AegisAuthBase 1.0.5

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher. 
dotnet add package AegisAuthBase --version 1.0.5
                    


                    

                
NuGet\Install-Package AegisAuthBase -Version 1.0.5
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="AegisAuthBase" Version="1.0.5" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="AegisAuthBase" Version="1.0.5" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="AegisAuthBase" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add AegisAuthBase --version 1.0.5
                    


                    

                
#r "nuget: AegisAuthBase, 1.0.5"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package AegisAuthBase@1.0.5
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=AegisAuthBase&version=1.0.5
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=AegisAuthBase&version=1.0.5
                    


                            Install as a Cake Tool

AegisAuth

一个功能全面的 .NET 认证解决方案,提供 JWT 和 Session 两种认证方式,支持令牌黑名单和安全审计日志功能。

项目结构

  • AegisAuthBase - 核心共享库(实体、仓储接口、服务)
  • AegisAuthJwt - JWT 认证库
  • AegisAuthSession - Session 认证库
  • AegisAuthJwtTest - JWT 测试项目
  • AegisAuthSessionTest - Session 测试项目

特性

共同特性

  • 🛡️ 密码安全:基于 PBKDF2 的密码哈希(100,000 次迭代)
  • 📊 安全审计日志:全面记录认证事件
  • 🔒 账户锁定:5 次失败尝试后锁定 30 分钟
  • 🌐 ASP.NET Core 集成:无缝集成到 ASP.NET Core 应用
  • 🎯 即用控制器:内置控制器可直接使用

AegisAuthJwt 特性

  • 🔐 JWT 认证:标准 JWT 令牌认证
  • 🚫 令牌黑名单:自动令牌失效机制
  • 🔄 令牌刷新:自动续期支持
  • 🧹 自动清理:后台清理过期令牌

AegisAuthSession 特性

  • 🔑 Session 认证:基于 Session ID 的认证
  • 💾 多种存储:支持内存、Redis、数据库存储
  • 滑动过期:自动延长活跃 Session
  • 🔄 Session 续期:接近过期时自动续期
  • 🛡️ Session 固定攻击保护:防止 Session 劫持
  • 🧹 后台清理:定期清理过期 Session
  • 📱 多设备管理:限制每用户最大 Session 数

快速开始

AegisAuthJwt(JWT 认证)

详细文档请查看:AegisAuthJwt README

安装:

dotnet add package AegisAuthJwt

基础配置:

// 注册仓储
builder.Services.AddScoped<IUserRepository, YourUserRepository>();
builder.Services.AddScoped<ISecurityAuditLogRepository, YourAuditLogRepository>();
builder.Services.AddScoped<ITokenBlacklistRepository, YourTokenBlacklistRepository>();

// 配置 JWT 认证
builder.Services.Configure<AuthSetting>(builder.Configuration.GetSection("AuthSetting"));
builder.Services.AddScoped<AuthManager>();

// 配置 JWT 中间件
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(/* 配置选项 */);

AegisAuthSession(Session 认证)

详细文档请查看:AegisAuthSession QUICKSTART

安装:

dotnet add package AegisAuthSession

快速配置(三种方式):

  1. 内存存储(开发/测试)
builder.Services.AddScoped<IUserRepository, YourUserRepository>();
builder.Services.AddScoped<ISecurityAuditLogRepository, YourAuditLogRepository>();

builder.Services.AddAegisAuthSessionWithMemory(settings =>
{
    settings.SessionExpirationMinutes = 30;
    settings.MaxSessionsPerUser = 5;
});

app.UseAegisAuthSession();
  1. Redis 存储(生产推荐)
builder.Services.AddStackExchangeRedisCache(options =>
{
    options.Configuration = "localhost:6379";
    options.InstanceName = "AegisAuth:";
});
builder.Services.AddAegisAuthSessionWithRedis();

app.UseAegisAuthSession();
  1. 数据库存储
builder.Services.AddDbContext<YourDbContext>(/* 配置 */);
builder.Services.AddScoped<DbContext, YourDbContext>();
builder.Services.AddAegisAuthSessionWithDatabase();

app.UseAegisAuthSession();

认证方式对比

特性 AegisAuthJwt AegisAuthSession
认证机制 JWT Token Session ID
状态管理 无状态 有状态
存储方式 客户端(Token) 服务端(Session Store)
扩展性 易于水平扩展 需要共享存储(Redis/数据库)
性能 无需查询存储 每次请求需查询存储
撤销支持 需要黑名单机制 直接删除 Session
适用场景 API、微服务、移动应用 Web 应用、需要即时撤销的场景
安全性 Token 泄露风险较高 Session ID 泄露风险较低

API 端点

两个库都提供了类似的 REST API 端点:

通用端点

方法 路径 说明 认证
POST /api/auth/login 用户登录
POST /api/auth/logout 用户登出

AegisAuthJwt 特有端点

方法 路径 说明 认证
POST /api/auth/refresh 刷新 Token

AegisAuthSession 特有端点

方法 路径 说明 认证
POST /api/auth/refresh 刷新 Session
POST /api/auth/logout-all 登出所有设备
GET /api/auth/info 获取 Session 信息
GET /api/auth/validate 验证 Session

请求/响应示例

登录请求:

{
  "userName": "testuser",
  "password": "password123"
}

登录响应:

{
  "success": true,
  "data": {
    "userId": "1",
    "userName": "testuser",
    "token": "eyJhbG...", // JWT: token, Session: sessionId
    "refreshToken": "refresh_token", // 仅 JWT
    "role": "Admin"
  },
  "error": null
}

数据模型

核心实体(AegisAuthBase)

User(用户)
public class User
{
    public string Id { get; set; }
    public string UserName { get; set; }
    public string PasswordHash { get; set; }
    public string PasswordSalt { get; set; }
    public string? Role { get; set; }
    public bool IsActive { get; set; }
    public DateTimeOffset? LastLogin { get; set; }
    public int FailedLoginAttempts { get; set; }
    public DateTimeOffset? LockoutEnd { get; set; }
    public DateTimeOffset? PasswordChangedAt { get; set; }
}
SecurityAuditLog(安全审计日志)
public class SecurityAuditLog
{
    public string Id { get; set; }
    public string UserName { get; set; }
    public SecurityEventType EventType { get; set; }
    public string EventDescription { get; set; }
    public SecurityEventResult Result { get; set; }
    public string? Details { get; set; }
    public string? IpAddress { get; set; }
    public string? UserAgent { get; set; }
    public DateTimeOffset CreatedAt { get; set; }
}

JWT 特有实体

TokenBlacklist(令牌黑名单)
public class TokenBlacklist
{
    public string Id { get; set; }
    public string TokenHash { get; set; }
    public int TokenLength { get; set; }
    public DateTime ExpiresAt { get; set; }
    public string? UserId { get; set; }
    public string? UserName { get; set; }
    public string? RevocationReason { get; set; }
    public string? IpAddress { get; set; }
    public string? UserAgent { get; set; }
}

Session 特有实体

Session(会话)
public class Session
{
    public string Id { get; set; }
    public string UserId { get; set; }
    public string UserName { get; set; }
    public string? Role { get; set; }
    public DateTimeOffset CreatedAt { get; set; }
    public DateTimeOffset ExpiresAt { get; set; }
    public DateTimeOffset LastAccessedAt { get; set; }
    public string? IpAddress { get; set; }
    public string? UserAgent { get; set; }
}

仓储接口

您需要实现以下仓储接口:

所有项目都需要:

  • IUserRepository
  • ISecurityAuditLogRepository

AegisAuthJwt 额外需要:

  • ITokenBlacklistRepository

AegisAuthSession 不需要额外仓储(使用 ISessionStore

安全特性

密码安全

  • ✅ PBKDF2 哈希算法
  • ✅ 100,000 次迭代
  • ✅ 随机盐值
  • ✅ SHA256 密码哈希

账户保护

  • ✅ 失败登录计数(5 次后锁定)
  • ✅ 账户锁定(30 分钟)
  • ✅ 密码修改追踪
  • ✅ 账户激活状态

会话安全(AegisAuthSession)

  • ✅ Session 固定攻击保护
  • ✅ 滑动过期时间
  • ✅ 多设备管理
  • ✅ 强制登出所有设备

审计与监控

  • ✅ 全面的安全审计日志
  • ✅ IP 地址追踪
  • ✅ User-Agent 记录
  • ✅ 事件类型分类

配置示例

JWT 配置(appsettings.json)

{
  "AuthSetting": {
    "JwtTokenKey": "your-256-bit-secret-key-here-minimum-32-characters",
    "JwtTokenIssuer": "https://yourdomain.com",
    "JwtTokenAudience": "https://yourdomain.com",
    "AccessTokenExpirationMinutes": 60,
    "RefreshTokenExpirationDays": 7
  },
  "TokenCleanupWorker": {
    "Enabled": true,
    "CleanupIntervalHours": 24
  }
}

Session 配置(appsettings.json)

{
  "SessionSetting": {
    "SessionExpirationMinutes": 30,
    "SessionRememberMeExpirationDays": 7,
    "MaxSessionsPerUser": 5,
    "SessionIdLength": 64,
    "SessionCookieName": "AegisAuthSession",
    "EnableSessionFixationProtection": true,
    "EnableSlidingExpiration": true,
    "SessionRenewalMinutes": 10,
    "CleanupIntervalMinutes": 60
  },
  "Redis": {
    "Configuration": "localhost:6379",
    "InstanceName": "AegisAuth:"
  }
}

文档

AegisAuthJwt

AegisAuthSession

测试项目

两个测试项目提供了完整的使用示例:

  • AegisAuthJwtTest - JWT 认证完整示例
  • AegisAuthSessionTest - Session 认证完整示例

运行测试项目:

cd AegisAuthJwtTest
dotnet run

# 或
cd AegisAuthSessionTest
dotnet run

许可证

MIT License - 详见 LICENSE 文件

贡献

欢迎贡献!请提交 Pull Request 或创建 Issue。

Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on AegisAuthBase:

Package Downloads
AegisAuthJwt

A comprehensive JWT authentication library with token blacklisting and security audit logging for ASP.NET Core applications.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.5 181 12/29/2025
1.0.4 171 12/27/2025
1.0.3 195 12/12/2025
1.0.2 743 12/2/2025
1.0.1 231 11/29/2025
1.0.0 256 11/28/2025