以前接触过,写过博客,第二次再写有了新的体会。第一次博客:https://www.cnblogs.com/zhang-3/p/16184067.html
过程:
- 生成token令牌(钥匙)
- 添加bearer认证 (验证钥匙是否正确)
- 给接口或控制器添加验证 (锁)
- 给接口添加显示的小锁
1.引入包:System.IdentityModel.Tokens.Jwt
这次博客比第一次简化了好多,比如令牌的model类,密钥写在配置文件等,暂时省略了
public static string IssueJwt(string id,string Name)
{
string iss = "发行人";
string aud = "受众人";
string secret = "12345678912345671234567891234567";
//载荷
var claims = new List<Claim>()
{
//jwtID唯一
new Claim(JwtRegisteredClaimNames.Jti,id),
//发行人可以理解为网站属于发行人
new Claim(JwtRegisteredClaimNames.Iss,iss),
//受众可以理解为哪些人可以使用
new Claim(JwtRegisteredClaimNames.Aud,aud),
//主体可以理解为对令牌的说明
new Claim(JwtRegisteredClaimNames.Sub,"主体"),
//发行时间即为令牌生成的时间
new Claim (JwtRegisteredClaimNames.Iat,$"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"),
//在此时间之前不可用
new Claim(JwtRegisteredClaimNames.Nbf,$"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"),
//令牌过期时间
new Claim(JwtRegisteredClaimNames.Exp,$"{new DateTimeOffset(DateTime.Now.AddSeconds(60)).ToUnixTimeSeconds()}"),
new Claim(ClaimTypes.Name,Name)
};
//使用密钥生成签名凭证
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
//序列化jwt
var jwt = new JwtSecurityTokenHandler().WriteToken(
new JwtSecurityToken(
issuer: iss,
claims: claims,
signingCredentials: creds));
return jwt;
}
生成token
2.引入包:Microsoft.AspNetCore.Authentication.JwtBearer
//注册bearer认证
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(o =>
{
var SigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("12345678912345671234567891234567"));
//验证的参数
o.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
//验证密钥
ValidateIssuerSigningKey = true,
IssuerSigningKey = SigningKey,
//验证发行者
ValidateIssuer = true,
ValidIssuer = "发行人",
//验证受众
ValidateAudience = true,
ValidAudience = "受众人",
//验证有效期
ValidateLifetime = true,
ClockSkew = TimeSpan.FromSeconds(30),
//必须有过期值/时间
RequireExpirationTime = true
};
o.Events = new JwtBearerEvents()
{
//当JWT Bearer认证失败时,即请求未包含有效的JWT令牌或令牌验证失败,该事件会被触发
OnChallenge = context =>
{
context.Response.Headers.Add("Token-Error", context.ErrorDescription);
return Task.CompletedTask;
},
//当JWT Bearer认证过程中出现异常时,例如令牌过期、签名验证失败等情况,该事件会被触发
OnAuthenticationFailed = context =>
{
var jwtHandler = new JwtSecurityTokenHandler();
var token = context.Request.Headers["Authorization"].ObjToString().Replace("Bearer ", string.Empty).Replace("bearer",string.Empty).Trim();
var jwtToken = jwtHandler.ReadJwtToken(token);
if (jwtToken.Issuer != "发行人")
{
context.Response.Headers.Add("Token-Error-Iss", "issuer is wrong!");
}
if (jwtToken.Audiences.FirstOrDefault() != "受众人")
{
context.Response.Headers.Add("Token-Error-Aud", "Audience is wrong!");
}
// 如果过期,则把<是否过期>添加到,返回头信息中
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return Task.CompletedTask;
}
};
});
bearer认证
3和4:引入包:SwashBuckle.AspNetCore.Filters
builder.Services.AddSwaggerGen(a =>
{
// 开启加权小锁(暂时不知道什么意思)
a.OperationFilter<AddResponseHeadersFilter>();
//(接口显示认证角色信息)
a.OperationFilter<AppendAuthorizeToSummaryOperationFilter>();
// 在header中添加token,传递到后台(添加小锁)
a.OperationFilter<SecurityRequirementsOperationFilter>();
a.AddSecurityDefinition("oauth2", new Microsoft.OpenApi.Models.OpenApiSecurityScheme
{
Description = "JWT授权(数据将在请求头中进行传输) 直接在下框中输入Bearer {token}(注意两者之间是一个空格)\"",
Name = "Authorization", //jwt默认的参数名称
In = ParameterLocation.Header, //jwt默认存放Authorization信息的位置(请求头中)
Type = SecuritySchemeType.ApiKey//安全方案/类型(模式)APIkey
});
});
添加到swagger显示锁
标签:Claim,令牌,string,认证,context,new,var,Net6,2.0 From: https://www.cnblogs.com/zhang-3/p/17574221.html