前言
本项目在之前的文章中已搭建完成,所有内容在之前的项目中扩展
之前的文章地址:跳转地址
源码下载地址:下载地址
JSON WEB Token(JWT),是一种基于JSON的、用于在网络上声明某种主张的令牌(token)。主要用于认证和保护API之间信息交换。JWT通常由三部分组成: 头信息(header), 消息体(payload)和签名(signature)。项目多使用JWT来进行身份验证。
使用JWT步骤
1安装 Microsoft.AspNetCore.Authentication.JwtBearer ,可通过Nuget包管理器进行安装,如下所示:
2 在appsettings.json添加JWT配置
{"Logging":{"LogLevel":{"Default":"Information","Microsoft.AspNetCore":"Warning"}},"AllowedHosts":"*","Jwt":{"SecretKey":"c0ecd23c-dfdb-4005-a2ea-0fea210c858d","Issuer":"JwtIssuer","Audience":"JwtAudience"}}
3 在Program.cs文件中添加JWT身份验证服务
usingMicrosoft.AspNetCore.Authentication.JwtBearer;usingMicrosoft.IdentityModel.Tokens;usingSystem.Text;var builder = WebApplication.CreateBuilder(args);
builder.Services.AddAuthentication(options =>{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;}).AddJwtBearer(o =>{
o.TokenValidationParameters =newTokenValidationParameters{
ValidIssuer = TS.Common.Helpers.Appsettings.GetValue("Jwt","Issuer"),
ValidAudience = TS.Common.Helpers.Appsettings.GetValue("Jwt","Audience"),
IssuerSigningKey =newSymmetricSecurityKey(Encoding.UTF8.GetBytes(TS.Common.Helpers.Appsettings.GetValue("Jwt","SecretKey"))),
ValidateIssuer =true,
ValidateAudience =true,
ValidateLifetime =false,
ValidateIssuerSigningKey =true};});
builder.Services.AddAuthorization();// Add services to the container.
builder.Services.AddControllers();// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(options =>{
options.AddSecurityDefinition("Bearer",newOpenApiSecurityScheme{
Description ="请输入token,格式为 Bearer xxxxxxxx",
Name ="Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey,
BearerFormat ="JWT",
Scheme ="Bearer"});//添加安全要求
options.AddSecurityRequirement(newOpenApiSecurityRequirement{{newOpenApiSecurityScheme{
Reference =newOpenApiReference{
Type = ReferenceType.SecurityScheme,
Id ="Bearer"}},newstring[]{}}});});var app = builder.Build();// Configure the HTTP request pipeline.if(app.Environment.IsDevelopment()){
app.UseSwagger();
app.UseSwaggerUI();}
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
4 在TS.Common中添加Microsoft.Extensions.Configuration.Json包
5 在TS.Common中添加Appsettings.cs
代码如下:
usingMicrosoft.Extensions.Configuration.Json;usingMicrosoft.Extensions.Configuration;namespaceTS.Common.Helpers{/// <summary>/// appsettings.json操作类/// </summary>publicclassAppsettings{staticIConfiguration? configuration {get;set;}staticstring? contentPath {get;set;}publicAppsettings(string contentPath){string Path ="appsettings.json";
configuration =newConfigurationBuilder().SetBasePath(contentPath).Add(newJsonConfigurationSource{ Path = Path, Optional =false, ReloadOnChange =true}).Build();}/// <summary>/// /// </summary>/// <param name="sections"></param>/// <returns>String</returns>publicstaticstringGetValue(paramsstring[] sections){Appsettings appsettingsinfo =newAppsettings(AppContext.BaseDirectory);return configuration?[string.Join(":", sections)]?? String.Empty;}}}
6 创建Token,代码如下
privatestaticstringGenerateJsonWebToken(){var securityKey =newSymmetricSecurityKey(Encoding.UTF8.GetBytes(TS.Common.Helpers.Appsettings.GetValue("Jwt","SecretKey")));var credentials =newSigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);var claimsIdentity =newClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
claimsIdentity.AddClaim(newClaim("userid","1"));var token =newJwtSecurityToken(TS.Common.Helpers.Appsettings.GetValue("Jwt","Issuer"),
TS.Common.Helpers.Appsettings.GetValue("Jwt","Audience"),
claimsIdentity.Claims,expires: DateTime.Now.AddMinutes(120),signingCredentials: credentials);returnnewJwtSecurityTokenHandler().WriteToken(token);}/// <summary>/// 创建Token/// </summary>/// <returns></returns>[HttpPost("GenerateToken")]publicActionResultGetToken(){string token =GenerateJsonWebToken();returnOk(token);}
7 验证JWT是否配置成功,编写验证接口
/// <summary>/// 验证Token/// </summary>/// <returns></returns>[Authorize]//开启授权验证[HttpPost("TestToken")]publicActionResultTest(){returnOk("成功进入");}
8 Herder中带验证参数(GetToken接口获取的参数 前面加上 Bearer )
9 如果没有传入Token 调用接口将报401错误。
10 当然直接在swagger中调用也可以,需要配置Authorization参数
总结
使用JWT进行身份验证有很多优点,当然JWT也有缺点
例如 更多的空间占用、无法作废已颁布的令牌、Payload 存储的一些用户信息,它是通过Base64加密的,可以直接解密等
本文转载自: https://blog.csdn.net/roc_wei_chen/article/details/140568528
版权归原作者 rocweichen 所有, 如有侵权,请联系我们删除。
版权归原作者 rocweichen 所有, 如有侵权,请联系我们删除。