在C#中模拟Spring的RESTful安全控制,可以使用ASP.NET Core Web API和ASP.NET Core Identity系统来实现。以下是一个简单的示例,展示了如何设置基本的身份验证和授权。
首先,创建一个新的ASP.NET Core Web API项目。
dotnet new webapi -n SpringSecurityExample
cd SpringSecurityExample
你需要添加一些NuGet包来处理身份验证和授权。
dotnet add package Microsoft.AspNetCore.Identity.EntityFrameworkCore
dotnet add package Microsoft.AspNetCore.Authorization
dotnet add package Microsoft.EntityFrameworkCore.SqlServer
创建一个继承自IdentityDbContext的类来配置数据库上下文。
// Data/ApplicationDbContext.cs
using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore;
namespace SpringSecurityExample.Data
{
public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
{
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
: base(options)
{
}
}
}
创建一个自定义的用户类。
// Models/ApplicationUser.cs
using Microsoft.AspNetCore.Identity;
namespace SpringSecurityExample.Models
{
public class ApplicationUser : IdentityUser
{
}
}
在Startup.cs中配置服务。
// Startup.cs
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
namespace SpringSecurityExample
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddControllers();
services.AddAuthorization(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
});
services.AddScoped<IJwtTokenService, JwtTokenService>();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}
创建一个服务来生成和验证JWT令牌。
// Services/IJwtTokenService.cs
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;
using Microsoft.IdentityModel.Tokens;
namespace SpringSecurityExample.Services
{
public interface IJwtTokenService
{
string GenerateToken(ApplicationUser user);
bool ValidateToken(string token);
}
public class JwtTokenService : IJwtTokenService
{
private readonly string _jwtSecret;
private readonly IJwtEncoder _jwtEncoder;
public JwtTokenService(IConfiguration config, ILogger<JwtTokenService> logger)
{
_jwtSecret = config["JwtSecret"];
_jwtEncoder = new JwtSecurityTokenHandler().CreateEncoder();
}
public string GenerateToken(ApplicationUser user)
{
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, user.Id),
new Claim(ClaimTypes.Name, user.UserName)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtSecret));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "SpringSecurityExample",
audience: "SpringSecurityExample",
claims: claims,
expires: DateTime.UtcNow.AddMinutes(30),
signingCredentials: creds);
return _jwtEncoder.WriteToken(token);
}
public bool ValidateToken(string token)
{
try
{
var validationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = "SpringSecurityExample",
ValidateAudience = true,
ValidAudience = "SpringSecurityExample",
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtSecret)),
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
var principal = new ClaimsPrincipal(new[] { new Claim(ClaimTypes.NameIdentifier, "123") });
var claimsIdentity = new ClaimsIdentity(principal.Claims, JwtBearerDefaults.AuthenticationScheme);
var tokenHandler = new JwtSecurityTokenHandler();
var result = tokenHandler.ValidateToken(token, validationParameters, out SecurityToken validatedToken);
return result.IsValid;
}
catch (Exception ex)
{
logger.LogError(ex, "Invalid JWT token");
return false;
}
}
}
}
创建一个控制器来处理API请求,并使用授权属性来保护端点。
// Controllers/ValuesController.cs
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Threading.Tasks;
namespace SpringSecurityExample.Controllers
{
[ApiController]
[Route("api/[controller]")]
public class ValuesController : ControllerBase
{
private readonly IJwtTokenService _jwtTokenService;
public ValuesController(IJwtTokenService jwtTokenService)
{
_jwtTokenService = jwtTokenService;
}
[HttpGet("{id}")]
[Authorize]
public async Task<IActionResult> Get(int id)
{
return Ok($"Value for ID: {id}");
}
[HttpPost]
[Authorize]
public async Task<IActionResult> Post([FromBody] string value)
{
return CreatedAtAction(nameof(Get), new { id = 1 }, value);
}
}
}
在appsettings.json中配置数据库连接字符串。
{
"ConnectionStrings": {
"DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=SpringSecurityExampleDb;Trusted_Connection=True;MultipleActiveResultSets=true"
},
"JwtSecret": "your_jwt_secret"
}
运行应用程序并测试API端点。
dotnet run
你可以使用Postman或其他工具来测试API端点。首先,登录以获取JWT令牌,然后在后续请求中使用该令牌进行身份验证和授权。
以上示例展示了如何在C#中模拟Spring的RESTful安全控制。通过使用ASP.NET Core Web API和ASP.NET Core Identity系统,你可以轻松地实现身份验证和授权功能。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。
