blocks|key|133710|text|要实现您所描述的内容，您将需要一个OAuth2/OpenID+Connect授权服务器和一个为API验证访问令牌的中间件。ASP.NET曾经提供过OAuthAuthorizationServerMiddleware，但是现在它已经不存在于Katana核心中了。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|133711|我建议看一下AspNet.Security.OpenIdConnect.Server，，这是您提到的教程所使用的OAuth2授权服务器中间件的实验分支:有一个OWIN/Katana+3版本，以及一个支持net451+(.NET桌面)和netstandard1.4+(与.NET核心兼容)的netstandard1.4核心版本。|BOLD|133712|https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server|133713|不要错过MVC+Core示例，该示例展示了如何使用AspNet.Security.OpenIdConnect.Server配置OpenID连接授权服务器，以及如何验证由服务器中间件https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/blob/dev/samples/Mvc/Mvc.Server/Startup.cs发出的加密访问令牌|133714|您还可以阅读这篇博客文章，其中解释了如何实现资源所有者密码授予，这是基本身份验证的OAuth2等价物：http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-implementing-the-resource-owner-password-credentials-grant/|133715|Startup.cs|133716|public+class+Startup
{
++++public+void+ConfigureServices(IServiceCollection+services)
++++{
++++++++services.AddAuthentication();
++++}

++++public+void+Configure(IApplicationBuilder+app)
++++{
++++++++//+Add+a+new+middleware+validating+the+encrypted
++++++++//+access+tokens+issued+by+the+OIDC+server.
++++++++app.UseOAuthValidation();

++++++++//+Add+a+new+middleware+issuing+tokens.
++++++++app.UseOpenIdConnectServer(options+=>
++++++++{
++++++++++++options.TokenEndpointPath+=+"/connect/token";

++++++++++++//+Override+OnValidateTokenRequest+to+skip+client+authentication.
++++++++++++options.Provider.OnValidateTokenRequest+=+context+=>
++++++++++++{
++++++++++++++++//+Reject+the+token+requests+that+don't+use
++++++++++++++++//+grant_type=password+or+grant_type=refresh_token.
++++++++++++++++if+(!context.Request.IsPasswordGrantType()+&&
++++++++++++++++++++!context.Request.IsRefreshTokenGrantType())
++++++++++++++++{
++++++++++++++++++++context.Reject(
++++++++++++++++++++++++error:+OpenIdConnectConstants.Errors.UnsupportedGrantType,
++++++++++++++++++++++++description:+"Only+grant_type=password+and+refresh_token+"+%2B
+++++++++++++++++++++++++++++++++++++"requests+are+accepted+by+this+
++++++++++++++++++++return+Task.FromResult(0);
++++++++++++++++}

++++++++++++++++//+Since+there's+only+one+application+and+since+it's+a+public+client
++++++++++++++++//+(i.e+a+client+that+cannot+keep+its+credentials+private),
++++++++++++++++//+call+Skip()+to+inform+the+server+the+request+should+be
++++++++++++++++//+accepted+without+enforcing+client+authentication.
++++++++++++++++context.Skip();

++++++++++++++++return+Task.FromResult(0);
++++++++++++};

++++++++++++//+Override+OnHandleTokenRequest+to+support
++++++++++++//+grant_type=password+token+requests.
++++++++++++options.Provider.OnHandleTokenRequest+=+context+=>
++++++++++++{
++++++++++++++++//+Only+handle+grant_type=password+token+requests+and+let+the
++++++++++++++++//+OpenID+Connect+server+middleware+handle+the+other+grant+types.
++++++++++++++++if+(context.Request.IsPasswordGrantType())
++++++++++++++++{
++++++++++++++++++++//+Do+your+credentials+validation+here.
++++++++++++++++++++//+Note:+you+can+call+Reject()+with+a+message
++++++++++++++++++++//+to+indicate+that+authentication+failed.

++++++++++++++++++++var+identity+=+new+ClaimsIdentity(context.Options.AuthenticationScheme);
++++++++++++++++++++identity.AddClaim(OpenIdConnectConstants.Claims.Subject,+"[unique+id]");

++++++++++++++++++++//+By+default,+claims+are+not+serialized
++++++++++++++++++++//+in+the+access+and+identity+tokens.
++++++++++++++++++++//+Use+the+overload+taking+a+"destinations"
++++++++++++++++++++//+parameter+to+make+sure+your+claims
++++++++++++++++++++//+are+correctly+inserted+in+the+appropriate+tokens.
++++++++++++++++++++identity.AddClaim("urn:customclaim",+"value",
++++++++++++++++++++++++OpenIdConnectConstants.Destinations.AccessToken,
++++++++++++++++++++++++OpenIdConnectConstants.Destinations.IdentityToken);

++++++++++++++++++++var+ticket+=+new+AuthenticationTicket(
++++++++++++++++++++++++new+ClaimsPrincipal(identity),
++++++++++++++++++++++++new+AuthenticationProperties(),
++++++++++++++++++++++++context.Options.AuthenticationScheme);

++++++++++++++++++++//+Call+SetScopes+with+the+list+of+scopes+you+want+to+grant
++++++++++++++++++++//+(specify+offline_access+to+issue+a+refresh+token).
++++++++++++++++++++ticket.SetScopes("profile",+"offline_access");

++++++++++++++++++++context.Validate(ticket);
++++++++++++++++}

++++++++++++++++return+Task.FromResult(0);
++++++++++++};
++++++++});
++++}
}|code-block|syntax|javascript|133717|project.json|133718|{
++"dependencies":+{
++++"AspNet.Security.OAuth.Validation":+"1.0.0",
++++"AspNet.Security.OpenIdConnect.Server":+"1.0.0"
++}
}|133719|祝好运!|133720|entityMap|0|LINK|mutability|MUTABLE|url|1|https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/blob/dev/samples/Mvc/Mvc.Server/Startup.cs|2|http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-implementing-the-resource-owner-password-credentials-grant/^0|21|Y|0|6|10|2T|6|39|E|40|E|0|0|1Y|0|0|P|10|2I|35|1|0|1F|3Z|2|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|1C|8|@$9|1D|A|1E|B|C]]|D|@]|E|$]]|$1|F|3|G|5|6|7|1F|8|@$9|1G|A|1H|B|H]|$9|1I|A|1J|B|C]|$9|1K|A|1L|B|C]|$9|1M|A|1N|B|C]]|D|@]|E|$]]|$1|I|3|J|5|6|7|1O|8|@]|D|@$9|1P|A|1Q|1|1R]]|E|$]]|$1|K|3|L|5|6|7|1S|8|@$9|1T|A|1U|B|H]]|D|@$9|1V|A|1W|1|1X]]|E|$]]|$1|M|3|N|5|6|7|1Y|8|@]|D|@$9|1Z|A|20|1|21]]|E|$]]|$1|O|3|P|5|6|7|22|8|@]|D|@]|E|$]]|$1|Q|3|R|5|S|7|23|8|@]|D|@]|E|$T|U]]|$1|V|3|W|5|6|7|24|8|@]|D|@]|E|$]]|$1|X|3|Y|5|S|7|25|8|@]|D|@]|E|$T|U]]|$1|Z|3|10|5|6|7|26|8|@]|D|@]|E|$]]|$1|11|3|-4|5|6|7|27|8|@]|D|@]|E|$]]]|12|$13|$5|14|15|16|E|$17|J]]|18|$5|14|15|16|E|$17|19]]|1A|$5|14|15|16|E|$17|1B]]]]

To achieve what you describe, you'll need both an OAuth2/OpenID Connect authorization server and a middleware validating access tokens for your API.
Katana used to offer an <code>OAuthAuthorizationServerMiddleware</code>, but it doesn't exist anymore in ASP.NET Core.

I suggest having a look to AspNet.Security.OpenIdConnect.Server, an experimental fork of the OAuth2 authorization server middleware which is used by the tutorial you mentioned: there's an OWIN/Katana 3 version, and an ASP.NET Core version that supports both <code>net451</code> (.NET Desktop) and <code>netstandard1.4</code> (compatible with .NET Core).

<a href="https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server" rel="nofollow noreferrer">https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server</a>

Don't miss the MVC Core sample that shows how to configure an OpenID Connect authorization server using AspNet.Security.OpenIdConnect.Server and how to validate the encrypted access tokens issued by the server middleware: <a href="https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/blob/dev/samples/Mvc/Mvc.Server/Startup.cs" rel="nofollow noreferrer">https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/blob/dev/samples/Mvc/Mvc.Server/Startup.cs</a>

You can also read this blog post, that explains how to implement the resource owner password grant, which is the OAuth2 equivalent of basic authentication: <a href="http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-implementing-the-resource-owner-password-credentials-grant/" rel="nofollow noreferrer">http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-implementing-the-resource-owner-password-credentials-grant/</a>

<h2>Startup.cs</h2>

<pre><code>public class Startup
{
 public void ConfigureServices(IServiceCollection services)
 {
 services.AddAuthentication();
 }

 public void Configure(IApplicationBuilder app)
 {
 // Add a new middleware validating the encrypted
 // access tokens issued by the OIDC server.
 app.UseOAuthValidation();

 // Add a new middleware issuing tokens.
 app.UseOpenIdConnectServer(options =&gt;
 {
 options.TokenEndpointPath = "/connect/token";

 // Override OnValidateTokenRequest to skip client authentication.
 options.Provider.OnValidateTokenRequest = context =&gt;
 {
 // Reject the token requests that don't use
 // grant_type=password or grant_type=refresh_token.
 if (!context.Request.IsPasswordGrantType() &amp;&amp;
 !context.Request.IsRefreshTokenGrantType())
 {
 context.Reject(
 error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
 description: "Only grant_type=password and refresh_token " +
 "requests are accepted by this 
 return Task.FromResult(0);
 }

 // Since there's only one application and since it's a public client
 // (i.e a client that cannot keep its credentials private),
 // call Skip() to inform the server the request should be
 // accepted without enforcing client authentication.
 context.Skip();

 return Task.FromResult(0);
 };

 // Override OnHandleTokenRequest to support
 // grant_type=password token requests.
 options.Provider.OnHandleTokenRequest = context =&gt;
 {
 // Only handle grant_type=password token requests and let the
 // OpenID Connect server middleware handle the other grant types.
 if (context.Request.IsPasswordGrantType())
 {
 // Do your credentials validation here.
 // Note: you can call Reject() with a message
 // to indicate that authentication failed.

 var identity = new ClaimsIdentity(context.Options.AuthenticationScheme);
 identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "[unique id]");

 // By default, claims are not serialized
 // in the access and identity tokens.
 // Use the overload taking a "destinations"
 // parameter to make sure your claims
 // are correctly inserted in the appropriate tokens.
 identity.AddClaim("urn:customclaim", "value",
 OpenIdConnectConstants.Destinations.AccessToken,
 OpenIdConnectConstants.Destinations.IdentityToken);

 var ticket = new AuthenticationTicket(
 new ClaimsPrincipal(identity),
 new AuthenticationProperties(),
 context.Options.AuthenticationScheme);

 // Call SetScopes with the list of scopes you want to grant
 // (specify offline_access to issue a refresh token).
 ticket.SetScopes("profile", "offline_access");

 context.Validate(ticket);
 }

 return Task.FromResult(0);
 };
 });
 }
}
</code></pre>

<h2>project.json</h2>

<pre><code>{
 "dependencies": {
 "AspNet.Security.OAuth.Validation": "1.0.0",
 "AspNet.Security.OpenIdConnect.Server": "1.0.0"
 }
}
</code></pre>

Good luck!

blocks|key|2911755|text|这实际上是another+answer+of+mine的复制品，我倾向于保持更新，因为它得到了更多的关注。这里的评论也可能对你有用！|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|2911756|针对.Net核心2进行了更新：|2911757|这个答案的以前版本使用RSA；如果生成令牌的代码也在验证令牌，那么就没有必要这么做了。但是，如果您正在分发责任，您可能仍然希望使用Microsoft.IdentityModel.Tokens.RsaSecurityKey的实例来完成此任务。|style|CODE|2911758|2911759|创建了几个我们稍后将使用的常量；下面是我所做的：|ordered-list-item|2911760|2911761|const+string+TokenAudience+=+"Myself"；const+string+TokenIssuer+=+"MyProject";|2911762|Add+this+to+your+Startup.cs's+ConfigureServices。我们稍后将使用依赖注入来访问这些设置。我假设您的authenticationConfiguration是一个ConfigurationSection或Configuration对象，这样您就可以为调试和生产使用不同的配置。确保您安全地存储您的密钥！它可以是任何字符串。|unordered-list-item|2911763|2911764|var+keySecret+=+authenticationConfiguration"JwtSigningKey"；var+symmetricKey+=authenticationConfiguration+JwtSigningKey+services.AddTransient(_+=>新JwtSignInHandler(symmetricKey))；services.AddAuthentication(选项=>+{+//这将导致默认身份验证方案为JWT。//如果没有此选项，则不会检查Authorization标头，并且//您将得不到任何结果。然而，这也意味着如果//你已经在你的应用程序中使用cookies，//默认情况下它们不会被选中。options.DefaultAuthenticateScheme+=+JwtBearerDefaults.AuthenticationScheme；})+.AddJwtBearer(options+=>+{+options.TokenValidationParameters.ValidateIssuerSigningKey+=JwtBearerDefaults.AuthenticationScheme；options.TokenValidationParameters.ValidAudience+=+symmetricKey；options.TokenValidationParameters.ValidAudience=.AddJwtBearer；})；|2911765|我见过其他答案更改了其他设置，比如ClockSkew；默认设置是这样的:它应该适用于时钟不完全同步的分布式环境。这些是您需要更改的唯一设置。|2911766|设置身份验证。在任何需要您的User信息的中间件(如app.UseMvc()+)之前，都应该有这一行。|2911767|2911768|app.UseAuthentication()；|2911769|请注意，这不会导致您的令牌与SignInManager或其他任何东西一起发出。你需要提供你自己的JWT输出机制--见下文。|2911770|你可能想要指定一个AuthorizationPolicy。这将允许您指定控制器和操作，这些控制器和操作仅允许不记名令牌作为使用[Authorize("Bearer")]的身份验证。|2911771|2911772|services.AddAuthorization(auth+=>+{+auth.AddPolicy("Bearer"，new+AuthorizationPolicyBuilder()+=>().Build())；})；|2911773|来了棘手的部分:构建令牌。|2911774|2911775|类JwtSignInHandler+{公有常量字符串TokenAudience+=“我自己”；公有常量字符串TokenIssuer+=+"MyProject"；私有只读SymmetricSecurityKey密钥；公有JwtSignInHandler(SymmetricSecurityKey+symmetricKey)+{+this.key+=+symmetricKey；}公有字符串BuildJwt(ClaimsPrincipal主体){+var+creds+=新SigningCredentials(key，SecurityAlgorithms.HmacSha256)；var+JwtSecurityToken=新令牌(颁发者:+TokenIssuer，受众:+TokenAudience，声明:+principal.Claims，过期:+DateTime.Now.AddMinutes(20)，signingCredentials:凭证)；返回新的JwtSecurityTokenHandler().WriteToken(+token+)；}}|2911776|然后，在您想要令牌的控制器中，如下所示：|2911777|新公有字符串AnonymousSignIn(FromServices+JwtSignInHandler+tokenFactory)+{+var+System.Security.Claims.ClaimsPrincipal=new[](System.Security.Claims.ClaimsIdentity{new[]{新var“演示用户”)+})+})；tokenFactory.BuildJwt(tokenFactory.BuildJwt)；}|2911778|在这里，我假设你已经有了一个校长。如果您使用的是标识，则可以使用IUserClaimsPrincipalFactory<>将您的User转换为测试:获取一个令牌，将其放入jwt.io的形式中。我上面提供的说明还允许您使用配置中的秘密来验证您在HTML页面上的部分视图中呈现的signature!|2911779|If，结合.Net+4.5中的仅限持有者身份验证，您现在可以使用ViewComponent来做同样的事情。它与上面的控制器操作代码基本相同。|2911780|2911781|entityMap|0|LINK|mutability|MUTABLE|url|https://stackoverflow.com/a/29698502/195653|1|https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.iuserclaimsprincipalfactory-1?view=aspnetcore-2.0|2|https://jwt.io/^0|5|M|0|0|0|1T|19|0|0|0|0|0|U|H|20|R|2U|K|3F|D|0|0|0|H|9|0|E|4|Q|C|0|0|0|E|D|0|9|J|1R|L|0|0|0|0|0|0|0|0|W|T|1S|4|W|T|1|2D|6|2|0|W|D|0|0^^$0|@$1|2|3|4|5|6|7|20|8|@]|9|@$A|21|B|22|1|23]]|C|$]]|$1|D|3|E|5|6|7|24|8|@]|9|@]|C|$]]|$1|F|3|G|5|6|7|25|8|@$A|26|B|27|H|I]]|9|@]|C|$]]|$1|J|3|-4|5|6|7|28|8|@]|9|@]|C|$]]|$1|K|3|L|5|M|7|29|8|@]|9|@]|C|$]]|$1|N|3|-4|5|6|7|2A|8|@]|9|@]|C|$]]|$1|O|3|P|5|6|7|2B|8|@]|9|@]|C|$]]|$1|Q|3|R|5|S|7|2C|8|@$A|2D|B|2E|H|I]|$A|2F|B|2G|H|I]|$A|2H|B|2I|H|I]|$A|2J|B|2K|H|I]]|9|@]|C|$]]|$1|T|3|-4|5|6|7|2L|8|@]|9|@]|C|$]]|$1|U|3|V|5|6|7|2M|8|@]|9|@]|C|$]]|$1|W|3|X|5|6|7|2N|8|@$A|2O|B|2P|H|I]]|9|@]|C|$]]|$1|Y|3|Z|5|S|7|2Q|8|@$A|2R|B|2S|H|I]|$A|2T|B|2U|H|I]]|9|@]|C|$]]|$1|10|3|-4|5|6|7|2V|8|@]|9|@]|C|$]]|$1|11|3|12|5|6|7|2W|8|@]|9|@]|C|$]]|$1|13|3|14|5|6|7|2X|8|@$A|2Y|B|2Z|H|I]]|9|@]|C|$]]|$1|15|3|16|5|S|7|30|8|@$A|31|B|32|H|I]|$A|33|B|34|H|I]]|9|@]|C|$]]|$1|17|3|-4|5|6|7|35|8|@]|9|@]|C|$]]|$1|18|3|19|5|6|7|36|8|@]|9|@]|C|$]]|$1|1A|3|1B|5|S|7|37|8|@]|9|@]|C|$]]|$1|1C|3|-4|5|6|7|38|8|@]|9|@]|C|$]]|$1|1D|3|1E|5|6|7|39|8|@]|9|@]|C|$]]|$1|1F|3|1G|5|6|7|3A|8|@]|9|@]|C|$]]|$1|1H|3|1I|5|6|7|3B|8|@]|9|@]|C|$]]|$1|1J|3|1K|5|6|7|3C|8|@$A|3D|B|3E|H|I]|$A|3F|B|3G|H|I]]|9|@$A|3H|B|3I|1|3J]|$A|3K|B|3L|1|3M]]|C|$]]|$1|1L|3|1M|5|S|7|3N|8|@$A|3O|B|3P|H|I]]|9|@]|C|$]]|$1|1N|3|-4|5|6|7|3Q|8|@]|9|@]|C|$]]|$1|1O|3|-4|5|6|7|3R|8|@]|9|@]|C|$]]]|1P|$1Q|$5|1R|1S|1T|C|$1U|1V]]|1W|$5|1R|1S|1T|C|$1U|1X]]|1Y|$5|1R|1S|1T|C|$1U|1Z]]]]

This is really a duplicate of <a href="https://stackoverflow.com/a/29698502/195653">another answer of mine</a>, which I tend to keep more up-to-date as it gets more attention. Comments there may also be useful to you!

<h2>Updated for .Net Core 2:</h2>

Previous versions of this answer used RSA; it's really not necessary if your same code that is generating the tokens is also verifying the tokens. However, if you're distributing the responsibility, you probably still want to do this using an instance of <code>Microsoft.IdentityModel.Tokens.RsaSecurityKey</code>.

<ol>
<li>Create a few constants that we'll be using later; here's what I did:

<pre><code>const string TokenAudience = "Myself";
const string TokenIssuer = "MyProject";
</code></pre></li>
<li>Add this to your Startup.cs's <code>ConfigureServices</code>. We'll use dependency injection later to access these settings. I'm assuming that your <code>authenticationConfiguration</code> is a <code>ConfigurationSection</code> or <code>Configuration</code> object such that you can have a different config for debug and production. Make sure you store your key securely! It can be any string.

<pre><code>var keySecret = authenticationConfiguration["JwtSigningKey"];
var symmetricKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(keySecret));

services.AddTransient(_ =&gt; new JwtSignInHandler(symmetricKey));

services.AddAuthentication(options =&gt;
{
 // This causes the default authentication scheme to be JWT.
 // Without this, the Authorization header is not checked and
 // you'll get no results. However, this also means that if
 // you're already using cookies in your app, they won't be 
 // checked by default.
 options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
})
 .AddJwtBearer(options =&gt;
 {
 options.TokenValidationParameters.ValidateIssuerSigningKey = true;
 options.TokenValidationParameters.IssuerSigningKey = symmetricKey;
 options.TokenValidationParameters.ValidAudience = JwtSignInHandler.TokenAudience;
 options.TokenValidationParameters.ValidIssuer = JwtSignInHandler.TokenIssuer;
 });
</code></pre>

I've seen other answers change other settings, such as <code>ClockSkew</code>; the defaults are set such that it should work for distributed environments whose clocks aren't exactly in sync. These are the only settings you need to change.</li>
<li>Set up Authentication. You should have this line before any middleware that requires your <code>User</code> info, such as <code>app.UseMvc()</code>.

<pre><code>app.UseAuthentication();
</code></pre>

Note that this will not cause your token to be emitted with the <code>SignInManager</code> or anything else. You will need to provide your own mechanism for outputting your JWT - see below.</li>
<li>You may want to specify an <code>AuthorizationPolicy</code>. This will allow you to specify controllers and actions that only allow Bearer tokens as authentication using <code>[Authorize("Bearer")]</code>.

<pre><code>services.AddAuthorization(auth =&gt;
{
 auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
 .AddAuthenticationTypes(JwtBearerDefaults.AuthenticationType)
 .RequireAuthenticatedUser().Build());
});
</code></pre></li>
<li>Here comes the tricky part: building the token.

<pre><code>class JwtSignInHandler
{
 public const string TokenAudience = "Myself";
 public const string TokenIssuer = "MyProject";
 private readonly SymmetricSecurityKey key;

 public JwtSignInHandler(SymmetricSecurityKey symmetricKey)
 {
 this.key = symmetricKey;
 }

 public string BuildJwt(ClaimsPrincipal principal)
 {
 var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

 var token = new JwtSecurityToken(
 issuer: TokenIssuer,
 audience: TokenAudience,
 claims: principal.Claims,
 expires: DateTime.Now.AddMinutes(20),
 signingCredentials: creds
 );

 return new JwtSecurityTokenHandler().WriteToken(token);
 }
}
</code></pre>

Then, in your controller where you want your token, something like the following:

<pre><code>[HttpPost]
public string AnonymousSignIn([FromServices] JwtSignInHandler tokenFactory)
{
 var principal = new System.Security.Claims.ClaimsPrincipal(new[]
 {
 new System.Security.Claims.ClaimsIdentity(new[]
 {
 new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, "Demo User")
 })
 });
 return tokenFactory.BuildJwt(principal);
}
</code></pre>

Here, I'm assuming you already have a principal. If you are using Identity, you can use <a href="https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.iuserclaimsprincipalfactory-1?view=aspnetcore-2.0" rel="nofollow noreferrer"><code>IUserClaimsPrincipalFactory&lt;&gt;</code></a> to transform your <code>User</code> into a <code>ClaimsPrincipal</code>.</li>
<li>To test it: Get a token, put it into the form at <a href="https://jwt.io/" rel="nofollow noreferrer">jwt.io</a>. The instructions I provided above also allow you to use the secret from your config to validate the signature!</li>
<li>If you were rendering this in a partial view on your HTML page in combination with the bearer-only authentication in .Net 4.5, you can now use a <code>ViewComponent</code> to do the same. It's mostly the same as the Controller Action code above.</li>
</ol>

blocks|key|135079|text|从Matt+Dekrey's+fabulous+answer开始，我创建了一个完整的基于令牌的身份验证示例，使用ASP.NET核心(1.0.1)。您可以找到完整的代码in+this+repository+on+GitHub+(+1.0.0-rc1、beta8、beta7的替代分支)，但简而言之，重要的步骤是：|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|135080|为应用程序生成密钥|style|BOLD|135081|在我的示例中，我每次启动应用程序时都会生成一个随机密钥，您需要生成一个密钥并将其存储在某个位置，然后将其提供给您的应用程序。See+this+file+for+how+I'm+generating+a+random+key+and+how+you+might+import+it+from+a+.json+file。正如@kspearrin的评论所建议的那样，Data+Protection+API似乎是“正确”管理密钥的理想候选者，但我还没有弄清楚这是否可能。如果您解决了这个问题，请提交拉取请求！|135082|Startup.cs+-+ConfigureServices|135083|在这里，我们需要为要签名的令牌加载一个私钥，我们还将使用该私钥来验证呈现的令牌。我们将键存储在一个类级变量key中，我们将在下面的Configure方法中重用该变量。TokenAuthOptions是一个简单的类，它包含我们在TokenController中创建密钥所需的签名身份、受众和颁发者。|CODE|135084|//+Replace+this+with+some+sort+of+loading+from+config+/+file.
RSAParameters+keyParams+=+RSAKeyUtils.GetRandomKey();

//+Create+the+key,+and+a+set+of+token+options+to+record+signing+credentials+
//+using+that+key,+along+with+the+other+parameters+we+will+need+in+the+
//+token+controlller.
key+=+new+RsaSecurityKey(keyParams);
tokenOptions+=+new+TokenAuthOptions()
{
++++Audience+=+TokenAudience,
++++Issuer+=+TokenIssuer,
++++SigningCredentials+=+new+SigningCredentials(key,+SecurityAlgorithms.Sha256Digest)
};

//+Save+the+token+options+into+an+instance+so+they're+accessible+to+the+
//+controller.
services.AddSingleton<TokenAuthOptions>(tokenOptions);

//+Enable+the+use+of+an+[Authorize("Bearer")]+attribute+on+methods+and
//+classes+to+protect.
services.AddAuthorization(auth+=>
{
++++auth.AddPolicy("Bearer",+new+AuthorizationPolicyBuilder()
++++++++.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme‌​)
++++++++.RequireAuthenticatedUser().Build());
});|code-block|syntax|javascript|135085|我们还设置了一个授权策略，允许我们在希望保护的端点和类上使用[Authorize("Bearer")]。|135086|Startup.cs+-配置|135087|在这里，我们需要配置JwtBearerAuthentication：|135088|app.UseJwtBearerAuthentication(new+JwtBearerOptions+{
++++TokenValidationParameters+=+new+TokenValidationParameters+{
++++++++IssuerSigningKey+=+key,
++++++++ValidAudience+=+tokenOptions.Audience,
++++++++ValidIssuer+=+tokenOptions.Issuer,

++++++++//+When+receiving+a+token,+check+that+it+is+still+valid.
++++++++ValidateLifetime+=+true,

++++++++//+This+defines+the+maximum+allowable+clock+skew+-+i.e.
++++++++//+provides+a+tolerance+on+the+token+expiry+time+
++++++++//+when+validating+the+lifetime.+As+we're+creating+the+tokens+
++++++++//+locally+and+validating+them+on+the+same+machines+which+
++++++++//+should+have+synchronised+time,+this+can+be+set+to+zero.+
++++++++//+Where+external+tokens+are+used,+some+leeway+here+could+be+
++++++++//+useful.
++++++++ClockSkew+=+TimeSpan.FromMinutes(0)
++++}
});|135089|TokenController|135090|在令牌控制器中，您需要有一个使用Startup.cs中加载的密钥生成签名密钥的方法。我们已经在Startup中注册了一个TokenAuthOptions实例，所以我们需要将它注入到TokenController的构造函数中：|135091|[Route("api/[controller]")]
public+class+TokenController+:+Controller
{
++++private+readonly+TokenAuthOptions+tokenOptions;

++++public+TokenController(TokenAuthOptions+tokenOptions)
++++{
++++++++this.tokenOptions+=+tokenOptions;
++++}
...|135092|然后，您将需要在您的处理程序中为登录端点生成令牌，在我的示例中，我使用用户名和密码并使用if语句验证它们，但您需要做的关键事情是创建或加载基于声明的身份，并为此生成令牌：|135093|public+class+AuthRequest
{
++++public+string+username+{+get;+set;+}
++++public+string+password+{+get;+set;+}
}

///+<summary>
///+Request+a+new+token+for+a+given+username/password+pair.
///+</summary>
///+<param+name="req"></param>
///+<returns></returns>
[HttpPost]
public+dynamic+Post([FromBody]+AuthRequest+req)
{
++++//+Obviously,+at+this+point+you+need+to+validate+the+username+and+password+against+whatever+system+you+wish.
++++if+((req.username+==+"TEST"+&&+req.password+==+"TEST")+%7C%7C+(req.username+==+"TEST2"+&&+req.password+==+"TEST"))
++++{
++++++++DateTime?+expires+=+DateTime.UtcNow.AddMinutes(2);
++++++++var+token+=+GetToken(req.username,+expires);
++++++++return+new+{+authenticated+=+true,+entityId+=+1,+token+=+token,+tokenExpires+=+expires+};
++++}
++++return+new+{+authenticated+=+false+};
}

private+string+GetToken(string+user,+DateTime?+expires)
{
++++var+handler+=+new+JwtSecurityTokenHandler();

++++//+Here,+you+should+create+or+look+up+an+identity+for+the+user+which+is+being+authenticated.
++++//+For+now,+just+creating+a+simple+generic+identity.
++++ClaimsIdentity+identity+=+new+ClaimsIdentity(new+GenericIdentity(user,+"TokenAuth"),+new[]+{+new+Claim("EntityID",+"1",+ClaimValueTypes.Integer)+});

++++var+securityToken+=+handler.CreateToken(new+Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor()+{
++++++++Issuer+=+tokenOptions.Issuer,
++++++++Audience+=+tokenOptions.Audience,
++++++++SigningCredentials+=+tokenOptions.SigningCredentials,
++++++++Subject+=+identity,
++++++++Expires+=+expires
++++});
++++return+handler.WriteToken(securityToken);
}|135094|应该就是这样了。只需将[Authorize("Bearer")]添加到您想要保护的任何方法或类中，如果您试图在没有令牌的情况下访问它，您应该会得到一个错误。如果您希望返回401错误而不是500错误，则需要注册一个自定义异常处理程序as+I+have+in+my+example+here。|135095|entityMap|0|LINK|mutability|MUTABLE|url|https://stackoverflow.com/a/30697031/789529|1|https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample|2|https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample/tree/rc1|3|https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample/tree/beta8|4|https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample/tree/beta7|5|https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample/blob/master/src/TokenAuthExampleWebApplication/RSAKeyUtils.cs|6|https://docs.asp.net/en/latest/security/data-protection/index.html|7|https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample/blob/master/src/TokenAuthExampleWebApplication/TokenAuthOptions.cs|8|https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample/blob/master/src/TokenAuthExampleWebApplication/Startup.cs#L83^0|1|T|0|2B|S|1|36|9|2|3G|5|3|3M|5|4|0|0|5|0|1Q|2N|5|50|J|6|0|0|U|0|1H|3|2B|G|7|0|0|U|L|0|0|E|0|0|0|0|F|0|0|0|0|0|B|L|37|S|8|0^^$0|@$1|2|3|4|5|6|7|21|8|@]|9|@$A|22|B|23|1|24]|$A|25|B|26|1|27]|$A|28|B|29|1|2A]|$A|2B|B|2C|1|2D]|$A|2E|B|2F|1|2G]]|C|$]]|$1|D|3|E|5|6|7|2H|8|@$A|2I|B|2J|F|G]]|9|@]|C|$]]|$1|H|3|I|5|6|7|2K|8|@]|9|@$A|2L|B|2M|1|2N]|$A|2O|B|2P|1|2Q]]|C|$]]|$1|J|3|K|5|6|7|2R|8|@$A|2S|B|2T|F|G]]|9|@]|C|$]]|$1|L|3|M|5|6|7|2U|8|@$A|2V|B|2W|F|N]]|9|@$A|2X|B|2Y|1|2Z]]|C|$]]|$1|O|3|P|5|Q|7|30|8|@]|9|@]|C|$R|S]]|$1|T|3|U|5|6|7|31|8|@$A|32|B|33|F|N]]|9|@]|C|$]]|$1|V|3|W|5|6|7|34|8|@$A|35|B|36|F|G]]|9|@]|C|$]]|$1|X|3|Y|5|6|7|37|8|@]|9|@]|C|$]]|$1|Z|3|10|5|Q|7|38|8|@]|9|@]|C|$R|S]]|$1|11|3|12|5|6|7|39|8|@$A|3A|B|3B|F|G]]|9|@]|C|$]]|$1|13|3|14|5|6|7|3C|8|@]|9|@]|C|$]]|$1|15|3|16|5|Q|7|3D|8|@]|9|@]|C|$R|S]]|$1|17|3|18|5|6|7|3E|8|@]|9|@]|C|$]]|$1|19|3|1A|5|Q|7|3F|8|@]|9|@]|C|$R|S]]|$1|1B|3|1C|5|6|7|3G|8|@$A|3H|B|3I|F|N]]|9|@$A|3J|B|3K|1|3L]]|C|$]]|$1|1D|3|-4|5|6|7|3M|8|@]|9|@]|C|$]]]|1E|$1F|$5|1G|1H|1I|C|$1J|1K]]|1L|$5|1G|1H|1I|C|$1J|1M]]|1N|$5|1G|1H|1I|C|$1J|1O]]|1P|$5|1G|1H|1I|C|$1J|1Q]]|1R|$5|1G|1H|1I|C|$1J|1S]]|1T|$5|1G|1H|1I|C|$1J|1U]]|1V|$5|1G|1H|1I|C|$1J|1W]]|1X|$5|1G|1H|1I|C|$1J|1Y]]|1Z|$5|1G|1H|1I|C|$1J|20]]]]

Working from <a href="https://stackoverflow.com/a/30697031/789529">Matt Dekrey's fabulous answer</a>, I've created a fully working example of token-based authentication, working against ASP.NET Core (1.0.1). You can find the full code <a href="https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample" rel="noreferrer">in this repository on GitHub</a> (alternative branches for <a href="https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample/tree/rc1" rel="noreferrer">1.0.0-rc1</a>, <a href="https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample/tree/beta8" rel="noreferrer">beta8</a>, <a href="https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample/tree/beta7" rel="noreferrer">beta7</a>), but in brief, the important steps are:

Generate a key for your application

In my example, I generate a random key each time the app starts, you'll need to generate one and store it somewhere and provide it to your application. <a href="https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample/blob/master/src/TokenAuthExampleWebApplication/RSAKeyUtils.cs" rel="noreferrer">See this file for how I'm generating a random key and how you might import it from a .json file</a>. As suggested in the comments by @kspearrin, the <a href="https://docs.asp.net/en/latest/security/data-protection/index.html" rel="noreferrer">Data Protection API</a> seems like an ideal candidate for managing the keys "correctly", but I've not worked out if that's possible yet. Please submit a pull request if you work it out! 

Startup.cs - ConfigureServices

Here, we need to load a private key for our tokens to be signed with, which we will also use to verify tokens as they are presented. We're storing the key in a class-level variable <code>key</code> which we'll re-use in the Configure method below. <a href="https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample/blob/master/src/TokenAuthExampleWebApplication/TokenAuthOptions.cs" rel="noreferrer">TokenAuthOptions</a> is a simple class which holds the signing identity, audience and issuer that we'll need in the TokenController to create our keys.

<pre><code>// Replace this with some sort of loading from config / file.
RSAParameters keyParams = RSAKeyUtils.GetRandomKey();

// Create the key, and a set of token options to record signing credentials 
// using that key, along with the other parameters we will need in the 
// token controlller.
key = new RsaSecurityKey(keyParams);
tokenOptions = new TokenAuthOptions()
{
 Audience = TokenAudience,
 Issuer = TokenIssuer,
 SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.Sha256Digest)
};

// Save the token options into an instance so they're accessible to the 
// controller.
services.AddSingleton&lt;TokenAuthOptions&gt;(tokenOptions);

// Enable the use of an [Authorize("Bearer")] attribute on methods and
// classes to protect.
services.AddAuthorization(auth =&gt;
{
 auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
 .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme‌​)
 .RequireAuthenticatedUser().Build());
});
</code></pre>

We've also set up an authorization policy to allow us to use <code>[Authorize("Bearer")]</code> on the endpoints and classes we wish to protect.

Startup.cs - Configure

Here, we need to configure the JwtBearerAuthentication:

<pre><code>app.UseJwtBearerAuthentication(new JwtBearerOptions {
 TokenValidationParameters = new TokenValidationParameters {
 IssuerSigningKey = key,
 ValidAudience = tokenOptions.Audience,
 ValidIssuer = tokenOptions.Issuer,

 // When receiving a token, check that it is still valid.
 ValidateLifetime = true,

 // This defines the maximum allowable clock skew - i.e.
 // provides a tolerance on the token expiry time 
 // when validating the lifetime. As we're creating the tokens 
 // locally and validating them on the same machines which 
 // should have synchronised time, this can be set to zero. 
 // Where external tokens are used, some leeway here could be 
 // useful.
 ClockSkew = TimeSpan.FromMinutes(0)
 }
});
</code></pre>

TokenController

In the token controller, you need to have a method to generate signed keys using the key that was loaded in Startup.cs. We've registered a TokenAuthOptions instance in Startup, so we need to inject that in the constructor for TokenController:

<pre><code>[Route("api/[controller]")]
public class TokenController : Controller
{
 private readonly TokenAuthOptions tokenOptions;

 public TokenController(TokenAuthOptions tokenOptions)
 {
 this.tokenOptions = tokenOptions;
 }
...
</code></pre>

Then you'll need to generate the token in your handler for the login endpoint, in my example I'm taking a username and password and validating those using an if statement, but the key thing you need to do is create or load a claims-based identity and generate the token for that:

<pre><code>public class AuthRequest
{
 public string username { get; set; }
 public string password { get; set; }
}

/// &lt;summary&gt;
/// Request a new token for a given username/password pair.
/// &lt;/summary&gt;
/// &lt;param name="req"&gt;&lt;/param&gt;
/// &lt;returns&gt;&lt;/returns&gt;
[HttpPost]
public dynamic Post([FromBody] AuthRequest req)
{
 // Obviously, at this point you need to validate the username and password against whatever system you wish.
 if ((req.username == "TEST" &amp;&amp; req.password == "TEST") || (req.username == "TEST2" &amp;&amp; req.password == "TEST"))
 {
 DateTime? expires = DateTime.UtcNow.AddMinutes(2);
 var token = GetToken(req.username, expires);
 return new { authenticated = true, entityId = 1, token = token, tokenExpires = expires };
 }
 return new { authenticated = false };
}

private string GetToken(string user, DateTime? expires)
{
 var handler = new JwtSecurityTokenHandler();

 // Here, you should create or look up an identity for the user which is being authenticated.
 // For now, just creating a simple generic identity.
 ClaimsIdentity identity = new ClaimsIdentity(new GenericIdentity(user, "TokenAuth"), new[] { new Claim("EntityID", "1", ClaimValueTypes.Integer) });

 var securityToken = handler.CreateToken(new Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor() {
 Issuer = tokenOptions.Issuer,
 Audience = tokenOptions.Audience,
 SigningCredentials = tokenOptions.SigningCredentials,
 Subject = identity,
 Expires = expires
 });
 return handler.WriteToken(securityToken);
}
</code></pre>

And that should be it. Just add <code>[Authorize("Bearer")]</code> to any method or class you want to protect, and you should get an error if you attempt to access it without a token present. If you want to return a 401 instead of a 500 error, you'll need to register a custom exception handler <a href="https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample/blob/master/src/TokenAuthExampleWebApplication/Startup.cs#L83" rel="noreferrer">as I have in my example here</a>.

blocks|key|2912016|text|您可以使用OpenIddict来提供令牌(登录)，然后在访问接口/控制器时使用UseJwtBearerAuthentication来验证它们。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|2912017|这基本上就是您在Startup.cs中需要的所有配置|2912018|ConfigureServices:|BOLD|2912019|services.AddIdentity<ApplicationUser,+ApplicationRole>()
++++.AddEntityFrameworkStores<ApplicationDbContext>()
++++.AddDefaultTokenProviders()
++++//+this+line+is+added+for+OpenIddict+to+plug+in
++++.AddOpenIddictCore<Application>(config+=>+config.UseEntityFramework());|code-block|syntax|javascript|2912020|配置|2912021|app.UseOpenIddictCore(builder+=>
{
++++//+here+you+tell+openiddict+you're+wanting+to+use+jwt+tokens
++++builder.Options.UseJwtTokens();
++++//+NOTE:+for+dev+consumption+only!+for+live,+this+is+not+encouraged!
++++builder.Options.AllowInsecureHttp+=+true;
++++builder.Options.ApplicationCanDisplayErrors+=+true;
});

//+use+jwt+bearer+authentication+to+validate+the+tokens
app.UseJwtBearerAuthentication(options+=>
{
++++options.AutomaticAuthenticate+=+true;
++++options.AutomaticChallenge+=+true;
++++options.RequireHttpsMetadata+=+false;
++++//+must+match+the+resource+on+your+token+request
++++options.Audience+=+"http://localhost:58292/";
++++options.Authority+=+"http://localhost:58292/";
});|2912022|还有一两件小事，比如你的DbContext需要从OpenIddictContext<ApplicationUser,+Application,+ApplicationRole,+string>派生。|2912023|您可以在我的这篇博客文章中看到完整的解释(包括功能github存储库)：http://capesean.co.za/blog/asp-net-5-jwt-tokens/|2912024|entityMap|0|LINK|mutability|MUTABLE|url|https://github.com/openiddict|1|http://capesean.co.za/blog/asp-net-5-jwt-tokens/^0|13|Q|5|A|0|0|8|A|0|0|I|0|0|0|2|0|0|O|20|0|10|1C|1|0^^$0|@$1|2|3|4|5|6|7|17|8|@$9|18|A|19|B|C]]|D|@$9|1A|A|1B|1|1C]]|E|$]]|$1|F|3|G|5|6|7|1D|8|@$9|1E|A|1F|B|C]]|D|@]|E|$]]|$1|H|3|I|5|6|7|1G|8|@$9|1H|A|1I|B|J]]|D|@]|E|$]]|$1|K|3|L|5|M|7|1J|8|@]|D|@]|E|$N|O]]|$1|P|3|Q|5|6|7|1K|8|@$9|1L|A|1M|B|J]]|D|@]|E|$]]|$1|R|3|S|5|M|7|1N|8|@]|D|@]|E|$N|O]]|$1|T|3|U|5|6|7|1O|8|@$9|1P|A|1Q|B|C]]|D|@]|E|$]]|$1|V|3|W|5|6|7|1R|8|@]|D|@$9|1S|A|1T|1|1U]]|E|$]]|$1|X|3|-4|5|6|7|1V|8|@]|D|@]|E|$]]]|Y|$Z|$5|10|11|12|E|$13|14]]|15|$5|10|11|12|E|$13|16]]]]

You can use <a href="https://github.com/openiddict" rel="nofollow">OpenIddict</a> to serve the tokens (logging in) and then use <code>UseJwtBearerAuthentication</code> to validate them when an API/Controller is accessed.

This is essentially all the configuration you need in <code>Startup.cs</code>:

ConfigureServices:

<pre><code>services.AddIdentity&lt;ApplicationUser, ApplicationRole&gt;()
 .AddEntityFrameworkStores&lt;ApplicationDbContext&gt;()
 .AddDefaultTokenProviders()
 // this line is added for OpenIddict to plug in
 .AddOpenIddictCore&lt;Application&gt;(config =&gt; config.UseEntityFramework());
</code></pre>

Configure

<pre><code>app.UseOpenIddictCore(builder =&gt;
{
 // here you tell openiddict you're wanting to use jwt tokens
 builder.Options.UseJwtTokens();
 // NOTE: for dev consumption only! for live, this is not encouraged!
 builder.Options.AllowInsecureHttp = true;
 builder.Options.ApplicationCanDisplayErrors = true;
});

// use jwt bearer authentication to validate the tokens
app.UseJwtBearerAuthentication(options =&gt;
{
 options.AutomaticAuthenticate = true;
 options.AutomaticChallenge = true;
 options.RequireHttpsMetadata = false;
 // must match the resource on your token request
 options.Audience = "http://localhost:58292/";
 options.Authority = "http://localhost:58292/";
});
</code></pre>

There are one or two other minor things, such as your DbContext needs to derive from <code>OpenIddictContext&lt;ApplicationUser, Application, ApplicationRole, string&gt;</code>.

You can see a full length explanation (including the functioning github repo) on this blog post of mine:
<a href="http://capesean.co.za/blog/asp-net-5-jwt-tokens/" rel="nofollow">http://capesean.co.za/blog/asp-net-5-jwt-tokens/</a>

blocks|key|2912034|text|您可以查看OpenId连接示例，其中演示了如何处理不同的身份验证机制，包括JWT令牌：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2912035|https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Samples|offset|length|2912036|如果您查看Cordova后端项目，API的配置如下所示：|2912037|app.UseWhen(context+=>+context.Request.Path.StartsWithSegments(new+PathString("/api")),+
++++++branch+=>+{
++++++++++++++++branch.UseJwtBearerAuthentication(options+=>+{
++++++++++++++++++++options.AutomaticAuthenticate+=+true;
++++++++++++++++++++options.AutomaticChallenge+=+true;
++++++++++++++++++++options.RequireHttpsMetadata+=+false;
++++++++++++++++++++options.Audience+=+"localhost:54540";
++++++++++++++++++++options.Authority+=+"localhost:54540";
++++++++++++++++});
++++});|code-block|syntax|javascript|2912038|/Providers/AuthorizationProvider.cs中的逻辑和该项目的RessourceController也值得一看;)。|2912039|此外，我使用Aurelia前端框架和ASP.NET核心实现了一个基于令牌的身份验证实现的单页面应用程序。还有一个信号R持久连接。然而，我还没有做过任何DB实现。代码可以在这里看到：https://github.com/alexandre-spieser/AureliaAspNetCoreAuth|2912040|希望这能帮上忙|2912041|最好的|2912042|亚历克斯|2912043|entityMap|0|LINK|mutability|MUTABLE|url|1|https://github.com/alexandre-spieser/AureliaAspNetCoreAuth^0|0|0|1Z|0|0|0|0|0|2I|1M|1|0|0|0|0^^$0|@$1|2|3|4|5|6|7|15|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|16|8|@]|9|@$D|17|E|18|1|19]]|A|$]]|$1|F|3|G|5|6|7|1A|8|@]|9|@]|A|$]]|$1|H|3|I|5|J|7|1B|8|@]|9|@]|A|$K|L]]|$1|M|3|N|5|6|7|1C|8|@]|9|@]|A|$]]|$1|O|3|P|5|6|7|1D|8|@]|9|@$D|1E|E|1F|1|1G]]|A|$]]|$1|Q|3|R|5|6|7|1H|8|@]|9|@]|A|$]]|$1|S|3|T|5|6|7|1I|8|@]|9|@]|A|$]]|$1|U|3|V|5|6|7|1J|8|@]|9|@]|A|$]]|$1|W|3|-4|5|6|7|1K|8|@]|9|@]|A|$]]]|X|$Y|$5|Z|10|11|A|$12|C]]|13|$5|Z|10|11|A|$12|14]]]]

You can have a look at the OpenId connect samples which illustrate how to deal with different authentication mechanisms, including JWT Tokens:

<a href="https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Samples" rel="nofollow noreferrer">https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Samples</a>

If you look at the Cordova Backend project, the configuration for the API is like so:

<pre><code>app.UseWhen(context =&gt; context.Request.Path.StartsWithSegments(new PathString("/api")), 
 branch =&gt; {
 branch.UseJwtBearerAuthentication(options =&gt; {
 options.AutomaticAuthenticate = true;
 options.AutomaticChallenge = true;
 options.RequireHttpsMetadata = false;
 options.Audience = "localhost:54540";
 options.Authority = "localhost:54540";
 });
 });
</code></pre>

The logic in /Providers/AuthorizationProvider.cs and the RessourceController of that project are also worth having a look at ;).

Moreover, I have implemented a single page application with token based authentication implementation using the Aurelia front end framework and ASP.NET core. There is also a signal R persistent connection. However I have not done any DB implementation.
Code can be seen here: 
<a href="https://github.com/alexandre-spieser/AureliaAspNetCoreAuth" rel="nofollow noreferrer">https://github.com/alexandre-spieser/AureliaAspNetCoreAuth</a>

Hope this helps,

Best,

Alex

I'm working with ASP.NET Core application. I'm trying to implement Token Based Authentication but can not figure out how to use new <a href="https://github.com/aspnet/Security">Security System</a>.

My scenario:
A client requests a token. My server should authorize the user and return access_token which will be used by the client in following requests.

Here are two great articles about implementing exactly what I need:

<ul>
<li><a href="http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/">Token Based Authentication using ASP.NET Web API 2, Owin, and Identity</a></li>
<li><a href="http://odetocode.com/blogs/scott/archive/2015/01/15/using-json-web-tokens-with-katana-and-webapi.aspx">Using JSON Web tokens</a></li>
</ul>

The problem is - it is not obvious for me how to do the same thing in ASP.NET Core.

My question is: how to configure ASP.NET Core Web Api application to work with token based authentication? What direction should I pursue? Have you written any articles about the newest version, or know where I could find ones?

Thank you!

Token Based Authentication in ASP.NET Core (refreshed)

我正在使用ASP.NET核心应用程序。我正在尝试实现基于令牌的身份验证，但不知道如何使用新的。我的场景：客户端请求令牌。我的服务器应该授权用户并返回access_token，客户端将在下面的请求中使用它。这里有两篇关于实现我需要的东西的很好的文章：问题是--对于我来说，在ASP.NET核心中如何做同样的事情并不明显。我...

问ASP.NET核心中基于令牌的身份验证(刷新)
EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问ASP.NET核心中基于令牌的身份验证(刷新)EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问ASP.NET核心中基于令牌的身份验证(刷新)
EN