该系列简单介绍了在Asp.Net Core Web API中如何使用JWT创建token进行鉴权。
1、创建Asp.Net Core Web API项目
这里使用的环境是VS2019 + .Net Core 3.1。
2、添加JWT服务
(1) 使用Nuget安装System.IdentityModel.Tokens.Jwt。
(2) 实现JWT服务
public interface IJwtService { string GetToken(string name); } using Microsoft.Extensions.Configuration; using Microsoft.IdentityModel.Tokens; using System; using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using System.Text; namespace TestWebApi.AuthCenter.Utility { public class JwtService : IJwtService { private readonly IConfiguration _configuration; public JwtService(IConfiguration configuration) { _configuration = configuration; } public string GetToken(string name) { /** * Claims(Payload) * Claims包含了一些跟这个token有关的重要信息。JWT标准规定的字段: * * iss: The issuer of the token, 签发人 * sub: The subject of the token, 主题 * exp: Expiration Time. 过期时间(Unix时间戳格式) * iat: Issued At. 签发时间(Unix时间戳格式) * jti: JWT ID. 编号 * aud: audience. 受众 * nbf: Not Before. 生效时间 * * 除了规定的字段外,可以包含其他任何JSON兼容的字段。 * */ var claims = new[] { new Claim(ClaimTypes.Name, name), new Claim("NickName", "NetCore"), new Claim("Role", "Administrator") }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecurityKey"])); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( issuer: _configuration["issuer"], //签发人 audience: _configuration["audience"], claims: claims, expires: DateTime.Now.AddMinutes(20), //20分钟有效期 signingCredentials: credentials); var tokenStr = new JwtSecurityTokenHandler().WriteToken(token); return tokenStr; } } }
(3) 注入JWT服务
//注入JWT服务 services.AddScoped<IJwtService, JwtService>();
3、添加JWT配置信息(appsettings.json)
"issuer": "http://localhost:9527", "audience": "http://localhost:9527", "SecurityKey": "4A9A70D2-B8AD-42E1-B002-553BDEF4E76F"
其中,SecurityKey为新建的一个GUID。
4、添加授权控制器
(1) 使用Nuget安装Newtonsoft.Json
(2) 控制器类实现
using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Logging; using Newtonsoft.Json; using TestWebApi.AuthCenter.Utility; namespace TestWebApi.AuthCenter.Controllers { [Route("api/[controller]")] [ApiController] public class AuthController : ControllerBase { //需要注入的服务 private readonly ILogger<AuthController> _logger; private readonly IConfiguration _configuration; private readonly IJwtService _jwtService; public AuthController(IConfiguration configuration, ILogger<AuthController> logger, IJwtService jwtService) { _configuration = configuration; _logger = logger; _jwtService = jwtService; } [Route("Login")] [HttpGet] public string Login(string username, string password) { var result = VerifyLogin(username, password); var token = result ? _jwtService.GetToken(username) : ""; return JsonConvert.SerializeObject(new { result, token }); } private bool VerifyLogin(string username, string password) { return "admin".Equals(username) && "123456".Equals(password); } } }
5、运行
(1) 运行Web API项目,在浏览器中输入https://localhost:5001/api/auth/Login,正常情况下会输出下面的内容:
{"result":false,"token":""}
(2) 在浏览器中输入https://localhost:5001/api/auth/Login?username=admin&password=123456,正常情况下会输出类似下面的内容:
{"result":true,"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiYWRtaW4iLCJOaWNrTmFtZSI6Ik5ldENvcmUiLCJSb2xlIjoiQWRtaW5pc3RyYXRvciIsImV4cCI6MTYxMzk1OTM0NSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5NTI3IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo5NTI3In0.JdkUR3MV2uC8dQAnqzskFreVFdrHK4WTRrMJSDm7STY"}