WebApi中添加Jwt鉴权
前言
JSON Web Token(JWT)是一个非常轻巧的规范。这个规范允许我们使用 JWT 在用户和服务器之间传递安全可靠的信息。一个 JWT 实际上就是一个字符串,它由三部分组成,头部、载荷与签名。前两部分需要经过 Base64 编码,后一部分通过前两部分 Base64 编码后再加密而成。针对前后端分离的项目,大多是通过 token 进行身份认证来进行交互,今天将介绍一种简单的创建 和验证token 的方式 。
项目介绍
项目框架:.NET Core 3.1
项目依赖:
-
Swashbuckle.AspNetCore
-
JWT
项目架构:
项目核心代码
JWT帮助类
/// <summary>
/// JWT获取和验证帮助类
/// </summary>
public class JwtHelper
{
/// <summary>
/// 日志
/// </summary>
private static Logger _logger = new Logger();
/// <summary>
/// 私钥appsettings.json中配置
/// </summary>
private static string secret = ConfigHelper.GetSectionValue("TokenSecret");
/// <summary>
/// 生成JwtToken
/// </summary>
/// <param name="payload">不敏感的用户数据</param>
/// <returns></returns>
public static string SetJwtEncode(Dictionary<string, object> payload)
{
try
{
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(payload, secret);
return token;
}
catch (System.Exception ex)
{
_logger.Error(ex.Message);
return null;
}
}
/// <summary>
/// 根据jwtToken获取实体
/// </summary>
/// <param name="token">jwtToken</param>
/// <returns></returns>
public static LoginUserInfo GetJwtDecode(string token)
{
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, urlEncoder);
//IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
var userInfo = decoder.DecodeToObject<LoginUserInfo>(token, secret, verify: true);//token为之前生成的字符串
return userInfo;
}
catch (System.Exception ex)
{
_logger.Error(ex.Message);
return null;
}
}
}
过滤器Filter
/// <summary>
/// 授权认证
/// </summary>
public class AuthorizeFilter : Attribute, IActionFilter
{
public void OnActionExecuted(ActionExecutedContext context)
{
}
public void OnActionExecuting(ActionExecutingContext context)
{
var controller = context.RouteData.Values["controller"].ToString();
//var action = context.RouteData.Values["action"].ToString();
if (controller == "User" || controller == "Jwt")
{
//登录接口不验证
}
else
{
var authHeader = context.HttpContext.Request.Headers["Authorization"];
if (string.IsNullOrWhiteSpace(authHeader))
{
//此接口必须携带token访问!
context.Result = new JsonResult(new OperationResult(OperationResultType.Error, "此接口必须携带token访问,请登录携带Token访问"));
}
else //字段值不为空
{
authHeader = authHeader.ToString().Replace("Bearer", "").Trim();//去掉Bearer字串
if (authHeader == "")
{
context.Result = new JsonResult(new OperationResult(OperationResultType.Error, "token验证失败:您没有权限调用此接口,请登录重新获取Token"));
}
else
{
LoginUserInfo LoginInfo = JwtHelper.GetJwtDecode(authHeader);
if (LoginInfo != null)
{
context.Result = new JsonResult(new OperationResult(OperationResultType.Error, "Token验证失败"));
}
string UserName = LoginInfo.username;
string PassWord = LoginInfo.pwd;
string ExpireTimeStamp = LoginInfo.exp;
//var cacheToken = Cache.Get(UserName);
if (isTokenExpire(ExpireTimeStamp)) //这里应该验证有效期
{
context.Result = new JsonResult(new OperationResult(OperationResultType.Error, "token验证失败:您没有权限调用此接口,请登录重新获取Token"));
}
}
}
}
}
/// <summary>
/// 时间戳字符串
/// </summary>
/// <param name="timestampstr"></param>
/// <returns></returns>
private bool isTokenExpire(string timestampstr)
{
try
{
double timestamp = double.Parse(timestampstr);
System.DateTime startTime = TimeZone.CurrentTimeZone.ToLocalTime(new System.DateTime(1970, 1, 1));//当地时区
var expireTime = startTime.AddSeconds(timestamp);
if (expireTime > DateTime.Now)
{
return false;//未过期
}
else
{
return true;//已过期
}
}
catch (Exception ex)
{
return true;
}
}
}
测试验证
Swagger页面
登录获取Token
未携带token访问接口
源码获取
关注公众号,后台回复关键字:JwtApiDemo
本文来自博客园,作者:码农阿亮,转载请注明原文链接:https://www.cnblogs.com/wml-it/p/17728594.html
技术的发展日新月异,随着时间推移,无法保证本博客所有内容的正确性。如有误导,请大家见谅,欢迎评论区指正!
开源库地址,欢迎点亮:
GitHub:https://github.com/ITMingliang
Gitee: https://gitee.com/mingliang_it
GitLab: https://gitlab.com/ITMingliang
建群声明: 本着技术在于分享,方便大家交流学习的初心,特此建立【编程内功修炼交流群】,为大家答疑解惑。热烈欢迎各位爱交流学习的程序员进群,也希望进群的大佬能不吝分享自己遇到的技术问题和学习心得!进群方式:扫码关注公众号,后台回复【进群】。