zoukankan      html  css  js  c++  java

  • NETCORE

    NETCORE - JWT认证与授权

     1. 安装NuGet包:JwtBearer

     

     2. 配置 签名参数

    {
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "TokenParameter": {
    "Issuer": "颁发者", //颁发者
    "Audience": "接收者", //接收者
    "Secret": "123456732409ldjfsd8", //签名秘钥
    "AccessExpiration": 30 //AccessToken过期时间(分钟)"
  },
  "AllowedHosts": "*"
}

    新建配置类

        public class TokenParameter
    {
        public string Issuer { get; set; }//颁发者
        public string Audience { get; set; }//接收者
        public string Secret { get; set; }//签名秘钥
        public int AccessExpiration { get; set; }//AccessToken过期时间(分钟)
    }

    在Startup中 注入config配置

        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllers();

            //注入config配置
            services.Configure<TokenParameter>(Configuration.GetSection("TokenParameter"));
        }

    3. 定义一个获取token的控制器

        [Route("api/[controller]")]
    [ApiController]
    public class OAuthController : ControllerBase
    {
        private TokenParameter Config_TokenParameter;

        public OAuthController(IOptions<TokenParameter> option)
        {
            Config_TokenParameter = option.Value;
        }


        [HttpGet]
        [Route("token")]
        public ActionResult GetAccessToken(string username, string password)
        {
            if (username != "admin" || password != "admin")
            {
                return BadRequest("Invalid Request");
            }

            var claims = new[]
            {
                new Claim (ClaimTypes.Name,username),
                new Claim(ClaimTypes.Role,"")
            };
            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Config_TokenParameter.Secret));
            var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
            var jwtToken = new JwtSecurityToken(Config_TokenParameter.Issuer, Config_TokenParameter.Audience, claims, expires: DateTime.UtcNow.AddMinutes(Config_TokenParameter.AccessExpiration), signingCredentials: credentials);
            var token = new JwtSecurityTokenHandler().WriteToken(jwtToken);
            return Ok(token);
        }
    }

    4. 添加token身份认证到容器(startup)

            public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllers();

            //注入config配置
            services.Configure<TokenParameter>(Configuration.GetSection("TokenParameter"));

            //获取ServiceProvider
            var serviceProvider = services.BuildServiceProvider();
            //取出放入静态变量
            var Config_TokenParameter = serviceProvider.GetService<IOptions<TokenParameter>>();

            //添加token身份认证到容器
            services.AddAuthentication(x =>
            {

                x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(x =>
                {
                    x.RequireHttpsMetadata = false;
                    x.SaveToken = true;
                    x.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
                    {
                        ValidateIssuerSigningKey = true,//是否调用对签名securityToken的SecurityKey进行验证
                        IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Config_TokenParameter.Value.Secret)),//签名秘钥
                        ValidateIssuer = true,//是否验证颁发者
                        ValidIssuer = Config_TokenParameter.Value.Issuer,//颁发者
                        ValidateAudience = true,//是否验证接收者
                        ValidAudience = Config_TokenParameter.Value.Audience,//接收者
                        ValidateLifetime = true,//是否验证失效时间
                    };
                });
        }

    添加身份认证到中间件

            public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseHttpsRedirection();

            app.UseRouting();

            app.UseAuthentication();//必须在app.UseAuthorization();之前

            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }

    添加测试控制器

    需要授权的方法 需加上 [Authorize],给方法或者控制器标记均可

    如标记[AllowAnonymous],则此方法不需要身份验证(比如登录接口)

        [Route("api/[controller]")]
    [ApiController]
    public class textController : ControllerBase
    {
        [HttpGet]
        [Route("GetTodo")]
        [Authorize]
        public ActionResult GetTodo()
        {
            return Ok("request ok !");
        }
    }

    postman测试

    1. 直接调用GetTodo,失败,返回401 

     https://localhost:5001/api/text/GetTodo 

     

    2. 获取token,直接访问 

    https://localhost:5001/api/oauth/token?username=admin&password=admin

    3.添加 token 再访问 GetTodo,访问成功。

     https://localhost:5001/api/text/GetTodo 

     

    项目:NETCORE.JWT
    附代码:https://gitee.com/wuxincaicai/NETCORE.git

    引用:https://segmentfault.com/a/1190000037433091
  • 相关阅读:
    .net mvc 一个Action的 HttpGet 和 HttpPost
    在ASP.NET MVC中对表进行通用的增删改
    ASP.NET MVC3 入门指南之数据验证[源码RAR下载]
    ASP.NET MVC开发,编辑页面和添加页面基本相同,我们控制器 Add Edit是共用同一个View吗?
    IEnumerable和IEnumerator 详解
    文件I/O(不带缓冲)之lseek函数
    文件I/O(不带缓冲)之close函数
    文件I/O(不带缓冲)之creat函数
    文件I/O(不带缓冲)之open函数
    文件I/O(不带缓冲)概述
  • 原文地址:https://www.cnblogs.com/1285026182YUAN/p/13925786.html
Copyright © 2011-2022 走看看