1. NuGet 添加 IdentityServer4.AccessTokenValidation 包
2.添加证书类 TokenParameter
public class TokenParameter
{
public const string Issuer = "小白";//颁发者
public const string Audience = "下黑";//接收者
public const string Secret = "1234567812345678";//签名秘钥
public const int AccessExpiration = 30;//AccessToken过期时间(分钟)
}
3.添加获取Token的控制器
[HttpGet]
[Route("token")]
public ActionResult GetAccessToken(string username,string password)
{
if (username != "admin" || password != "123")
return BadRequest("Invalid Request");
var claims = new[]
{
new Claim(ClaimTypes.Name,username),
new Claim(ClaimTypes.Role,"")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(TokenParameter.Secret));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var jwtToken = new JwtSecurityToken(TokenParameter.Issuer, TokenParameter.Audience, claims, expires: DateTime.UtcNow.AddMinutes(TokenParameter.AccessExpiration), signingCredentials: credentials);
var token = new JwtSecurityTokenHandler().WriteToken(jwtToken);
return Ok(token);
}
4. Program.cs 添加如下代码段:
1.允许异步IO操作
builder.Services.Configure<KestrelServerOptions>(option => option.AllowSynchronousIO = true)
.Configure<IISServerOptions>(option => option.AllowSynchronousIO = true);
2.添加认证
builder.Services.AddAuthentication(option =>
{
option.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
option.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(option =>
{
option.RequireHttpsMetadata = false;
option.SaveToken = true;
option.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,//是否调用对签名securityToken的SecurityKey进行验证
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(TokenParameter.Secret)),//签名秘钥
ValidateIssuer = true,//是否验证颁发者
ValidIssuer = TokenParameter.Issuer, //颁发者
ValidateAudience = true, //是否验证接收者
ValidAudience = TokenParameter.Audience,//接收者
ValidateLifetime = true,//是否验证失效时间
};
});
builder.Services.AddAuthorization();
3.允许跨域
builder.Services.AddCors(options =>
{
options.AddPolicy("CorsPolicy", builder =>
{
builder.AllowAnyOrigin() //允许所有Origin策略
//允许所有请求方法:Get,Post,Put,Delete
.AllowAnyMethod()
//允许所有请求头:application/json
.AllowAnyHeader();
});
});
4.错误处理
app.UseStatusCodePages(new StatusCodePagesOptions()
{
HandleAsync = (context) =>
{
if (context.HttpContext.Response.StatusCode == 401)
{
using (System.IO.StreamWriter sw = new StreamWriter(context.HttpContext.Response.Body))
{
sw.Write(Newtonsoft.Json.JsonConvert.SerializeObject(new
{
status = 401,
message = "access denied"
}));
}
}
return System.Threading.Tasks.Task.Delay(0);
}
});
5.启用跨域、认证、授权
app.UseCors();
app.UseAuthentication();
app.UseAuthorization();
5. 需要认证的控制器上添加
[Authorize]
6.需要跨域的控制器上添加
[EnableCors("CorsPolicy")]