1

在我的 ASP.NET Core 3.1 MVC 应用程序中,我想将 JWT 令牌存储在 cookie 中,然后在授权期间我想中断获取用户信息。这是我如何将 JWT 令牌存储在 cookie 中的代码。

var tokenHandler = new JwtSecurityTokenHandler();
var secrect = configuration.GetValue<string>("Secret");
var key = Encoding.ASCII.GetBytes(secrect);

var tokenDescriptor = new SecurityTokenDescriptor
{
    Subject = new ClaimsIdentity(new Claim[]
    {
         new Claim(ClaimTypes.Name, user.UserName),
         new Claim(ClaimTypes.NameIdentifier, user.UserId.ToString())
    }),
         Expires = DateTime.UtcNow.AddDays(1),
         SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key),
              SecurityAlgorithms.HmacSha256Signature)
 };

 var token = tokenHandler.CreateToken(tokenDescriptor);

 var cookieOptions = new CookieOptions
 {
      // Set the secure flag, which Chrome's changes will require for SameSite none.
      // Note this will also require you to be running on HTTPS.
      Secure = false,

      // Set the cookie to HTTP only which is good practice unless you really do need
      // to access it client side in scripts.
      HttpOnly = false,

      // Add the SameSite attribute, this will emit the attribute with a value of none.
      // To not emit the attribute at all set
      // SameSite = (SameSiteMode)(-1)
      // SameSite = SameSiteMode.Lax
 };

 //// Add the cookie to the response cookie collection
 Response.Cookies.Append("auth-cookie", token.ToString(), cookieOptions);
4

1 回答 1

0

您可以使用以下代码:

var secrect = configuration.GetValue<string>("Secret");
var key = Encoding.ASCII.GetBytes(secrect);
SecurityToken validatedToken;
TokenValidationParameters validationParameters = new TokenValidationParameters();

validationParameters.ValidateLifetime = true;
validationParameters.IssuerSigningKey = new SymmetricSecurityKey(key);

ClaimsPrincipal principal = new JwtSecurityTokenHandler().ValidateToken(jwtToken, validationParameters, out validatedToken);

然后访问值:

principal.Claims.SingleOrDefault(c => c.Type == ClaimTypes.Name)?.Value;
于 2020-11-08T09:41:21.330 回答