JWT 可以参考文章:Asp.net Core3.1 Jwt认证 简单使用_ShanShanYouWen的博客-CSDN博客
Swagger的调用可以参考:.NetCore3.1 Swagger简单使用_ShanShanYouWen的博客-CSDN博客
1、在JWT Demo的Startup里注册Swagger服务,并调用中间件
services.AddSwaggerGen(s =>
{
//定义由Swagger生成器创建的一个或多个文档
s.SwaggerDoc("v1", new Microsoft.OpenApi.Models.OpenApiInfo()
{
Title = "Swagger测试",
Description = "这是一个swagger测试接口",
Version = "v1",
TermsOfService = new Uri("https://test.com"), // A URL to the Terms of Service for the API. MUST be in the format of a URL. API服务条款的URL
Contact = new Microsoft.OpenApi.Models.OpenApiContact()
{
Email = "shanshanyouwen@126.com",
Name = "shanshanyouwen"
},
License = new Microsoft.OpenApi.Models.OpenApiLicense()
{
Name = "SwaggerLicense",
Url = new Uri("https://test.com")
}
});
});
// Enable middleware to serve generated Swagger as a JSON endpoint. 允许中间件将生成的Swagger用作JSON端点。
// Register the Swagger middleware with optional setup action for DI-injected options 使用DI注入选项的可选设置操作注册Swagger中间件
app.UseSwagger();
//Register the SwaggerUI middleware with optional setup action for DI-injected 为注入的DI注册带有可选设置操作的SwaggerUI中间件
//Enable middleware to serve swagger-ui (HTML, JS, CSS, etc.) 使中间件能够为swagger ui(HTML、JS、CSS等)提供服务
app.UseSwaggerUI();
2、新建测试接口ValuesController
[ApiController]
[Route("[controller]")]
public class ValuesController : ControllerBase
{
private readonly ILogger<HomeController> _logger;
private readonly JwtConfig _jwtoptions;
public ValuesController(ILogger<HomeController> logger, IOptions<JwtConfig> jwtoptions)
{
_logger = logger;
_jwtoptions = jwtoptions.Value;
}
/// <summary>
/// 获取个人信息
/// </summary>
/// <returns></returns>
/// <remarks></remarks>
[Authorize]
[HttpGet]
public string GetMyInfo()
{
return JsonConvert.SerializeObject(new { code = 0, msg = "success", data = "你有权限访问我的个人信息" });
}
/// <summary>
/// GetToken
/// </summary>
/// <param name="username">账户</param>
/// <param name="pwd">密码</param>
/// <returns></returns>
[HttpPost]
public IActionResult Login(string username, string pwd)
{
var user = new UserBLL().GetUser(username, pwd);
if (user != null)
{
string token = GenerateToken(_jwtoptions, user);
return Ok(new { code = 0, msg = "success", Token = token });
}
return NoContent();
}
private string GenerateToken(JwtConfig jwtConfig, User user)
{
var claims = new Claim[] {
new Claim (ClaimTypes.Name,user.username)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtConfig.SigningKey));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var securityToken = new JwtSecurityToken(
jwtConfig.Issuer,
jwtConfig.Audience,
claims,
expires: DateTime.Now.AddMinutes(jwtConfig.Expires),
signingCredentials: credentials);
return new JwtSecurityTokenHandler().WriteToken(securityToken);
}
/ <summary>
/ 获取公开信息
/ </summary>
/ <returns></returns>
//[HttpGet]
//public string GetPublicInfo()
//{
// return JsonConvert.SerializeObject(new { code = 0, msg = "success", data = "访问公开信息,不需要授权" });
//}
}
3、运行访问swagger 调用接口提示未授权
4、在Startup的注册swagger服务里添加jwt服务
//swagger 添加 JWT 验证
s.AddSecurityDefinition("Bearer", new Microsoft.OpenApi.Models.OpenApiSecurityScheme
{
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey,
Description = "需要在请求头中框中输入Jwt授权Token: Bearer Token",
Name = "Authorization",
BearerFormat = "JWT",
Scheme = "Bearer"
});
s.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
}, new string[] { }
}
});
5、运行swagger页面发现多了一个授权按钮
6、调用接口 GetToken 获取Token
7、点击授权,弹出窗口,输入Bearer +空格+token,点击Authorize。
成功授权提示
7、授权成功,执行获取个人信息接口,成功返回信息
8、点击授权,弹出框Logout退出。
再次调用获取个人信息接口,提示未授权