时间:2021-05-28
我的方式非主流,控制却可以更加灵活,喜欢的朋友,不妨花一点时间学习一下
jwt认证分为两部分,第一部分是加密解密,第二部分是灵活的应用于中间件,我的处理方式是将获取token放到api的一个具体的controller中,将发放token与验证分离,token的失效时间,发证者,使用者等信息存放到config中。
1.配置:
在appsettings.json中增加配置
"Jwt": {"Issuer": "issuer",//随意定义"Audience": "Audience",//随意定义"SecretKey": "abc",//随意定义"Lifetime": 20, //单位分钟"ValidateLifetime": true,//验证过期时间"HeadField": "useless", //头字段"Prefix": "prefix", //前缀"IgnoreUrls": [ "/Auth/GetToken" ]//忽略验证的url}2:定义配置类:
internal class JwtConfig { public string Issuer { get; set; } public string Audience { get; set; } /// <summary> /// 加密key /// </summary> public string SecretKey { get; set; } /// <summary> /// 生命周期 /// </summary> public int Lifetime { get; set; } /// <summary> /// 是否验证生命周期 /// </summary> public bool ValidateLifetime { get; set; } /// <summary> /// 验证头字段 /// </summary> public string HeadField { get; set; } /// <summary> /// jwt验证前缀 /// </summary> public string Prefix { get; set; } /// <summary> /// 忽略验证的url /// </summary> public List<string> IgnoreUrls { get; set; } }3.加密解密接口:
public interface IJwt { string GetToken(Dictionary<string, string> Clims); bool ValidateToken(string Token,out Dictionary<string ,string> Clims); }4.加密解密的实现类:
install -package System.IdentityModel.Tokens.Jwt public class Jwt : IJwt { private IConfiguration _configuration; private string _base64Secret; private JwtConfig _jwtConfig = new JwtConfig(); public Jwt(IConfiguration configration) { this._configuration = configration; configration.GetSection("Jwt").Bind(_jwtConfig); GetSecret(); } /// <summary> /// 获取到加密串 /// </summary> private void GetSecret() { var encoding = new System.Text.ASCIIEncoding(); byte[] keyByte = encoding.GetBytes("salt"); byte[] messageBytes = encoding.GetBytes(this._jwtConfig.SecretKey); using (var hmacsha256 = new HMACSHA256(keyByte)) { byte[] hashmessage = hmacsha256.ComputeHash(messageBytes); this._base64Secret= Convert.ToBase64String(hashmessage); } } /// <summary> /// 生成Token /// </summary> /// <param name="Claims"></param> /// <returns></returns> public string GetToken(Dictionary<string, string> Claims) { List<Claim> claimsAll = new List<Claim>(); foreach (var item in Claims) { claimsAll.Add(new Claim(item.Key, item.Value)); } var symmetricKey = Convert.FromBase64String(this._base64Secret); var tokenHandler = new JwtSecurityTokenHandler(); var tokenDescriptor = new SecurityTokenDescriptor { Issuer = _jwtConfig.Issuer, Audience = _jwtConfig.Audience, Subject = new ClaimsIdentity(claimsAll), NotBefore = DateTime.Now, Expires = DateTime.Now.AddMinutes(this._jwtConfig.Lifetime), SigningCredentials =new SigningCredentials(new SymmetricSecurityKey(symmetricKey), SecurityAlgorithms.HmacSha256Signature) }; var securityToken = tokenHandler.CreateToken(tokenDescriptor); return tokenHandler.WriteToken(securityToken); } public bool ValidateToken(string Token, out Dictionary<string, string> Clims) { Clims = new Dictionary<string, string>(); ClaimsPrincipal principal = null; if (string.IsNullOrWhiteSpace(Token)) { return false; } var handler = new JwtSecurityTokenHandler(); try { var jwt = handler.ReadJwtToken(Token); if (jwt == null) { return false; } var secretBytes = Convert.FromBase64String(this._base64Secret); var validationParameters = new TokenValidationParameters { RequireExpirationTime = true, IssuerSigningKey = new SymmetricSecurityKey(secretBytes), ClockSkew = TimeSpan.Zero, ValidateIssuer = true,//是否验证Issuer ValidateAudience = true,//是否验证Audience ValidateLifetime = this._jwtConfig.ValidateLifetime,//是否验证失效时间 ValidateIssuerSigningKey = true,//是否验证SecurityKey ValidAudience = this._jwtConfig.Audience, ValidIssuer = this._jwtConfig.Issuer }; SecurityToken securityToken; principal = handler.ValidateToken(Token, validationParameters, out securityToken); foreach (var item in principal.Claims) { Clims.Add(item.Type, item.Value); } return true; } catch (Exception ex) { return false; } } }5.定义获取Token的Controller:
在Startup.ConfigureServices中注入 IJwt
services.AddTransient<IJwt, Jwt>(); // Jwt注入[Route("[controller]/[action]")] [ApiController] public class AuthController : ControllerBase { private IJwt _jwt; public AuthController(IJwt jwt) { this._jwt = jwt; } /// <summary> /// getToken /// </summary> /// <returns></returns> [HttpPost] public IActionResult GetToken() { if (true) { Dictionary<string, string> clims = new Dictionary<string, string>(); clims.Add("userName", userName); return new JsonResult(this._jwt.GetToken(clims)); } } }6.创建中间件:
public class UseJwtMiddleware { private readonly RequestDelegate _next; private JwtConfig _jwtConfig =new JwtConfig(); private IJwt _jwt; public UseJwtMiddleware(RequestDelegate next, IConfiguration configration,IJwt jwt) { _next = next; this._jwt = jwt; configration.GetSection("Jwt").Bind(_jwtConfig); } public Task InvokeAsync(HttpContext context) { if (_jwtConfig.IgnoreUrls.Contains(context.Request.Path)) { return this._next(context); } else { if (context.Request.Headers.TryGetValue(this._jwtConfig.HeadField, out Microsoft.Extensions.Primitives.StringValues authValue)) { var authstr = authValue.ToString(); if (this._jwtConfig.Prefix.Length > 0) { authstr = authValue.ToString().Substring(this._jwtConfig.Prefix.Length+1, authValue.ToString().Length -(this._jwtConfig.Prefix.Length+1)); } if (this._jwt.ValidateToken(authstr, out Dictionary<string, string> Clims)) { foreach (var item in Clims) { context.Items.Add(item.Key, item.Value); } return this._next(context); } else { context.Response.StatusCode = 401; context.Response.ContentType = "application/json"; return context.Response.WriteAsync("{\"status\":401,\"statusMsg\":\"auth vaild fail\"}"); } } else { context.Response.StatusCode = 401; context.Response.ContentType = "application/json"; return context.Response.WriteAsync("{\"status\":401,\"statusMsg\":\"auth vaild fail\"}"); } } } }7.中间件暴露出去
public static class UseUseJwtMiddlewareExtensions { /// <summary> /// 权限检查 /// </summary> /// <param name="builder"></param> /// <returns></returns> public static IApplicationBuilder UseJwt(this IApplicationBuilder builder) { return builder.UseMiddleware<UseJwtMiddleware>(); } }8.在Startup.Configure中使用中间件:
app.UseJwt();以1的配置为例:
除了请求 /auth/getToken 不需要加头信息外,其他的请求一律要求头信息中必须带着
userless:prefix (从Auth/GetToken中获取到的token)以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。
声明:本页内容来源网络,仅供用户参考;我单位不保证亦不表示资料全面及准确无误,也不保证亦不表示这些资料为最新信息,如因任何原因,本网内容或者用户因倚赖本网内容造成任何损失或损害,我单位将不会负任何法律责任。如涉及版权问题,请提交至online#300.cn邮箱联系删除。
前言:上篇C#进阶系列——WebApi接口传参不再困惑:传参详解介绍了WebApi参数的传递,这篇来看看WebApi里面异常的处理。关于异常处理,作为程序员的我
1,快速实现授权验证什么是JWT?为什么要用JWT?JWT的组成?这些百度可以直接找到,这里不再赘述。实际上,只需要知道JWT认证模式是使用一段Token作为认
什么是JWT这里是jwt官方地址,想了解更多的可以在这里查看。jwt全称是JSONWebToken,从全称就可以看出jwt多用于认证方面的。这个东西定义了一种简
本文介绍了springBoot实战之Filter实现使用JWT进行接口认证,分享给大家jwt(jsonwebtoken)用户发送按照约定,向服务端发送Heade
1简介在之前的文章《Springboot集成SpringSecurity实现JWT认证》讲解了如何在传统的Web项目中整合SpringSecurity和JWT,