


ASP.NET Core中集成微信快捷登录的程序

Visual Studio 2015 update 3

Asp.Net Core 1.0

1 准备工作


1.1 配置接口信息

1.2 修改网页授权信息




2  新建网站项目

 2.1 选择ASP.NET Core Web Application 模板



2.2 选择Web 应用程序,并更改身份验证为个人用户账户



3 集成微信登录功能




3.2 添加代码文件



3.3 注册微信登录中间件


app.UseWeChatAuthentication(new WeChatOptions()
    AppId = "******",
    AppSecret = "******"


4 代码


 1 // Copyright (c) .NET Foundation. All rights reserved.
 2 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 4 using System;
 5 using Microsoft.AspNetCore.Authentication.WeChat;
 6 using Microsoft.Extensions.Options;
 8 namespace Microsoft.AspNetCore.Builder
 9 {
10     ///

11     /// Extension methods to add WeChat authentication capabilities to an HTTP application pipeline.
12     ///

13     public static class WeChatAppBuilderExtensions
14     {
15         ///
16         /// Adds the middleware to the specified , which enables WeChat authentication capabilities.
17         ///

18         /// The to add the middleware to.
19         /// A reference to this instance after the operation has completed.
20         public static IApplicationBuilder UseWeChatAuthentication(this IApplicationBuilder app)
21         {
22             if (app == null)
23             {
24                 throw new ArgumentNullException(nameof(app));
25             }
27             return app.UseMiddleware();
28         }
30         ///
31         /// Adds the middleware to the specified , which enables WeChat authentication capabilities.
32         ///

33         /// The to add the middleware to.
34         /// A that specifies options for the middleware.
35         /// A reference to this instance after the operation has completed.
36         public static IApplicationBuilder UseWeChatAuthentication(this IApplicationBuilder app, WeChatOptions options)
37         {
38             if (app == null)
39             {
40                 throw new ArgumentNullException(nameof(app));
41             }
42             if (options == null)
43             {
44                 throw new ArgumentNullException(nameof(options));
45             }
47             return app.UseMiddleware(Options.Create(options));
48         }
49     }
50 }


// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

namespace Microsoft.AspNetCore.Authentication.WeChat
    public static class WeChatDefaults
        public const string AuthenticationScheme = "WeChat";

        public static readonly string AuthorizationEndpoint = "https://open.weixin.qq.com/connect/oauth2/authorize";

        public static readonly string TokenEndpoint = "https://api.weixin.qq.com/sns/oauth2/access_token";

        public static readonly string UserInformationEndpoint = "https://api.weixin.qq.com/sns/userinfo";


// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using Microsoft.AspNetCore.Authentication.OAuth;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http.Authentication;
using Microsoft.AspNetCore.Http.Extensions;
using Microsoft.Extensions.Primitives;
using Newtonsoft.Json.Linq;
using System;
using System.Collections.Generic;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Security.Claims;
using System.Text;
using Microsoft.AspNetCore.Mvc;
using System.Threading.Tasks;

namespace Microsoft.AspNetCore.Authentication.WeChat
    internal class WeChatHandler : OAuthHandler
        public WeChatHandler(HttpClient httpClient)
            : base(httpClient)

        protected override async Task HandleRemoteAuthenticateAsync()
            AuthenticationProperties properties = null;
            var query = Request.Query;

            var error = query["error"];
            if (!StringValues.IsNullOrEmpty(error))
                var failureMessage = new StringBuilder();
                var errorDescription = query["error_description"];
                if (!StringValues.IsNullOrEmpty(errorDescription))
                var errorUri = query["error_uri"];
                if (!StringValues.IsNullOrEmpty(errorUri))

                return AuthenticateResult.Fail(failureMessage.ToString());

            var code = query["code"];
            var state = query["state"];
            var oauthState = query["oauthstate"];

            properties = Options.StateDataFormat.Unprotect(oauthState);

            if (state != Options.StateAddition || properties == null)
                return AuthenticateResult.Fail("The oauth state was missing or invalid.");

            // OAuth2 10.12 CSRF
            if (!ValidateCorrelationId(properties))
                return AuthenticateResult.Fail("Correlation failed.");

            if (StringValues.IsNullOrEmpty(code))
                return AuthenticateResult.Fail("Code was not found.");

            var tokens = await ExchangeCodeAsync(code, BuildRedirectUri(Options.CallbackPath));

            var identity = new ClaimsIdentity(Options.ClaimsIssuer);

            AuthenticationTicket ticket = null;

            if (Options.WeChatScope == Options.InfoScope)
                ticket = await CreateTicketAsync(identity, properties, tokens);
                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, tokens.TokenType, ClaimValueTypes.String, Options.ClaimsIssuer));
                ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);

            if (ticket != null)
                return AuthenticateResult.Success(ticket);
                return AuthenticateResult.Fail("Failed to retrieve user information from remote server.");


        /// OAuth第一步,获取code

        protected override string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
            var oauthstate = Options.StateDataFormat.Protect(properties);

            redirectUri = $"{redirectUri}?{nameof(oauthstate)}={oauthstate}";

            var queryBuilder = new QueryBuilder()
                { "appid", Options.ClientId },
                { "redirect_uri", redirectUri },
                { "response_type", "code" },
                { "scope", Options.WeChatScope },                
                { "state",  Options.StateAddition },
            return Options.AuthorizationEndpoint + queryBuilder.ToString();



        /// OAuth第二步,获取token

        protected override  async Task ExchangeCodeAsync(string code, string redirectUri)
            var tokenRequestParameters = new Dictionary()
                { "appid", Options.ClientId },
                { "secret", Options.ClientSecret },
                { "code", code },
                { "grant_type", "authorization_code" },

            var requestContent = new FormUrlEncodedContent(tokenRequestParameters);

            var requestMessage = new HttpRequestMessage(HttpMethod.Post, Options.TokenEndpoint);
            requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
            requestMessage.Content = requestContent;
            var response = await Backchannel.SendAsync(requestMessage, Context.RequestAborted);
            if (response.IsSuccessStatusCode)
                var payload = JObject.Parse(await response.Content.ReadAsStringAsync());

                string ErrCode = payload.Value("errcode");
                string ErrMsg = payload.Value("errmsg");

                if (!string.IsNullOrEmpty(ErrCode) | !string.IsNullOrEmpty(ErrMsg))
                    return OAuthTokenResponse.Failed(new Exception($"ErrCode:{ErrCode},ErrMsg:{ErrMsg}"));

                var tokens = OAuthTokenResponse.Success(payload);

                tokens.TokenType = payload.Value("openid");

                return tokens;
                var error = "OAuth token endpoint failure";
                return OAuthTokenResponse.Failed(new Exception(error));


        /// OAuth第四步,获取用户信息

        protected override async Task CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
            var queryBuilder = new QueryBuilder()
                { "access_token", tokens.AccessToken },
                { "openid",  tokens.TokenType },//在第二步中,openid被存入TokenType属性
                { "lang", "zh_CN" }

            var infoRequest = Options.UserInformationEndpoint + queryBuilder.ToString();

            var response = await Backchannel.GetAsync(infoRequest, Context.RequestAborted);
            if (!response.IsSuccessStatusCode)
                throw new HttpRequestException($"Failed to retrieve WeChat user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding WeChat Graph API is enabled.");

            var user = JObject.Parse(await response.Content.ReadAsStringAsync());
            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, user);

            var identifier = user.Value("openid");
            if (!string.IsNullOrEmpty(identifier))
                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));

            var nickname = user.Value("nickname");
            if (!string.IsNullOrEmpty(nickname))
                identity.AddClaim(new Claim(ClaimTypes.Name, nickname, ClaimValueTypes.String, Options.ClaimsIssuer));

            var sex = user.Value("sex");
            if (!string.IsNullOrEmpty(sex))
                identity.AddClaim(new Claim("urn:WeChat:sex", sex, ClaimValueTypes.String, Options.ClaimsIssuer));

            var country = user.Value("country");
            if (!string.IsNullOrEmpty(country))
                identity.AddClaim(new Claim(ClaimTypes.Country, country, ClaimValueTypes.String, Options.ClaimsIssuer));

            var province = user.Value("province");
            if (!string.IsNullOrEmpty(province))
                identity.AddClaim(new Claim(ClaimTypes.StateOrProvince, province, ClaimValueTypes.String, Options.ClaimsIssuer));

            var city = user.Value("city");
            if (!string.IsNullOrEmpty(city))
                identity.AddClaim(new Claim("urn:WeChat:city", city, ClaimValueTypes.String, Options.ClaimsIssuer));

            var headimgurl = user.Value("headimgurl");
            if (!string.IsNullOrEmpty(headimgurl))
                identity.AddClaim(new Claim("urn:WeChat:headimgurl", headimgurl, ClaimValueTypes.String, Options.ClaimsIssuer));

            var unionid = user.Value("unionid");
            if (!string.IsNullOrEmpty(unionid))
                identity.AddClaim(new Claim("urn:WeChat:unionid", unionid, ClaimValueTypes.String, Options.ClaimsIssuer));

            await Options.Events.CreatingTicket(context);
            return context.Ticket;


// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System;
using System.Globalization;
using System.Text.Encodings.Web;
using Microsoft.AspNetCore.Authentication.OAuth;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;

namespace Microsoft.AspNetCore.Authentication.WeChat

    /// An ASP.NET Core middleware for authenticating users using WeChat.

    public class WeChatMiddleware : OAuthMiddleware
        /// Initializes a new .

        /// The next middleware in the HTTP pipeline to invoke.
        /// Configuration options for the middleware.
        public WeChatMiddleware(
            RequestDelegate next,
            IDataProtectionProvider dataProtectionProvider,
            ILoggerFactory loggerFactory,
            UrlEncoder encoder,
            IOptions sharedOptions,
            IOptions options)
            : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
            if (next == null)
                throw new ArgumentNullException(nameof(next));

            if (dataProtectionProvider == null)
                throw new ArgumentNullException(nameof(dataProtectionProvider));

            if (loggerFactory == null)
                throw new ArgumentNullException(nameof(loggerFactory));

            if (encoder == null)
                throw new ArgumentNullException(nameof(encoder));

            if (sharedOptions == null)
                throw new ArgumentNullException(nameof(sharedOptions));

            if (options == null)
                throw new ArgumentNullException(nameof(options));

            if (string.IsNullOrEmpty(Options.AppId))
                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, nameof(Options.AppId)));

            if (string.IsNullOrEmpty(Options.AppSecret))
                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, nameof(Options.AppSecret)));


        /// Provides the object for processing authentication-related requests.

        /// An configured with the supplied to the constructor.
        protected override AuthenticationHandler CreateHandler()
            return new WeChatHandler(Backchannel);


// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System.Collections.Generic;
using Microsoft.AspNetCore.Authentication.WeChat;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Identity;

namespace Microsoft.AspNetCore.Builder

    /// Configuration options for .

    public class WeChatOptions : OAuthOptions
        /// Initializes a new .

        public WeChatOptions()
            AuthenticationScheme = WeChatDefaults.AuthenticationScheme;
            DisplayName = AuthenticationScheme;
            CallbackPath = new PathString("/signin-wechat");
            StateAddition = "#wechat_redirect";
            AuthorizationEndpoint = WeChatDefaults.AuthorizationEndpoint;
            TokenEndpoint = WeChatDefaults.TokenEndpoint;
            UserInformationEndpoint = WeChatDefaults.UserInformationEndpoint;
            //SaveTokens = true;          

            //BaseScope (不弹出授权页面,直接跳转,只能获取用户openid),
            //InfoScope (弹出授权页面,可通过openid拿到昵称、性别、所在地。并且,即使在未关注的情况下,只要用户授权,也能获取其信息)
            WeChatScope = InfoScope;

        // WeChat uses a non-standard term for this field.

        /// Gets or sets the WeChat-assigned appId.

        public string AppId
            get { return ClientId; }
            set { ClientId = value; }

        // WeChat uses a non-standard term for this field.

        /// Gets or sets the WeChat-assigned app secret.

        public string AppSecret
            get { return ClientSecret; }
            set { ClientSecret = value; }

        public string StateAddition { get; set; }
        public string WeChatScope { get; set; }

        public string BaseScope = "snsapi_base";

        public string InfoScope = "snsapi_userinfo";
