Xác thực JWT dựa theo Role trong ASP.NET Core Web API 5
Xác thực JWT dựa theo Role trong ASP.NET Core Web API 5
Chuẩn bị:
- Microsoft Visual Studio Community 2019 Preview - Version 16.8.0 Preview 1.0
- SDK .NET Core 5.0.100-preview.7.20366.6
- Postman for Windows - Version 7.30.1 - win32 10.0.17134 / x64
- Google Chrome Google - version 84.0.4147.125 (Official Build) (64-bit)
- SQL Server Management Studio version 18.6
- Microsoft SQL Server 2019 (RTM) - 15.0.2000.5 (X64)
File dotnet5_jwt.csproj
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net5.0</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="5.0.0-preview.7.20365.19" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.7.2-preview-10803222715" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.7.2-preview-10803222715" />
</ItemGroup>
</Project>
using Microsoft.AspNetCore.Mvc;
namespace dotnet5_jwt.Controllers
{
[Route("api/[controller]")]
[ApiController]
public class AuthController : ControllerBase
{
[HttpPost("token")]
public ActionResult GetToken()
{
return Ok("Hello from API");
}
}
}
Bổ sung thêm:
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Text;
namespace dotnet5_jwt.Controllers
{
[Route("api/[controller]")]
[ApiController]
public class AuthController : ControllerBase
{
[HttpPost("token")]
public ActionResult GetToken()
{
// security key
string securityKey = "this_is_super_long_security_key_for_token_validation_project_2018_09_07$smesk.in";
// symmetric security key
var symmetricSecurityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(securityKey));
// signing credentials
var signingCredentials = new SigningCredentials(symmetricSecurityKey, SecurityAlgorithms.HmacSha256Signature);
// create token
var token = new JwtSecurityToken(
issuer: "smesk.in",
audience: "readers",
expires: DateTime.Now.AddHours(1),
signingCredentials: signingCredentials
);
// return token
return Ok(new JwtSecurityTokenHandler().WriteToken(token));
}
}
}
File Startup.cs ban đầu
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
namespace dotnet5_jwt
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}
File Startup.cs bổ sung thêm phần JWT
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Tokens;
using System.Text;
namespace dotnet5_jwt
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
string securityKey = "this_is_super_long_security_key_for_token_validation_project_2018_09_07$smesk.in";
var symmetricSecurityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(securityKey));
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options => options.TokenValidationParameters = new TokenValidationParameters
{
// What to validate.
ValidateIssuer = true,
ValidateAudience = true,
ValidateIssuerSigningKey = true,
// Setup validate data
ValidIssuer = "smkesk.in",
ValidAudience = "readers",
IssuerSigningKey = symmetricSecurityKey
});
services.AddControllers();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseAuthentication();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}
Debug JWT token
Update
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Collections.Generic;
using System.Linq;
namespace dotnet5_jwt.Controllers
{
[Route("/api/[controller]")]
[ApiController]
[Authorize(Roles = "Administrator")]
public class ValuesController : ControllerBase
{
[HttpGet("get-my-id")]
public ActionResult<string> GetMyId()
{
var idClaim = User.Claims.FirstOrDefault(x => x.Type.Equals("id", StringComparison.InvariantCultureIgnoreCase));
if (idClaim != null)
{
return Ok($"This is your Id: {idClaim.Value}");
}
return BadRequest("No claim");
}
// GET api/values
[HttpGet]
public ActionResult<IEnumerable<string>> Get()
{
return new string[] { "value1", "value2" };
}
// GET api/values/5
[HttpGet("{id}")]
public ActionResult<string> Get(int id)
{
return "value";
}
// POST api/values
[HttpPost]
public void Post([FromBody] string value)
{
}
// PUT api/values/5
[HttpPut("{id}")]
public void Put(int id, [FromBody] string value)
{
}
// DELETE api/values/5
[HttpDelete("{id}")]
public void Delete(int id)
{
}
}
}
update
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Text;
using System.Security.Claims;
using System.Collections.Generic;
namespace dotnet5_jwt.Controllers
{
[Route("api/[controller]")]
[ApiController]
public class AuthController : ControllerBase
{
[HttpPost("token")]
public ActionResult GetToken()
{
// security key
string securityKey = "this_is_super_long_security_key_for_token_validation_project_2018_09_07$smesk.in";
// symmetric security key
var symmetricSecurityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(securityKey));
// signing credentials
var signingCredentials = new SigningCredentials(symmetricSecurityKey, SecurityAlgorithms.HmacSha256Signature);
//add claims
var claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.Role, "Administrator"));
claims.Add(new Claim(ClaimTypes.Role, "Reader"));
claims.Add(new Claim("Our_Custom_Claim", "Our custom value"));
claims.Add(new Claim("Id", "110"));
// create token
var token = new JwtSecurityToken(
issuer: "smesk.in",
audience: "readers",
expires: DateTime.Now.AddHours(1),
signingCredentials: signingCredentials,
claims : claims
);
// return token
return Ok(new JwtSecurityTokenHandler().WriteToken(token));
}
}
}
source code: https://github.com/donhuvy/dotnet5_jwt
All Rights Reserved