis.CSRedisClient(Configuration["Cache:Configuration"]));
#endregion
services.AddMvc().AddJsonOptions(option => {
option.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss";
});
#region Swagger UI
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new Info
{
Version = "v1",
Title = "FytSoa API",
Contact = new Contact {
Name = "feiyit", Email = "*****@*****.**", Url = ""
}
});
var basePath = PlatformServices.Default.Application.ApplicationBasePath;
var xmlPath = Path.Combine(basePath, "FytSoa.Web.xml");
var entityXmlPath = Path.Combine(basePath, "FytSoa.Core.xml");
options.IncludeXmlComments(xmlPath, true);
options.IncludeXmlComments(entityXmlPath);
//c.OperationFilter<SwaggerHeader>();
var security = new Dictionary <string, IEnumerable <string> > {
{ "Bearer", new string[] { } },
};
options.AddSecurityRequirement(security);
options.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
Description = "JWT-Test: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = "header",
Type = "apiKey"
});
});
#endregion
#region CORS
services.AddCors(c =>
{
c.AddPolicy("Any", policy =>
{
policy.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
});
c.AddPolicy("Limit", policy =>
{
policy
.WithOrigins("localhost:4909")
.WithMethods("get", "post", "put", "delete")
//.WithHeaders("Authorization");
.AllowAnyHeader();
});
});
#endregion
#region
services.AddResponseCompression();
#endregion
}
/// <summary>
/// 服务注册配置应用程序的服务This method gets called by the runtime. Use this method to add services to the container.
/// </summary>
/// <param name="services"></param>
public void ConfigureServices(IServiceCollection services)
{
//services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1).AddJsonOptions(options =>
{
options.SerializerSettings.ContractResolver = new DefaultContractResolver();
});
#region 添加Swagger
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info
{
Version = "v1.1.0",
Title = "UIDP WebAPI",
//Description = "框架集合",
//TermsOfService = "None",
//Contact = new Swashbuckle.AspNetCore.Swagger.Contact { Name = "Maverick", Email = "*****@*****.**", Url = "http://www.cnblogs.com/" }
});
//添加读取注释服务
var basePath = AppDomain.CurrentDomain.BaseDirectory;
var apiXmlPath = Path.Combine(basePath, "UIDP.WebAPI.xml");
c.IncludeXmlComments(apiXmlPath, true);
var entityXmlPath = Path.Combine(basePath, "UIDP.Entity.xml");
c.IncludeXmlComments(entityXmlPath, true);//控制器层注释(true表示显示控制器注释)
//添加对控制器的标签(描述)
//c.DocumentFilter<SwaggerDocTag>();
//添加header验证信息
//c.OperationFilter<SwaggerHeader>();
var security = new Dictionary <string, IEnumerable <string> > {
{ "Bearer", new string[] { } },
};
c.AddSecurityRequirement(security);//添加一个必须的全局安全信息,和AddSecurityDefinition方法指定的方案名称要一致,这里是Bearer。
c.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
Description = "JWT授权(数据将在请求头中进行传输) 参数结构: \"Authorization: Bearer {token}\"",
Name = "Authorization", //jwt默认的参数名称
In = "header", //jwt默认存放Authorization信息的位置(请求头中)
Type = "apiKey"
});
});
#endregion
#region 认证
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
JwtAuthConfigModel jwtConfig = new JwtAuthConfigModel();
o.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "UIDP",
ValidAudience = "wr",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtConfig.JWTSecretKey)),
/***********************************TokenValidationParameters的参数默认值***********************************/
RequireSignedTokens = true,
// SaveSigninToken = false,
// ValidateActor = false,
// 将下面两个参数设置为false,可以不验证Issuer和Audience,但是不建议这样做。
ValidateAudience = false,
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
// 是否要求Token的Claims中必须包含 Expires
RequireExpirationTime = true,
// 允许的服务器时间偏移量
// ClockSkew = TimeSpan.FromSeconds(300),
// 是否验证Token有效期,使用当前时间与Token的Claims中的NotBefore和Expires对比
ValidateLifetime = true
};
});
#endregion
#region 授权
services.AddAuthorization(options =>
{
options.AddPolicy("RequireClient", policy => policy.RequireRole("Client").Build());
options.AddPolicy("RequireAdmin", policy => policy.RequireRole("Admin").Build());
options.AddPolicy("RequireAdminOrClient", policy => policy.RequireRole("Admin,Client").Build());
});
#endregion
#region 跨域CORS
services.AddCors(c =>
{
c.AddPolicy("Any", policy =>
{
policy.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
});
c.AddPolicy("AllowSpecificOrigin", policy =>
{
policy.WithOrigins("http://localhost:8083")//运行跨越访问的请求地址么,有多个的话用逗号隔开
.WithMethods("GET", "POST", "PUT", "DELETE")
.WithHeaders("authorization");
});
});
#endregion
}
/// <summary>
/// This method gets called by the runtime. Use this method to add services to the container.
/// </summary>
/// <param name="services"></param>
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().AddJsonOptions(options =>
{
options.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss";//设置时间格式
});
#region Swagger
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info
{
Version = "v1.1.0",
Title = "Ray WebAPI",
Description = "框架集合",
TermsOfService = "None",
Contact = new Swashbuckle.AspNetCore.Swagger.Contact {
Name = "RayWang", Email = "*****@*****.**", Url = "http://www.cnblogs.com/RayWang"
}
});
//添加注释服务
var basePath = PlatformServices.Default.Application.ApplicationBasePath;
var apiXmlPath = Path.Combine(basePath, "APIHelp.xml");
var entityXmlPath = Path.Combine(basePath, "EntityHelp.xml");
c.IncludeXmlComments(apiXmlPath, true);//控制器层注释(true表示显示控制器注释)
c.IncludeXmlComments(entityXmlPath);
//添加控制器注释
//c.DocumentFilter<SwaggerDocTag>();
//添加header验证信息
//c.OperationFilter<SwaggerHeader>();
var security = new Dictionary <string, IEnumerable <string> > {
{ "Bearer", new string[] { } },
};
c.AddSecurityRequirement(security);//添加一个必须的全局安全信息,和AddSecurityDefinition方法指定的方案名称要一致,这里是Bearer。
c.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
Description = "JWT授权(数据将在请求头中进行传输) 参数结构: \"Authorization: Bearer {token}\"",
Name = "Authorization", //jwt默认的参数名称
In = "header", //jwt默认存放Authorization信息的位置(请求头中)
Type = "apiKey"
});
});
#endregion
#region 认证
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
JwtAuthConfigModel jwtConfig = new JwtAuthConfigModel();
o.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "RayPI",
ValidAudience = "wr",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtConfig.JWTSecretKey)),
/***********************************TokenValidationParameters的参数默认值***********************************/
RequireSignedTokens = true,
// SaveSigninToken = false,
// ValidateActor = false,
// 将下面两个参数设置为false,可以不验证Issuer和Audience,但是不建议这样做。
ValidateAudience = false,
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
// 是否要求Token的Claims中必须包含 Expires
RequireExpirationTime = true,
// 允许的服务器时间偏移量
// ClockSkew = TimeSpan.FromSeconds(300),
// 是否验证Token有效期,使用当前时间与Token的Claims中的NotBefore和Expires对比
ValidateLifetime = true
};
});
#endregion
#region 授权
services.AddAuthorization(options =>
{
options.AddPolicy("RequireClient", policy => policy.RequireRole("Client").Build());
options.AddPolicy("RequireAdmin", policy => policy.RequireRole("Admin").Build());
options.AddPolicy("RequireAdminOrClient", policy => policy.RequireRole("Admin,Client").Build());
});
#endregion
#region CORS
services.AddCors(c =>
{
c.AddPolicy("Any", policy =>
{
policy.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
});
c.AddPolicy("Limit", policy =>
{
policy
.WithOrigins("localhost:8083")
.WithMethods("get", "post", "put", "delete")
//.WithHeaders("Authorization");
.AllowAnyHeader();
});
});
#endregion
}
public void ConfigureServices(IServiceCollection services)
{
//自定注册
AddAssembly(services, "FytSoa.Service");
//解决视图输出内容中文编码问题
services.AddSingleton(HtmlEncoder.Create(UnicodeRanges.All));
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
#region 认证
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
//services.AddAuthentication(options =>
//{
// options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
// options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
//})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
{
o.LoginPath = new PathString("/fytadmin/login");
})
//新增一个新的方案
.AddCookie(CompanyAuthorizeAttribute.CompanyAuthenticationScheme, o =>
{
o.LoginPath = new PathString("/company/login");
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, o =>
{
JwtAuthConfigModel jwtConfig = new JwtAuthConfigModel();
o.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "FytSos",
ValidAudience = "wr",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtConfig.JWTSecretKey)),
/***********************************TokenValidationParameters的参数默认值***********************************/
RequireSignedTokens = true,
// SaveSigninToken = false,
// ValidateActor = false,
// 将下面两个参数设置为false,可以不验证Issuer和Audience,但是不建议这样做。
ValidateAudience = false,
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
// 是否要求Token的Claims中必须包含 Expires
RequireExpirationTime = false,
// 允许的服务器时间偏移量
// ClockSkew = TimeSpan.FromSeconds(300),
// 是否验证Token有效期,使用当前时间与Token的Claims中的NotBefore和Expires对比
ValidateLifetime = true
};
});
#endregion
#region 授权
services.AddAuthorization(options =>
{
options.AddPolicy("RequireApp", policy => policy.RequireRole("App").Build());
options.AddPolicy("RequireAdmin", policy => policy.RequireRole("Admin").Build());
options.AddPolicy("RequireAdminOrApp", policy => policy.RequireRole("Admin,App").Build());
});
#endregion
#region 缓存 读取配置是否使用哪种缓存模式
services.AddMemoryCache();
if (Convert.ToBoolean(Configuration["Cache:IsUseRedis"]))
{
services.AddSingleton <ICacheService, RedisCacheService>();
}
else
{
services.AddSingleton <ICacheService, MemoryCacheService>();
}
#endregion
#region 缓存 RedisCache
//将Redis分布式缓存服务添加到服务中
services.AddDistributedRedisCache(options =>
{
//用于连接Redis的配置
options.Configuration = Configuration["Cache:Configuration"];
//Redis实例名RedisDistributedCache
options.InstanceName = Configuration["Cache:RedisInstance"];
});
#endregion
services.AddMvc().AddRazorPagesOptions(options =>
{
options.Conventions.AddPageRoute("/web/index", "/");
});
#region Swagger UI
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new Info
{
Version = "v1",
Title = "FytSoa API",
Contact = new Contact {
Name = "feiyit", Email = "*****@*****.**", Url = "http://www.feiyit.com"
}
});
var basePath = PlatformServices.Default.Application.ApplicationBasePath;
var xmlPath = Path.Combine(basePath, "FytSoa.Web.xml");
var entityXmlPath = Path.Combine(basePath, "FytSoa.Core.xml");
options.IncludeXmlComments(xmlPath, true);
options.IncludeXmlComments(entityXmlPath);
//添加header验证信息
//c.OperationFilter<SwaggerHeader>();
var security = new Dictionary <string, IEnumerable <string> > {
{ "Bearer", new string[] { } },
};
//添加一个必须的全局安全信息,和AddSecurityDefinition方法指定的方案名称要一致,这里是Bearer。
options.AddSecurityRequirement(security);
options.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
Description = "JWT授权(数据将在请求头中进行传输) 参数结构: \"Authorization: Bearer {token}\"",
//jwt默认的参数名称
Name = "Authorization",
//jwt默认存放Authorization信息的位置(请求头中)
In = "header",
Type = "apiKey"
});
});
#endregion
#region CORS
services.AddCors(c =>
{
c.AddPolicy("Any", policy =>
{
policy.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
});
c.AddPolicy("Limit", policy =>
{
policy
.WithOrigins("localhost:4909")
.WithMethods("get", "post", "put", "delete")
//.WithHeaders("Authorization");
.AllowAnyHeader();
});
});
#endregion
#region 性能 压缩
services.AddResponseCompression();
#endregion
//NLog 数据库配置
//NLog.LogManager.Configuration.FindTargetByName<NLog.Targets.DatabaseTarget>("db").ConnectionString = Configuration.GetConnectionString("LogConnectionString");
}
