02_Web Api使用Jwt
JWT(JSON Web Token)是一种用于在网络应用之间传递信息的开放标准(RFC 7519)。它使用 JSON 对象在安全可靠的方式下传递信息,通常用于身份验证和信息交换。
在Web API中,JWT通常用于对用户进行身份验证和授权。当用户登录成功后,服务器会生成一个Token并返回给客户端,客户端在接下来的请求中携带该Token来进行身份验证。
使用:
安装包:JWT
1.添加一个Web Api项目
appsettings.json设置
"JWT": { "SecretKey": "123456789ffffffffffffffffffffffffffffffffffff", //私钥 "Issuer": "zhansan", //发布者 "Audience": "lisi" //接收者 }
2.添加一个控制器用于获取Token
[Route("api/[controller]/[action]")] [ApiController] public class TokenController : ControllerBase { public readonly IConfiguration configuration; public TokenController(IConfiguration configuration) { this.configuration = configuration; } [HttpGet] public string GetToken() {//HmacSha256算法 var signingAlogorithm = SecurityAlgorithms.HmacSha256; //存放用户信息 var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub,"userId"), new Claim(ClaimTypes.Role,"admin"), new Claim(ClaimTypes.Name,"ClaimTypesName"),new Claim("policy","EmployeeNumber"), };//取出私钥并以utf8编码字节输出 var secretByte = Encoding.UTF8.GetBytes(configuration["JWT:SecretKey"]); //使用非对称算法对私钥进行加密 var signingKey = new SymmetricSecurityKey(secretByte); //使用HmacSha256来验证加密后的私钥生成数字签名 var signingCredentials = new SigningCredentials(signingKey, signingAlogorithm); //生成Token var Token = new JwtSecurityToken( issuer: configuration["JWT:Issuer"], //发布者 audience: configuration["JWT:Audience"], //接收者 claims: claims, //存放的用户信息 notBefore: DateTime.UtcNow, //发布时间 expires: DateTime.UtcNow.AddDays(1), //有效期设置为1天 signingCredentials //数字签名 ); //生成字符串token var _Tokenstring = new JwtSecurityTokenHandler().WriteToken(Token); return _Tokenstring; } }
3.Program.cs设置
public class Program { public static void Main(string[] args) { var builder = WebApplication.CreateBuilder(args); // Add services to the container. builder.Services.AddControllers(); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(c => { //版本控制 foreach (FieldInfo field in typeof(EditionV).GetFields()) { c.SwaggerDoc(field.Name, new OpenApiInfo() { Title = field.Name + "版本", Version = field.Name, Description = $"{field.Name}版本" }); } //为swagger UI设置xml文档注释路径 var file = Path.Combine(AppContext.BaseDirectory, "WebApiApp.xml"); // xml文档绝对路径 var path = Path.Combine(AppContext.BaseDirectory, file); // xml文档绝对路径 c.IncludeXmlComments(path, true); // true : 显示控制器层注释 c.OrderActionsBy(o => o.RelativePath); // 对action的名称进行排序,如果有多个,就可以看见效果了。 //注册到swagger中 c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme { Description = "Value: Bearer {token}", Name = "Authorization", In = ParameterLocation.Header, Type = SecuritySchemeType.ApiKey, Scheme = "Bearer" }); c.AddSecurityRequirement(new OpenApiSecurityRequirement() {{ new OpenApiSecurityScheme { Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "Bearer" }, Scheme = "oauth2", Name = "Bearer", In = ParameterLocation.Header }, new List<string>() } }); });
//策略授权 builder.Services.AddAuthorization(options => { options.AddPolicy("policy", policy => policy.RequireClaim("policy")); }); //身份认证--如何鉴权 builder.Services.AddAuthentication(options => { //options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { //取出私钥 var secretByte = Encoding.UTF8.GetBytes(builder.Configuration["JWT:SecretKey"]); options.TokenValidationParameters = new TokenValidationParameters() { //验证发布者 ValidateIssuer = true, ValidIssuer = builder.Configuration["JWT:Issuer"], //验证接收者 ValidateAudience = true, ValidAudience = builder.Configuration["JWT:Audience"], //ValidateIssuerSigningKey= true,//是否验证SigningKey //验证是否过期 ValidateLifetime = true, //验证私钥 IssuerSigningKey = new SymmetricSecurityKey(secretByte) }; }); //配置跨域服务 builder.Services.AddCors(options => { options.AddPolicy("cross", p => { p.AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader(); }); }); var app = builder.Build(); // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseSwagger(); app.UseSwaggerUI(c => { foreach (FieldInfo field in typeof(EditionV).GetFields()) { c.SwaggerEndpoint($"/swagger/{field.Name}/swagger.json", $"{field.Name}"); } }); } app.UseCors("cross"); //跨域 app.UseHttpsRedirection(); app.UseAuthentication(); //鉴权 app.UseAuthorization();//授权 app.MapControllers(); app.Run(); } }
4.swagger设置
/// <summary> /// 版本 /// </summary> public static class EditionV { public static string V1; public static string V2; public static string V3; public static string V4; public static string V5; }
添加一个WebApiApp.xml文件,属性:复制到输出目录:始终复制
项目--->属性--->文档文件勾上。
5.添加一个UserInfoController.cs用于测试
[Route("api/[controller]/[action]")] [ApiController] [ApiExplorerSettings(GroupName =nameof(EditionV.V1))] public class UserInfoController : ControllerBase { /// <summary> /// 获取用户 /// </summary> /// <param name="id"></param> /// <returns></returns> [HttpGet] [Authorize] public string GetUser(string id) { return $"用户id{id}---姓名:张三"; } /// <summary> /// 获取用户名 /// </summary> /// <returns></returns> [Authorize(Roles = "admin")] [HttpPost] public string GetUserName() { return "你好,我是李四"; }
/// <summary> /// 获取用户颜色 /// </summary> /// <returns></returns> [Authorize(Policy = "policy")] [HttpPost] public string GetUserColour() { return "我衣服的颜色为红色"; } }