一.JWT的作用
把JSON对象加密成为一个秘钥字符串,JWT的令牌由三个部分组成 JWT头,JWTToken 签名
二.验证令牌的流程
首先由用户登录后将信息传到后台接口中生成JWT令牌,然后后台将JWT令牌返回给前端,前端可以保存到localStorage或sessionStoeage中
前端每次访问请求时会带着令牌传到后端,然后接口验证令牌的正确性,有效性,验证通过就会执行要执行的操作并返回响应的结果,否则就返回没有授权
三.如何配置JWT
首先安装Nuget包
然后在在appsettings.json配置
"Auth": {
"SecretKey": "al45jgioasdjgoije8343050945049jg3409jgfoksdjfglaskdjfaiosdjfasdfsd", //私钥 长度 16位以上 自己随便输入
"Issuer": "www.aaabb.com", //发行人
"Audience": "www.ccdd.com" //访问人
}
然后创建一个TokenHelper类
public class TokenHelper
{
private readonly IConfiguration _configuration;
private readonly JwtSecurityTokenHandler _jwtSecurityTokenHandler;
public TokenHelper(IConfiguration configuration, JwtSecurityTokenHandler jwtSecurityTokenHandler)
{
_configuration = configuration;
_jwtSecurityTokenHandler = jwtSecurityTokenHandler;
}
/// <summary>
/// 创建加密JwtToken
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public string CreateJwtToken<T>(T user)
{
var signingAlogorithm = SecurityAlgorithms.HmacSha256;
//CreateClaimList 将用户信息 加载到 载荷 当中
var claimList = this.CreateClaimList(user);
//Signature
//取出私钥并以utf8编码字节输出
var secretByte = Encoding.UTF8.GetBytes(_configuration["Auth:SecretKey"]);
//使用非对称算法对私钥进行加密
var signingKey = new SymmetricSecurityKey(secretByte);
//使用HmacSha256来验证加密后的私钥生成数字签名
var signingCredentials = new SigningCredentials(signingKey, signingAlogorithm);
//生成Token
var Token = new JwtSecurityToken(
issuer: _configuration["Auth:Issuer"], //发布者
audience: _configuration["Auth:Audience"], //接收者
claims: claimList, //存放的用户信息
notBefore: DateTime.UtcNow, //发布时间
expires: DateTime.UtcNow.AddDays(1), //有效期设置为1天
signingCredentials //数字签名
);
//生成字符串token
var TokenStr = new JwtSecurityTokenHandler().WriteToken(Token);
return TokenStr;
}
public T GetToken<T>(string Token)
{
Type t = typeof(T);
//Activator.CreateInstance 根据 t(你传过来的泛型) 用反射的方式 new 当前对象
object objA = Activator.CreateInstance(t);
var b = _jwtSecurityTokenHandler.ReadJwtToken(Token);
foreach (var item in b.Claims)
{
PropertyInfo _Property = t.GetProperty(item.Type);
if (_Property != null && _Property.CanRead)
{
_Property.SetValue(objA, item.Value, null);
}
}
return (T)objA;
}
/// <summary>
/// 创建包含用户信息的CalimList
/// </summary>
/// <param name="authUser"></param>
/// <returns></returns>
private List<Claim> CreateClaimList<T>(T authUser)
{
var Class = typeof(T);
//Claim 载荷的类 List
List<Claim> claimList = new List<Claim>();
//GetProperties 获取类型下所有的属性
foreach (var item in Class.GetProperties())
{
//if (item.Name == "UPass")
//{
// continue;
//}
claimList.Add(new Claim(item.Name, Convert.ToString(item.GetValue(authUser))));
}
return claimList;
}
}
然后在Program.cs中配置
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
{
//返回的是 字符的数组
var sercrtByte = Encoding.UTF8.GetBytes( builder.Configuration["Auth:SecretKey"]);
//配置token验证
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = builder.Configuration["Auth:Issuer"],
ValidateAudience = true,
ValidAudience = builder.Configuration["Auth:Audience"],
//验证是否过期
ValidateLifetime = true,
//验证私钥
IssuerSigningKey = new SymmetricSecurityKey(sercrtByte)
};
});
在控制器将TokenHelper注入进去
public UserInfoController( TokenHelper tokenHelper)
{
_tokenHelper = tokenHelper;
}
然后编写一个登录接口 在登录接口上一定要加上[AllowAnonymous] 这个是无需验证身份操作
/// <summary>
/// 登录
/// </summary>
/// <param name="userInfoDto"></param>
/// <returns></returns>
[HttpPost]
//允许所有人访问
[AllowAnonymous]
public IActionResult Login(UserInfoDto userInfoDto)
{
ApiResult apiResult = new ApiResult();
var userInfo = _mapper.Map<UserInfoDto, UserInfo>(userInfoDto);
var result = _userInfoRespority.Login(userInfo);
if (result==null)
{
apiResult.Code = StausCode.ERROR;
apiResult.Data = StatusMsg.LOGINERRORMSG;
return Ok(apiResult);
}
//将实体转回dto
UserDto? user = _mapper.Map<UserInfo, UserDto>(result);
apiResult.Code = StausCode.SUCCESS;
apiResult.Msg = StatusMsg.LOGINSUCCESSMSG;
apiResult.Data = user;
var token = _tokenHelper.CreateJwtToken(user);
//将token 放到响应头当中
Response.Headers["token"] = token;
Response.Headers["Access-Control-Expose-Headers"] = "token";
return Ok(apiResult);
}
这样一个JWT就写好了
标签:apiResult,JWT,item,token,var,new From: https://www.cnblogs.com/iamlcw/p/17660778.html