.net core 基于Jwt实现Token令牌

Startup类ConfigureServices中

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(options =>
        {
            options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = true,//validate the server
                ValidateAudience = true,//ensure that the recipient of the token is authorized to receive it 
                ValidateLifetime = true,//check that the token is not expired and that the signing key of the issuer is valid 
                ValidateIssuerSigningKey = true,//verify that the key used to sign the incoming token is part of a list of trusted keys
                ValidIssuer = Configuration["Jwt:Issuer"],//appsettings.json文件中定义的Issuer
                ValidAudience = Configuration["Jwt:Issuer"],//appsettings.json文件中定义的Audience
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"]))
            };//appsettings.json文件中定义的JWT Key
        });

Configure 启用中间件

 app.UseAuthentication();//配置授权

appsetting.json中配置

"Jwt": {
    "Key": "veryVerySecretKey",
    "Issuer": "http://localhost:65356"
  }

Api控制器中  根据登录信息生成token令牌

using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.IdentityModel.Tokens;
using OnlineClassroom.Common;
using OnlineClassroom.Entity;
using OnlineClassroom.IService;

namespace OnlineClassroom.Api.Controllers
{
    [Authorize]
    [Route("api/[controller]/[action]")]
    [ApiController]
    public class UsersApiController : ControllerBase
    {
        private IConfiguration _config;
        public IUsersService iUsersService = null;

        public UsersApiController(IConfiguration config, IUsersService _iUsersService)
        {
            _config = config;
            iUsersService = _iUsersService;
        }/// <summary>
        /// 登录
        /// </summary>
        /// <param name="Name">用户名</param>
        /// <param name="Pwd">密码</param>
        /// <returns>自定义结果</returns>
        [HttpPost, AllowAnonymous]
        public IActionResult Login(string Name, string Pwd)
        {
            IActionResult response = Unauthorized();
            LoginModel login = new LoginModel();
            login.Username = Name;
            login.Password = Pwd;
            var user = Authenticate(login);
            if (user != null)
            {
                var tokenString = BuildToken(user);
                response = Ok(new {User=user.user, token = tokenString});
            }
            return response;
        }
/// <summary>
        /// 根据用户信息生成token
        /// </summary>
        /// <param name="user"></param>
        /// <returns></returns>
        private string BuildToken(UserModel user)
        {
            //添加Claims信息
            var claims = new[] {
                new Claim(JwtRegisteredClaimNames.Sub, user.Name),
                new Claim(JwtRegisteredClaimNames.Email, user.Password),
                new Claim(JwtRegisteredClaimNames.Birthdate, user.Birthdate.ToString("yyyy-MM-dd")),
                new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
            };

            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
            var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

            var token = new JwtSecurityToken(_config["Jwt:Issuer"],
              _config["Jwt:Issuer"],
              claims,//添加claims
              expires: DateTime.Now.AddMinutes(30),
              signingCredentials: creds);
            //一个典型的JWT 字符串由三部分组成:

            //header: 头部,meta信息和算法说明
            //payload: 负荷(Claims), 可在其中放入自定义内容, 比如, 用户身份等
            //signature: 签名, 数字签名, 用来保证前两者的有效性

            //三者之间由.分隔, 由Base64编码.根据Bearer 认证规则, 添加在每一次http请求头的Authorization字段中, 这也是为什么每次这个字段都必须以Bearer jwy - token这样的格式的原因.
            return new JwtSecurityTokenHandler().WriteToken(token);
        }

        private UserModel Authenticate(LoginModel login)
        {
            UserModel user = null;

            var users = iUsersService.Login(login.Username, login.Password);

            if (users != null)
            {
                user = new UserModel { Name = login.Username, Password = login.Password,user=users };
            }

            return user;
        }

        public class LoginModel
        {
            public string Username { get; set; }
            public string Password { get; set; }
        }

        private class UserModel
        {
            public Users user { get; set; }
            public string Name { get; set; }
            public string Password { get; set; }
            public DateTime Birthdate { get; set; }
        }
    }
}

 

posted @ 2019-04-03 17:29  阳光下的行者  阅读(2219)  评论(0编辑  收藏  举报