2d30aaf212
- IJwtService 인터페이스 (Application Layer) - JwtSettings POCO (Options Pattern) - JwtService 구현 (Access Token 생성/검증, Refresh Token 생성) - AddJwtAuthentication/AddAuthorizationPolicies 확장 메서드 - Program.cs에 인증/인가 미들웨어 등록 (파이프라인 순서 10~11번) - NuGet: System.IdentityModel.Tokens.Jwt, Microsoft.AspNetCore.Authentication.JwtBearer
56 lines
1.8 KiB
C#
56 lines
1.8 KiB
C#
using System.Text;
|
|
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using SPMS.Application.Settings;
|
|
|
|
namespace SPMS.API.Extensions;
|
|
|
|
public static class AuthenticationExtensions
|
|
{
|
|
public static IServiceCollection AddJwtAuthentication(
|
|
this IServiceCollection services,
|
|
IConfiguration configuration)
|
|
{
|
|
var jwtSettings = configuration.GetSection(JwtSettings.SectionName).Get<JwtSettings>()!;
|
|
|
|
services.Configure<JwtSettings>(configuration.GetSection(JwtSettings.SectionName));
|
|
|
|
services.AddAuthentication(options =>
|
|
{
|
|
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
|
|
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
|
|
})
|
|
.AddJwtBearer(options =>
|
|
{
|
|
options.TokenValidationParameters = new TokenValidationParameters
|
|
{
|
|
ValidateIssuer = true,
|
|
ValidateAudience = true,
|
|
ValidateLifetime = true,
|
|
ValidateIssuerSigningKey = true,
|
|
ValidIssuer = jwtSettings.Issuer,
|
|
ValidAudience = jwtSettings.Audience,
|
|
IssuerSigningKey = new SymmetricSecurityKey(
|
|
Encoding.UTF8.GetBytes(jwtSettings.SecretKey)),
|
|
ClockSkew = TimeSpan.Zero
|
|
};
|
|
});
|
|
|
|
return services;
|
|
}
|
|
|
|
public static IServiceCollection AddAuthorizationPolicies(this IServiceCollection services)
|
|
{
|
|
services.AddAuthorization(options =>
|
|
{
|
|
options.AddPolicy("SuperOnly", policy =>
|
|
policy.RequireRole("Super"));
|
|
|
|
options.AddPolicy("ManagerOrAbove", policy =>
|
|
policy.RequireRole("Super", "Manager"));
|
|
});
|
|
|
|
return services;
|
|
}
|
|
}
|