search

aspnet / Security

[Archived] Middleware for security and authorization of web apps. Project moved to https://github.com/aspnet/AspNetCore
Apache License 2.0
1.27k stars 599 forks source link

CookieAuthenticationDefaults and JwtBearerDefaults can be together? #1841

Closed zhangtingwz closed 6 years ago

zhangtingwz commented 6 years ago 
            services.AddAuthentication(x =>
            {
                x.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                x.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                x.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

            }).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, x =>
            {
                //登录地址
                x.LoginPath = "/Users/Login";
                //sid
                x.Cookie.Name = "mycookie";
                x.Cookie.Path = "/";
                x.Cookie.HttpOnly = true;
                x.Cookie.Expiration = new TimeSpan(1, 0, 0);
                x.ExpireTimeSpan = new TimeSpan(1, 0, 0);
            });

            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddJwtBearer(options =>
                {
                    options.TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateIssuer = true,//是否验证Issuer
                        ValidateAudience = true,//是否验证Audience
                        ValidateLifetime = true,//是否验证失效时间
                        ValidateIssuerSigningKey = true,//是否验证SecurityKey
                        ValidAudience = "微公益",//Audience
                        ValidIssuer = "前端",//Issuer,这两项和前面签发jwt的设置一致
                        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecurityKey"]))//拿到SecurityKey
                    };
                });

I hope in my code use cookie to Authen my pc use ,JwtBearerDefaults to for my api,but they are conflict,how can i do

blowdart commented 6 years ago

When you say conflict what do you mean here?

One thing I notice immediately is you're calling add.Authentication() twice, and changing the default in the second call, so it's wiping out what you set for the default in cookies. You could do

services.AddAuthentication(x =>
{
    x.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    x.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    x.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
}).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, x =>
{
  /// Your config
}).AddJwtBearer(options =>
{
   /// Your config
});

And then, when you apply Authorize you specify the scheme, so when you want JWT you'd go

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]

And for cookies

[Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]

zhangtingwz commented 6 years ago

Dear blowdart I thank you very much ,sorry today ,i can see it,i have done it ,i create a new Authorize , then 

 services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddJwtBearer(JwtBearerAuthorizeAttribute.JwtBearerAuthenticationScheme,options =>

then use my create other Author ,that is ok. At last thank you very much again

laosandegudai commented 6 years ago

@zhangtingwz how can you do it ? i met the same problem.