代码之家  ›  专栏  ›  技术社区  ›  Fredou

如何从AddAuthentication在IssuerSigningKeyResolver中使用依赖项注入。AddJwtBearer

  •  1
  • Fredou  · 技术社区  · 4 年前

    我正在尝试配置我的Jwt承载颁发者密钥,但在生产中,我通常使用由 KeyManager . 这个 密钥管理器 类在依赖项注入中配置,但在 ConfigureServices 方法我不能使用它(显然),但如果我不能使用它,我就无法检索我的密钥。

    我目前的解决方案是建立一个临时服务提供商并使用它,但我认为这不是最先进的(我需要创建两个单件副本,而不是最好的)。

    services.AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme;
    }).AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
    {
        ServiceProvider sp = services.BuildServiceProvider();
        IKeyManager keyManager = sp.GetService<KeyManager>();
    
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = keyManager.GetSecurityKeyFromName("jwt").Result,
    
            ValidIssuer = "https://api.example.com",
            ValidateIssuer = true
        };
    
        options.Audience = "https://api.example.com";
        options.Authority = "https://api.example.com";
    
        options.SaveToken = true;
    });
    
    0 回复  |  直到 6 年前
        1
  •  13
  •   weichch    6 年前

    使用 Options pattern 实施 IConfigureNamedOptions<JwtBearerOptions> :

    public class ConfigureJwtBearerOptions : IConfigureNamedOptions<JwtBearerOptions>
    {
        private readonly IKeyManager _keyManager;
    
        public ConfigureJwtBearerOptions(IKeyManager keyManager)
        {
            _keyManager = keyManager;
        }
    
        public void Configure(JwtBearerOptions options)
        {
            options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = _keyManager.GetSecurityKeyFromName("jwt").Result,
    
                ValidIssuer = "https://api.example.com",
                ValidateIssuer = true
            };
    
            options.Audience = "https://api.example.com";
            options.Authority = "https://api.example.com";
    
            options.SaveToken = true;
        }
    
        public void Configure(string name, JwtBearerOptions options)
        {
            Configure(options);
        }
    }
    

    在里面 创业。反恐精英 :

    services.AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme;
    }).AddJwtBearer();
    
    services.ConfigureOptions<ConfigureJwtBearerOptions>();
    
        2
  •  6
  •   Edoardo    6 年前

    所以,经过更多的研究,我在微软的文档中找到了这个页面: Use DI services to configure options (另请参阅 that answer 这是指动态处理多个Jwt发行人)。

    services.AddOptions<JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme)
    .Configure<IKeyManager>((options, keyManager) => {
    
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = keyManager.GetSecurityKeyFromName("jwt").Result,
    
            ValidIssuer = "https://api.example.com",
            ValidateIssuer = true
        };
    
        options.Audience = "https://api.example.com";
        options.Authority = "https://api.example.com";
    
        options.SaveToken = true;
    });
    
    services.AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme;
    }).AddJwtBearer();