一、生成token
public string CreateToken(UserDto input)
{
var tokenHandler = new JwtSecurityTokenHandler();
var authTime = DateTime.Now;
var expiresAt = authTime.AddHours(_myOptions.AccessTokenTime);//到期时间
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(JwtClaimTypes.Audience,"api"),
new Claim(JwtClaimTypes.Issuer,"KouBei"),
new Claim(JwtClaimTypes.Id, input.Id),
new Claim(JwtClaimTypes.PhoneNumber, input.Phone),
new Claim(JwtClaimTypes.NotBefore, $"{new DateTimeOffset(authTime).ToUnixTimeSeconds()}"),//token生效时间
new Claim(JwtClaimTypes.Expiration, $"{new DateTimeOffset(expiresAt).ToUnixTimeSeconds()}")//到期时间,按秒数计算
}),
IssuedAt = DateTime.Now,//token生成时间
Expires = expiresAt,
NotBefore = authTime,
SigningCredentials = new SigningCredentials(symmetricKey, SecurityAlgorithms.HmacSha256Signature)//密钥和加密方式
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
return tokenString;
}
二、Startup 配置
ConfigureServices方法中:
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
o.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
context.Token = context.Request.Query["AccessToken"];
return Task.CompletedTask;
}
};
o.SaveToken = true;
o.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = JwtClaimTypes.Name,
RoleClaimType = JwtClaimTypes.Role,
ValidIssuer = "KouBei",
ValidAudience = "api",
IssuerSigningKey = symmetricKey,
// 是否验证Token有效期,使用当前时间与Token的Claims中的NotBefore和Expires对比
ValidateLifetime = true,
//注意这是缓冲过期时间,总的有效时间等于这个时间加上jwt的过期时间,如果不配置,默认是5分钟
ClockSkew = TimeSpan.FromSeconds(4)
};
});