这是第二部:实现NetCore
上的WebApi
使用JWT
认证
1、NetCore新建一个WebApi
的项目
2、打开AppSettings.json
,添加Jwt
的信息,这里为了演示而已
{
"Logging": {
"IncludeScopes": false,
"Debug": {
"LogLevel": {
"Default": "Warning"
}
},
"Console": {
"LogLevel": {
"Default": "Warning"
}
}
},
"JwtSettings": {
"Issuer": "XXX",
"Audience": "XXXX",
"SecretKey": "To live is to change the world!"
}
}
3、Models
下新建两个类,一个用于登录,一个用于获取配置文件中的值
namespace NerCoreJwt.Models
{
public class LoginViewModel
{
public string UserName { get; set; } = "wangshibang";
public string Password { get; set; } = "123456";
}
}
namespace NerCoreJwt.Models
{
public class JwtSettings
{
/// <summary>
/// 证书颁发者
/// </summary>
public string Issuer { get; set; }
/// <summary>
/// 允许使用的角色
/// </summary>
public string Audience { get; set; }
/// <summary>
/// 加密字符串
/// </summary>
public string SecretKey { get; set; }
}
}
4、新建一个Controller
,用来写登录后生成Token
逻辑
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
using NerCoreJwt.Models;
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
namespace NerCoreJwt.Controllers
{
[Route("api/[controller]/[action]")]
public class AuthorizeController : Controller
{
private JwtSettings setting;
public AuthorizeController(IOptions<JwtSettings> options)
{
setting = options.Value;
}
[HttpPost]
public IActionResult Login(LoginViewModel login)
{
if (ModelState.IsValid)
{
if (login.UserName == "wangshibang" && login.Password == "123456")
{
var claims = new Claim[] {
new Claim(ClaimTypes.Name, login.UserName),
new Claim(ClaimTypes.Role, "admin, Manage")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(setting.SecretKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
setting.Issuer,
setting.Audience,
claims,
DateTime.Now,
DateTime.Now.AddMinutes(30),
creds);
return Ok(new { Token = new JwtSecurityTokenHandler().WriteToken(token) });
}
}
return BadRequest();
}
[HttpGet]
public IActionResult NoValidate()
{
return Ok();
}
}
}
5、StartUp
类里面添加从Configure<JwtSettings>
中获取Section
才可以使用IOptions
获取里面的内容,为了省事就全部贴出来了
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using NerCoreJwt.Models;
using System.Linq;
using System.Threading.Tasks;
namespace NerCoreJwt
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<JwtSettings>(Configuration.GetSection("JwtSettings"));
JwtSettings setting = new JwtSettings();
Configuration.Bind("JwtSettings", setting);
services.AddAuthentication(option =>
{
option.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
option.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(config =>
{
/*
config.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidAudience = setting.Audience,
ValidIssuer = setting.Issuer,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(setting.SecretKey))
};
*/
config.SecurityTokenValidators.Clear();
config.SecurityTokenValidators.Add(new MyTokenValidate());
config.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
var token = context.Request.Headers["myToken"];
context.Token = token.FirstOrDefault();
return Task.CompletedTask;
}
};
});
services.AddMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();
app.UseMvc();
}
}
}
6、Token
生成了,可以用PostMan
调用接口试试,把生成的Token
粘到jwt.io
官网看看里面的信息
下面我们来进行授权
7、为了自定义授权方法,我们需要新建一个类,继承自ISecurityTokenValidator
接口
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
namespace NerCoreJwt
{
public class MyTokenValidate : ISecurityTokenValidator
{
public bool CanValidateToken => true;
public int MaximumTokenSizeInBytes { get ; set ; }
public bool CanReadToken(string securityToken)
{
return true;
}
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
ClaimsPrincipal principal;
try
{
validatedToken = null;
//这里需要验证生成的Token
/*
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoid2FuZ3NoaWJhbmciLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJhZG1pbiwgTWFuYWdlIiwibmJmIjoxNTIyOTI0MDgxLCJleHAiOjE1MjI5MjU4ODEsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTAwMCIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTAwMCJ9.fa0jDYt_MqHFcwQfsMS30eCsjEwQt_uiv96bGtMQJBE
*/
var token = new JwtSecurityToken(securityToken);
//获取到Token的一切信息
var payload = token.Payload;
var role = (from t in payload where t.Key == ClaimTypes.Role select t.Value).FirstOrDefault();
var name = (from t in payload where t.Key == ClaimTypes.Name select t.Value).FirstOrDefault();
var issuer = token.Issuer;
var key = token.SecurityKey;
var audience = token.Audiences;
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
identity.AddClaim(new Claim(ClaimTypes.Name, name.ToString()));
identity.AddClaim(new Claim(ClaimsIdentity.DefaultRoleClaimType, "admin"));
principal = new ClaimsPrincipal(identity);
}
catch
{
validatedToken = null;48 principal = null;
}
return principal;
}
}
}
8、然后注释掉上面代码我注册的部分,因为这是原生的Authorize
验证特性,添加后面的自定义验证逻辑
9、在接口上面添加Authorize
特性,用PostMan
调用接口传入生成的Token
,设置断点看看效果吧
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Collections.Generic;
namespace NerCoreJwt.Controllers
{
[Route("api/[controller]")]
public class ValuesController : Controller
{
// GET api/values
[Authorize(Roles = "admin")]
[HttpGet]
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
// GET api/values/5
[HttpGet("{id}")]
public string Get(int id)
{
return "value";
}
// POST api/values
[HttpPost]
public void Post([FromBody]string value)
{
}
// PUT api/values/5
[HttpPut("{id}")]
public void Put(int id, [FromBody]string value)
{
}
// DELETE api/values/5
[HttpDelete("{id}")]
public void Delete(int id)
{
}
}
}
https://www.cnblogs.com/wangyulong/p/8734495.html