zoukankan      html  css  js  c++  java
  • ASP.NET Core WebAPI中使用JWT Bearer认证和授权

    1、添加包

    Microsoft.AspNetCore.Authentication.JwtBearer

    2、在Startup类的ConfigureServices方法里面注入服务:

      public void ConfigureServices(IServiceCollection services)
            {
    
                services.AddAuthentication(options =>
                {
                    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                })
              .AddJwtBearer(options =>
              {
                  options.TokenValidationParameters = new TokenValidationParameters
                  {
                      SaveSigninToken = true,//保存token,后台验证token是否生效(重要)
                          ValidateIssuer = true,//是否验证Issuer
                          ValidateAudience = true,//是否验证Audience
                          ValidateLifetime = true,//是否验证失效时间
                          ValidateIssuerSigningKey = true,//是否验证SecurityKey
                          ValidAudience = "sukcore",//Audience
                          ValidIssuer = "sukcore",//Issuer,这两项和前面签发jwt的设置一致
                          IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes("BB3647441FFA4B5DB4E64A29B53CE525"))
                  };
                  options.Events = new JwtBearerEvents()
                  {
                      OnChallenge = context =>
                      {
                          context.HandleResponse();
                          context.Response.Clear();
                          context.Response.ContentType = "application/json";
                          context.Response.StatusCode = 401;
                          context.Response.WriteAsync(new { message = "授权未通过", status = false, code = 401 }.Serialize());
                          return Task.CompletedTask;
                      }
                  };
              });
    
            }
    public void ConfigureServices(IServiceCollection services)

     3、在Startup类的Configure方法里面添加 

            public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
            {              
                //身份验证
                app.UseAuthentication();
                //授权
                app.UseAuthorization();             
            }
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)

    4、接下来做权限校验

    在需要授权的api控制器或者Action上新增 [Authorize] 标记

    public class TokenService : ITokenService
        {
            private readonly JwtSetting _jwtSetting;
            public TokenService(IOptions<JwtSetting> option)
            {
                _jwtSetting = option.Value;
            }
    
            public string GetToken(UserEntity user)
            {
                //创建用户身份标识,这里可以随意加入自定义的参数,key可以自己随便起
                var claims = new[]
                {
                        new Claim(JwtRegisteredClaimNames.Nbf,$"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}") ,
                        new Claim (JwtRegisteredClaimNames.Exp,$"{new DateTimeOffset(DateTime.Now.AddMinutes(30)).ToUnixTimeSeconds()}"),
                        new Claim(ClaimTypes.NameIdentifier, user.username.ToString()),
                        new Claim("Id", user.id.ToString()),
                        new Claim("Name", user.username.ToString())
                    };
                //sign the token using a secret key.This secret will be shared between your API and anything that needs to check that the token is legit.
                var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtSetting.SecurityKey));
                var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
                //.NET Core’s JwtSecurityToken class takes on the heavy lifting and actually creates the token.
                var token = new JwtSecurityToken(
                    //颁发者
                    issuer: _jwtSetting.Issuer,
                    //接收者
                    audience: _jwtSetting.Audience,
                    //过期时间
                    expires: DateTime.Now.AddMinutes(30),
                    //签名证书
                    signingCredentials: creds,
                    //自定义参数
                    claims: claims
                    );
                var jwtToken = new JwtSecurityTokenHandler().WriteToken(token);
                return jwtToken;
            }
        }
    public string GetToken(UserEntity user)
    /// <summary>
        /// 权限(获取Token)
        /// </summary>
        [Route("api/[controller]/[action]")]
        public class AuthController : ApiController
        {
            private readonly ITokenService _tokenService;
            /// <summary>
            /// 
            /// </summary>
            public AuthController(ITokenService tokenService)
            {
                _tokenService = tokenService;
            }
            /// <summary>
            /// 获取Token
            /// </summary>
            /// <param name="user"></param>
            /// <returns></returns>
            [HttpPost]
            public MethodResult GetToken(UserEntity user)
            {
                var token = _tokenService.GetToken(user);
                var response = new
                {
                    Status = true,
                    Token = token,
                    Type = "Bearer"
                };
                return new MethodResult(response);
            }
        }
    public class AuthController : ApiController
    public class UserEntity
        {
            /// <summary>
            /// ID
            /// </summary>
            public int id { get; set; }
            /// <summary>
            /// 姓名
            /// </summary>
            public string username { get; set; }
            /// <summary>
            /// 密码
            /// </summary>
            public string password { get; set; }
    
        }
    public class UserEntity
    public class JwtSetting
        {
            /// <summary>
            /// 颁发者
            /// </summary>
            public string Issuer { get; set; }
    
            /// <summary>
            /// 接收者
            /// </summary>
            public string Audience { get; set; }
    
            /// <summary>
            /// 令牌密码
            /// </summary>
            public string SecurityKey { get; set; }
    
            /// <summary>
            ///  过期时间
            /// </summary>
            public long ExpireSeconds { get; set; }
    
            /// <summary>
            /// 签名
            /// </summary>
            public SigningCredentials Credentials
            {
                get
                {
                    var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(SecurityKey));
                    return new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
                }
            }
        }
    public class JwtSetting

    参考如下链接

    https://www.cnblogs.com/ZhengHengWU/p/12574045.html

  • 相关阅读:
    基于SpringBoot打造在线教育系统(6)-- 二级分类模块UI篇
    基于SpringBoot打造在线教育系统(5)-- 课程分类模块
    基于SpringBoot打造在线教育系统(4)-- SpringBoot集成ElementUI
    基于SpringBoot打造在线教育系统(3)-- 登录与授权管理
    基于SpringBoot打造在线教育系统(2)-- 深入学习JPA与Junit测试
    我只会HelloWorld,但是我却完成了一个SpringBoot项目!(1)
    Constrast Learnning
    BlazePose: On-device Real-time Body Pose tracking
    pytest---fixture作用范围
    pytest---fixture中conftest.py文件
  • 原文地址:https://www.cnblogs.com/su-king/p/12672748.html
Copyright © 2011-2022 走看看