1. 安装必要的包
首先,确保你的.NET Core项目中安装了处理JWT相关的包,比如 Microsoft.AspNetCore.Authentication.JwtBearer
和 System.IdentityModel.Tokens.Jwt
。可以通过NuGet包管理器来安装。
2. 配置JWT设置
在 appsettings.json
文件中,配置JWT的相关参数,如密钥(Secret)、颁发者(Issuer)和受众(Audience)。
这是一个示例参数
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"Jwt": {
"Key": "abeb00ea-4c7a-44f3-ba6e-dc10172644a7",
"Issuer": "jwttest",
"Audience": "jwttest"
},
"AllowedHosts": "*"
}
3. 添加JWT认证服务
// 读取配置
var jwtConfig = builder.Configuration.GetSection("Jwt");
// 添加JWTBearer认证
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = jwtConfig.GetValue<string>("Issuer"),
ValidAudience = jwtConfig.GetValue<string>("Audience"),
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtConfig.GetValue<string>("Key")))
};
});
4. 使用认证中间件
5. 生成JWT Token
一个简单的用户模型
public class User
{
public string UserName { get; set; }
public string Password { get; set; }
}
生成token的方法,新增一个jwthelper
public class JwtHelper
{
IConfiguration _configuration;
public JwtHelper(IConfiguration configuration)
{
_configuration = configuration;
}
public string GenerateJwtToken(User user)
{
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
// 添加其他claims,如角色等
};
var symmetricSecurityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Jwt:Key"]));
var signingCredentials = new SigningCredentials(symmetricSecurityKey, SecurityAlgorithms.HmacSha256);
var jwtSecurityToken = new JwtSecurityToken(
issuer: _configuration["Jwt:Issuer"],
audience: _configuration["Jwt:Audience"],
claims: claims,
expires: DateTime.UtcNow.AddDays(7), // Token有效期
signingCredentials: signingCredentials
);
return new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
}
}
6. 测试Token
在需要添加身份认证的接口上添加 [Authorize]
下边是示例代码,假如我有这样两个接口
[Route("api/[controller]/[action]")]
[ApiController]
public class HomeController : ControllerBase
{
IConfiguration _configuration;
public HomeController(IConfiguration configuration)
{
_configuration = configuration;
}
/// <summary>
/// 获取token
/// </summary>
/// <returns></returns>
[HttpPost]
public IActionResult gettoken()
{
var token = new JwtHelper(_configuration).GenerateJwtToken(new User() { UserName = "张三" });
return Content(token);
}
/// <summary>
/// 测试token
/// </summary>
/// <returns></returns>
[HttpPost]
[Authorize]
public IActionResult test()
{
return Content("请求成功");
}
}
请求gettoken 接口
请求test接口,提示401 ,证明请求已经被拦截
如何能够请求成功呢,现在swagger中好像没有直接添加身份认证的地方
7. JWTToken集成到swagger中
安装Swashbuckle.AspNetCore.Filters包
然后再在注册一下swagger的认证服务
// 添加Swagger服务并配置JWT授权
builder.Services.AddSwaggerGen(c=>{
// 安全模式配置
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
Description = "JWT Authorization header using the Bearer scheme. Example: 'Bearer {token}'",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey,
Scheme = "Bearer"
});
// 安全要求
c.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
},
Scheme = "oauth2",
Name = "Bearer",
In = ParameterLocation.Header,
},
new List<string>()
}
});
});
现在重新生成代码就发现,swagger中就多了一把锁
点击锁将token 输入进去。默认用的策略是Bearer ,所以在添加token 的时候需要将 策略名称也加上 ,注意有个空格
现在再来请求,发现验证已经通过