生成JWT
JWT全称:Json Web Token 即用Json格式来保存令牌信息
用户登录成功后,得到一个令牌,以后每次请求时都带上令牌,令牌保存在客户端,
为了防止客户端数据造假,令牌经过签名处理,而签名的密钥只有服务器端才知道,每次服务器收到客户端的请求,都会用密钥验证令牌是否被篡改过,如果被篡改过则拒绝请求。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | public class JwtHelper { private readonly UserManager<User> _userManager; public JwtHelper(UserManager<User> userManager) { _userManager = userManager; } /// <summary> /// 生成JWT令牌 /// </summary> /// <param name="SigningKey">签名Key</param> /// <param name="ExpireSeconds">Token过期时间,单位秒</param> /// <returns></returns> public async Task< string > GenerateJWT(User user, string signingKey, string expireSeconds) { var claims = new List<Claim>(); claims.Add( new Claim(ClaimTypes.NameIdentifier, user.Id.ToString())); claims.Add( new Claim(ClaimTypes.Name, user.UserName)); var roles = await _userManager.GetRolesAsync(user); foreach ( string role in roles) { claims.Add( new Claim(ClaimTypes.Role, role)); } claims.Add( new Claim(ClaimTypes.Email, user.Email)); DateTime expires = DateTime.Now.AddSeconds(Convert.ToDouble(expireSeconds)); byte [] secBytes = Encoding.UTF8.GetBytes(signingKey); var secKey = new SymmetricSecurityKey(secBytes); var credentials = new SigningCredentials(secKey, SecurityAlgorithms.HmacSha256); var tokenDescriptor = new JwtSecurityToken(claims: claims, expires: expires, signingCredentials: credentials); string jwt = new JwtSecurityTokenHandler().WriteToken(tokenDescriptor); return jwt; } } |
appsetting配置文件:
1 2 3 4 | "JWT" : { "SigningKey" : "ldjsfjdsklfh89789KJHKHIuyh" , "ExpireSeconds" : "3600" } |
program注册服务:
1 | services.Configure<JWTOptions>(builder.Configuration.GetSection( "JWT" )); |
1 | services.AddScoped<JwtHelper,JwtHelper>(); |
登录获取Token
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | using CAPWebApplication.Config; using CAPWebApplication.Entities; using CAPWebApplication.Tools; using CAPWebApplication.ViewModel; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Options; using System.Security.Claims; namespace CAPWebApplication.Controllers { [Route( "api/[controller]" )] [ApiController] public class UserRoleController : ControllerBase { private readonly ILogger<UserRoleController> m_logger; private readonly UserManager<User> m_userManager; private readonly RoleManager<Role> m_roleManager; private readonly IOptions<JWTOptions> m_JWTOptions; private readonly JwtHelper m_JwtHelper; public UserRoleController(ILogger<UserRoleController> logger, UserManager<User> userManager, RoleManager<Role> roleManager, IOptions<JWTOptions> jWTOptions = null , JwtHelper jwtHelper = null ) { m_logger = logger; m_userManager = userManager; m_roleManager = roleManager; m_JWTOptions = jWTOptions; m_JwtHelper = jwtHelper; } [Route(nameof(Login))] [HttpPost] public async Task<ActionResult> Login(UserViewModel model) { //验证用户名和密码 if (model == null || string .IsNullOrEmpty(model.UserName) || string .IsNullOrEmpty(model.Password)) { return BadRequest(); } var user = await m_userManager.FindByNameAsync(model.UserName); if (user == null ) { return NotFound($ "用户名不存在{model.UserName}" ); } if (await m_userManager.IsLockedOutAsync(user)) return BadRequest( "LockedOut" ); var success = await m_userManager.CheckPasswordAsync(user, model.Password); if (success) { //登录成功返回Token string jwtToken = await m_JwtHelper.GenerateJWT(user, m_JWTOptions.Value.SigningKey, m_JWTOptions.Value.ExpireSeconds); return Ok(jwtToken); } else { await m_userManager.AccessFailedAsync(user); return BadRequest( "密码错误" ); } } } } |
1 2 3 4 5 6 7 8 9 10 11 | [Authorize] [Route(nameof(GetUserRole))] [HttpGet] public async Task<ActionResult> GetUserRole() { //读取当前登录用户User的信息 string id = this .User.FindFirst(ClaimTypes.NameIdentifier)!.Value; string userName = this .User.FindFirst(ClaimTypes.Name)!.Value; IEnumerable<Claim> roleClaims = this .User.FindAll(ClaimTypes.Role); string roleNames = string .Join( ',' , roleClaims.Select(c => c.Value)); return Ok($ "Id={id},UserName={userName},Roles={roleNames}" ); } |
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· DeepSeek 开源周回顾「GitHub 热点速览」