1、nuget搜索JWT并安装
2、创建ApiAuthorizeAttribute,作为验证特性
/// <summary> /// 身份认证拦截器 /// </summary> public class ApiAuthorizeAttribute: AuthorizeAttribute { /// <summary> /// 指示指定的控件是否已获得授权 /// </summary> /// <param name="actionContext"></param> /// <returns></returns> protected override bool IsAuthorized(HttpActionContext actionContext) { //前端请求api时会将token存放在名为"auth"的请求头中 var authHeader = from t in actionContext.Request.Headers where t.Key == "Authorization" select t.Value.FirstOrDefault(); if (authHeader != null) { const string secretKey = "Hello World";//加密秘钥 string token = authHeader.FirstOrDefault();//获取token if (!string.IsNullOrEmpty(token)) { try { byte[] key = Encoding.UTF8.GetBytes(secretKey); IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); //解密 var json = decoder.DecodeToObject<AuthInfo>(token, key, verify: true); if (json != null) { //判断口令过期时间 if (json.ExpiryDateTime < DateTime.Now) { return false; } actionContext.RequestContext.RouteData.Values.Add("Authorization", json); return true; } return false; } catch (Exception ex) { return false; } } } return false; } /// <summary> /// 处理授权失败的请求 /// </summary> /// <param name="actionContext"></param> protected override void HandleUnauthorizedRequest(HttpActionContext actionContext) { var erModel = new { Success = "false", ErrorCode = "401" }; actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, erModel, "application/json"); }
3、新建3个类,
/// <summary> /// 身份验证信息 模拟JWT的payload /// </summary> public class AuthInfo { /// <summary> /// 用户名 /// </summary> public string UserName { get; set; } /// <summary> /// 角色 /// </summary> public List<string> Roles { get; set; } /// <summary> /// 是否管理员 /// </summary> public bool IsAdmin { get; set; } /// <summary> /// 口令过期时间 /// </summary> public DateTime? ExpiryDateTime { get; set; } }
/// <summary> /// 登录用户信息 /// </summary> public class LoginRequest { /// <summary> /// 用户名 /// </summary> public string UserName { get; set; } /// <summary> /// 密码 /// </summary> public string Password { get; set; } }
/// <summary> /// 生成的口令信息 /// </summary> public class TokenInfo { /// <summary> /// 是否成功 /// </summary> public bool Success { get; set; } /// <summary> /// 令牌 /// </summary> public string Token { get; set; } /// <summary> /// 错误信息 /// </summary> public string Message { get; set; } }
4、新建一个获取token的controller
/// <summary> /// 登录 /// </summary> /// <param name="loginRequest"></param> /// <returns></returns> [HttpPost] [Route("Login")] public TokenInfo Login([FromBody] LoginRequest loginRequest) { TokenInfo tokenInfo = new TokenInfo();//需要返回的口令信息 if (loginRequest != null) { string userName = loginRequest.UserName; string passWord = loginRequest.Password; bool isAdmin = (userName == "admin") ? true : false; //模拟数据库数据,真正的数据应该从数据库读取 //身份验证信息 AuthInfo authInfo = new AuthInfo { UserName = userName, Roles = new List<string> { "admin", "commonrole" }, IsAdmin = isAdmin, ExpiryDateTime = DateTime.Now.AddHours(2) }; const string secretKey = "Hello World";//口令加密秘钥 try { byte[] key = Encoding.UTF8.GetBytes(secretKey); IJwtAlgorithm algorithm = new HMACSHA256Algorithm();//加密方式 IJsonSerializer serializer = new JsonNetSerializer();//序列化Json IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();//base64加解密 IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);//JWT编码 var token = encoder.Encode(authInfo, key);//生成令牌 //口令信息 tokenInfo.Success = true; tokenInfo.Token = token; tokenInfo.Message = "OK"; } catch (Exception ex) { tokenInfo.Success = false; tokenInfo.Message = ex.Message.ToString(); } } else { tokenInfo.Success = false; tokenInfo.Message = "用户信息为空"; } return tokenInfo; }
5、新建一个验证controller
/// <summary> /// 获取用户信息 /// </summary> /// <returns></returns> [ApiAuthorize] [HttpGet] [Route("api/GetUserInfo")] public string GetUserInfo() { var userInfo = new { UserName = "test", Tel = "123456789", Address = "testddd" }; return JsonConvert.SerializeObject(userInfo); }
6、运行获取token
7、验证token
