JWT

依赖包：

　　System.IdentityModel.Tokens.Jwt

Code:

 public class JwtModel
        {
            public string PublicKey { get; set; }
            public string PrivateKey { get; set; }
        }

        private static readonly string _issuer = "issuer";
        private static readonly string _audience = "test";
        private static readonly string _claimKey = "userId";
        private static readonly string _claimValue = "5435";

        public static JwtModel GenerateKey()
        {
            var key = CngKey.Create(CngAlgorithm.ECDsaP256, null, new CngKeyCreationParameters
            {
                ExportPolicy = CngExportPolicies.AllowPlaintextExport,
            });

            return new JwtModel
            {
                PublicKey = Convert.ToBase64String(key.Export(CngKeyBlobFormat.EccPublicBlob)),
                PrivateKey = Convert.ToBase64String(key.Export(CngKeyBlobFormat.EccPrivateBlob))
            };
        }

        public static string GenerateToken(string privateKey)
        {
            var claims = new[]
           {
                new Claim(_claimKey, _claimValue),
                new Claim(JwtRegisteredClaimNames.Sub, "3"),
                new Claim(JwtRegisteredClaimNames.Jti, Convert.ToBase64String(Guid.NewGuid().ToByteArray())),
            };
            var key = CngKey.Import(Convert.FromBase64String(privateKey), CngKeyBlobFormat.EccPrivateBlob);

            var cred = new SigningCredentials(
                new ECDsaSecurityKey(new ECDsaCng(key)),
                SecurityAlgorithms.EcdsaSha256);

            var token = new JwtSecurityToken(
                issuer: _issuer,
                audience: _audience,
                claims: claims,
                notBefore: DateTime.UtcNow,
                expires: DateTime.UtcNow.AddYears(15), //用过 20,18 都不行，还没定位为什么。
                signingCredentials: cred);
            return new JwtSecurityTokenHandler().WriteToken(token);
        }

        public static bool VerifyToken(string token, string publicKey)
        {
            var key = CngKey.Import(
                Convert.FromBase64String(publicKey), CngKeyBlobFormat.EccPublicBlob);

            SecurityToken validatedToken;
            var claims = new JwtSecurityTokenHandler().ValidateToken(
                token,
                new TokenValidationParameters
                {
                    IssuerSigningKey = new ECDsaSecurityKey(new ECDsaCng(key)),
                    ValidAudience = _audience,
                    ValidIssuer = _issuer
                },
                out validatedToken);
            return claims.HasClaim(_claimKey, _claimValue);
        }