nuget 引入 Microsoft.AspNetCore.Authentication.JwtBearer
Startup中
app.UseAuthentication();
#region JWT
//读取配置文件
services.Configure<TokenManagement>(Configuration.GetSection("tokenManagement"));
var token = Configuration.GetSection("tokenManagement").Get<TokenManagement>();
//注入JWT
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(token.Secret)),
ValidIssuer = token.Issuer,
ValidAudience = token.Audience,
ValidateIssuer = false,
ValidateAudience = false
};
});
//权限注入
services.AddScoped<IAuthenticateService, TokenAuthenticationService>();
//验证是否有权限
services.AddScoped<IUserService, UserService>();
#endregion
appsettings.json 中配置文件
"tokenManagement": { "secret": "123456123456123456", //发现HS256算法的秘钥长度最新为128位,转换成字符至少16字符 "issuer": "webapi.cn", "audience": "WebApi", "accessExpiration": 30, "refreshExpiration": 60 }
//jwt实体配置
public class TokenManagement { [JsonProperty("secret")] public string Secret { get; set; } [JsonProperty("issuer")] public string Issuer { get; set; } [JsonProperty("audience")] public string Audience { get; set; } [JsonProperty("accessExpiration")] public int AccessExpiration { get; set; } [JsonProperty("refreshExpiration")] public int RefreshExpiration { get; set; } }
//登陆验证返回token信息
public bool IsAuthenticated(LoginRequestDTO request, out string token) { token = string.Empty; if (!_userService.IsValid(request)) return false; var claims = new[] { new Claim(ClaimTypes.Name,request.Username) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_tokenManagement.Secret)); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var jwtToken = new JwtSecurityToken(_tokenManagement.Issuer, _tokenManagement.Audience, claims, expires: DateTime.Now.AddMinutes(_tokenManagement.AccessExpiration), signingCredentials: credentials); token = new JwtSecurityTokenHandler().WriteToken(jwtToken); return true; }
//获取token 信息
public static LoginRequestDTO UserInfo(this HttpContext httpcontent) { LoginRequestDTO user = null; var data = httpcontent.Request; var handerResult = httpcontent.Request.Headers["Authorization"].ToString().Replace("Bearer ", ""); if (!string.IsNullOrEmpty(handerResult)) { var dataResult = Validate(handerResult, payLoad => { user = new LoginRequestDTO(); user.Username = payLoad[ClaimTypes.Name]?.ToString(); return true; }); } return user; } public static bool Validate(string encodeJwt, Func<Dictionary<string, object>, bool> validatePayLoad) { var success = true; var jwtArr = encodeJwt.Split('.'); var header = JsonConvert.DeserializeObject<Dictionary<string, object>>(Base64UrlEncoder.Decode(jwtArr[0])); var payLoad = JsonConvert.DeserializeObject<Dictionary<string, object>>(Base64UrlEncoder.Decode(jwtArr[1])); //配置信息 var hs256 = new HMACSHA256(Encoding.ASCII.GetBytes("123456123456123456")); //首先验证签名是否正确(必须的) success = success && string.Equals(jwtArr[2], Base64UrlEncoder.Encode(hs256.ComputeHash(Encoding.UTF8.GetBytes(string.Concat(jwtArr[0], ".", jwtArr[1]))))); if (!success) { return success;//签名不正确直接返回 } //其次验证是否在有效期内(也应该必须) var now = ToUnixEpochDate(DateTime.UtcNow); success = success && (now < long.Parse(payLoad["exp"].ToString())); //再其次 进行自定义的验证 success = success && validatePayLoad(payLoad); return success; } public static long ToUnixEpochDate(DateTime date) => (long)Math.Round((date.ToUniversalTime() - new DateTimeOffset(1970, 1, 1, 0, 0, 0, TimeSpan.Zero)).TotalSeconds);