Asp.net Core JsonWebToken记录

Posted 2021-03-15 zxp6

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了Asp.net Core JsonWebToken记录相关的知识，希望对你有一定的参考价值。

nuget 引入 Microsoft.AspNetCore.Authentication.JwtBearer

Startup中

 app.UseAuthentication();

      #region JWT
            //读取配置文件
            services.Configure<TokenManagement>(Configuration.GetSection("tokenManagement"));
            var token = Configuration.GetSection("tokenManagement").Get<TokenManagement>();
            //注入JWT
            services.AddAuthentication(x =>
            {
                x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(x =>
            {
                x.RequireHttpsMetadata = false;
                x.SaveToken = true;
                x.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(token.Secret)),
                    ValidIssuer = token.Issuer,
                    ValidAudience = token.Audience,
                    ValidateIssuer = false,
                    ValidateAudience = false
                };

            });
            //权限注入
            services.AddScoped<IAuthenticateService, TokenAuthenticationService>();
            //验证是否有权限
            services.AddScoped<IUserService, UserService>();
            #endregion

　　appsettings.json 中配置文件

 "tokenManagement": {
    "secret": "123456123456123456", //发现HS256算法的秘钥长度最新为128位，转换成字符至少16字符
    "issuer": "webapi.cn",
    "audience": "WebApi",
    "accessExpiration": 30,
    "refreshExpiration": 60
  }

//jwt实体配置
public class TokenManagement
    {
        [JsonProperty("secret")]
        public string Secret { get; set; }

        [JsonProperty("issuer")]
        public string Issuer { get; set; }

        [JsonProperty("audience")]
        public string Audience { get; set; }

        [JsonProperty("accessExpiration")]
        public int AccessExpiration { get; set; }

        [JsonProperty("refreshExpiration")]
        public int RefreshExpiration { get; set; }

    }

//登陆验证返回token信息
 public bool IsAuthenticated(LoginRequestDTO request, out string token)
        {
            token = string.Empty;
            if (!_userService.IsValid(request))
                return false;
            var claims = new[]
            {
                new Claim(ClaimTypes.Name,request.Username)
            };
            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_tokenManagement.Secret));
            var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
            var jwtToken = new JwtSecurityToken(_tokenManagement.Issuer,
                _tokenManagement.Audience,
                claims,
                expires: DateTime.Now.AddMinutes(_tokenManagement.AccessExpiration),
                signingCredentials: credentials);
            token = new JwtSecurityTokenHandler().WriteToken(jwtToken);
            return true;

        }

//获取token 信息
 public static LoginRequestDTO UserInfo(this HttpContext httpcontent)
        {
            LoginRequestDTO user = null;
            var data = httpcontent.Request;
            var handerResult = httpcontent.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");
            if (!string.IsNullOrEmpty(handerResult))
            {
                var dataResult = Validate(handerResult, payLoad =>
                 {
                     user = new LoginRequestDTO();
                     user.Username = payLoad[ClaimTypes.Name]?.ToString();
                     return true;
                 });
            }
            return user;
        }
        public static bool Validate(string encodeJwt, Func<Dictionary<string, object>, bool> validatePayLoad)
        {
            var success = true;
            var jwtArr = encodeJwt.Split(‘.‘);
            var header = JsonConvert.DeserializeObject<Dictionary<string, object>>(Base64UrlEncoder.Decode(jwtArr[0]));
            var payLoad = JsonConvert.DeserializeObject<Dictionary<string, object>>(Base64UrlEncoder.Decode(jwtArr[1]));
            //配置信息
            var hs256 = new HMACSHA256(Encoding.ASCII.GetBytes("123456123456123456"));
            //首先验证签名是否正确（必须的）
            success = success && string.Equals(jwtArr[2], Base64UrlEncoder.Encode(hs256.ComputeHash(Encoding.UTF8.GetBytes(string.Concat(jwtArr[0], ".", jwtArr[1])))));
            if (!success)
            {
                return success;//签名不正确直接返回
            }
            //其次验证是否在有效期内（也应该必须）
            var now = ToUnixEpochDate(DateTime.UtcNow);
            success = success && (now < long.Parse(payLoad["exp"].ToString()));

            //再其次 进行自定义的验证
            success = success && validatePayLoad(payLoad);

            return success;
        }
        public static long ToUnixEpochDate(DateTime date) =>
            (long)Math.Round((date.ToUniversalTime() - new DateTimeOffset(1970, 1, 1, 0, 0, 0, TimeSpan.Zero)).TotalSeconds);

以上是关于Asp.net Core JsonWebToken记录的主要内容，如果未能解决你的问题，请参考以下文章

在ASP.NET Core中轻松使用JwtBeare进行身份验证

asp.net core 2.0 web api基于JWT自定义策略授权

JWT Bearer ASP.Net Core 3.1 用户在服务器上为空白

ASP.NET Core (.NET Core) and ASP.NET Core (.NET Framework)区别

Asp.Net core (Full .Net framework) vs Asp.Net core (.Net Core) 性能

Asp.NET Core进阶第四篇 Asp.Net Core Blazor框架