实现生成token、验证token
1、安装包JwtBearer
我用的框架是.NET Core 3.1 ,JWT包没安装最新的
配置文件 appsetting.json:
"JWT": {
"SecretKey": "密钥自定义",
"Issuer": "自定义",
"Expires": 24, //token过期时间
"Audience": "自定义"
}
2、ConfigureServices里添加
// token验证
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = Configuration["JWT:Issuer"],
ValidateAudience = true,
ValidAudience = Configuration["JWT:Audience"],
ValidateLifetime = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JWT:SecretKey"]))
}
);
Configure里添加(认证和授权的先后顺序不能改)
//开启认证
app.UseAuthentication();
//开启授权
app.UseAuthorization();
3、生成token方法
/// <summary>
/// 生成token
/// </summary>
/// <param name="uid">用户的id</param>
/// <returns>自己创建的类</returns>
private LoginDTO CreateToken(string uid)
{
// 1. 定义需要使用到的Claims
var claims = new[]
{
//把用户的id加密进去,使用的时候可以从token里解密拿出来
new Claim("uid", uid),
//也可以多传几个参数
//new Claim("name", "Admin")
};
// 2. 从 appsettings.json 中读取SecretKey
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JWT:SecretKey"]));
// 3. 选择加密算法
var algorithm = SecurityAlgorithms.HmacSha256;
// 4. 生成Credentials
var signingCredentials = new SigningCredentials(secretKey, algorithm);
// 5. 从 appsettings.json 中读取Expires
var expires = Convert.ToDouble(_configuration["JWT:Expires"]);
// 6. 根据以上,生成token
var token = new JwtSecurityToken(
_configuration["JWT:Issuer"], //Issuer
_configuration["JWT:Audience"], //Audience
claims, //Claims,
DateTime.Now, //notBefore
DateTime.Now.AddHours(expires), //expires token过期时间,这里我设置了24小时
signingCredentials //Credentials
);
// 7. 将token变为string
var jwtToken = new JwtSecurityTokenHandler().WriteToken(token);
return new LoginDTO
{
UID = uid,
//LoginDTO是自定义的类,Expires我定义为unix时间戳类型,可以改成其他类型
Expires = TimeHelper.DatetimeToUnix(DateTime.Now.AddHours(expires)),
Token = jwtToken
};
}
用户调用登陆接口,验证完毕后用这个方法可以生成token
4、给需要验证的接口所在的controller里加上Authorize标签
5、从token里取出用户信息
protected ValueTask<string> GetUserIdAsync()
{
//在Claim中填入的uid取出来
var userId = HttpContext.User.Claims.FirstOrDefault(t => t.Type == "uid")?.Value ?? string.Empty;
if (!string.IsNullOrWhiteSpace(userId))
{
return new ValueTask<string>(userId);
}
return new ValueTask<string>("-1");
}
调用:
string userId= await GetUserIdAsync();
token验证方式:Bearer