Netcore使用JWT的认证授权服务
直接使用jwt
基于Net6框架实现JWT
一、添加Nuget包
1.创建WebAPI程序
2.添加包Microsoft.AspNetCore.Authentication.JwtBearer
二、添加JWT配置
1.配置映射类
public class JWTSettings
{
public string SecKey { get; set; }
public int ExpireSeconds { get; set; }
}
2.program.cs
jwt的配置
builder.Services.Configure<JWTSettings>
(builder.Configuration.GetSection("JWT"));
builder.Services.AddAuthentication
(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(opt =>
{
var jwtSettings = builder.Configuration.GetSection("JWT").Get<JWTSettings>();
byte[] keyBytes = Encoding.UTF8.GetBytes(jwtSettings.SecKey);
var secKey = new SymmetricSecurityKey(keyBytes);
opt.TokenValidationParameters = new()
{
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = secKey
};
});
Identity的配置
#region IdentityCore
builder.Services.AddIdentityCore<MyUser>(options =>
{ //注意不是AddIdentity,这个是默认在Mvc的开发模式
options.Password.RequireDigit = false;
options.Password.RequireLowercase = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequiredLength = 6;
//重置密码
options.Tokens.PasswordResetTokenProvider = TokenOptions.DefaultEmailProvider;
//邮件激活时验证规则设置
options.Tokens.EmailConfirmationTokenProvider = TokenOptions.DefaultEmailProvider;
});
//对identity框架做的一个配置,identitybuilder做的配置
IdentityBuilder idBuilder = new IdentityBuilder(typeof(MyUser), typeof(MyRole), builder.Services);
//AddEntityFrameworkStores用那个Dbcontex做管理的
idBuilder.AddEntityFrameworkStores<JWTDBContext>()
//相当于设置密码的算法啥的
.AddDefaultTokenProviders()
//角色管理器
.AddRoleManager<RoleManager<MyRole>>()
//用户管理器
.AddUserManager<UserManager<MyUser>>();
#endregion
3.在UseAuthorization前加UseAuthentication
app.UseAuthentication();
app.UseAuthorization();
4.在控制器登录时,发放token
通过注入,来获取配置信息
private readonly IOptionsSnapshot<JWTSettings> jwtSettingsOpt;
[HttpPost]
public ActionResult<string> Login(string userName,string password)
{
//发放签证
if (userName == "Lty" || password == "123456789")
{
//创建信息集合
List<Claim> claims = new List<Claim>();
//添加用户id,Name,和角色
claims.Add(new Claim(ClaimTypes.NameIdentifier, "1"));
claims.Add(new Claim(ClaimTypes.Name, userName));
claims.Add(new Claim(ClaimTypes.Role, "admin"));
//获取密钥
string key = jwtSettingsOpt.Value.SecKey;
//设置过期时间
DateTime expires = DateTime.Now.AddSeconds(jwtSettingsOpt.Value.ExpireSeconds);
//将密钥进行编码
byte[] secBytes = Encoding.UTF8.GetBytes(key);
//将密钥进行加密
var secKey = new SymmetricSecurityKey(secBytes);
//生成数字签名的加密密钥和安全算法
var credentials = new SigningCredentials(secKey, SecurityAlgorithms.HmacSha256Signature);
//读取并验证以紧凑序列化格式编码为 JWS 或 JWE 的“JSON Web 令牌”(JWT)
var tokenDescriptor = new JwtSecurityToken(claims: claims,
expires: expires, signingCredentials: credentials);
//用于创建和验证 Json Web 令牌
//WriteToken在衍生类别中覆盖时,将指定的安全性令牌序列化为字符串。权杖必须是由衍生类别所处理的类型
string jwt = new JwtSecurityTokenHandler().WriteToken(tokenDescriptor);
return jwt;
}
else
{
return BadRequest();
}
- [Authorize]进行token身份验证
[Authorize(Roles = "admin")]
public async Task<ActionResult<string>> ReadUser(ReadUserModel model)
在控制器和方法前加入 [Authorize]以及各种条件,就能通过token来对用户进行验证,与权限判断了。
三、基于声明的配置
1.添加声明
var user = await userManager.FindByNameAsync(model.UserName);
//添加声明(ClaimType)User,(ClaimValue)admin
Claim claim = new Claim("User", "admin");
var result = await userManager.AddClaimAsync(user, claim);
2.配置声明策略
builder.Services.AddAuthorization(options=>
{
//添加ReadUserd的策略,该策略需要验证声明,(ClaimType)User的值是否为(ClaimValue)admin
options.AddPolicy("ReadUsers", policy => policy.RequireClaim("User","admin"));
});
3.配置权限
[HttpPost]
[Authorize( Policy = "ReadUsers")]
public async Task<ActionResult<string>> ReadUser(ReadUserModel model)
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 单元测试从入门到精通
· 上周热点回顾(3.3-3.9)
· winform 绘制太阳,地球,月球 运作规律