以前接触过,写过博客,第二次再写有了新的体会。第一次博客:https://www.cnblogs.com/zhang-3/p/16184067.html

过程:

  1. 生成token令牌(钥匙)
  2. 添加bearer认证 (验证钥匙是否正确)
  3. 给接口或控制器添加验证 (锁)
  4. 给接口添加显示的小锁

1.引入包:System.IdentityModel.Tokens.Jwt

这次博客比第一次简化了好多,比如令牌的model类,密钥写在配置文件等,暂时省略了

  public static string IssueJwt(string id,string Name)
        {
            string iss = "发行人";
            string aud = "受众人";
            string secret = "12345678912345671234567891234567";

            //载荷
            var claims = new List<Claim>()
            {
                 //jwtID唯一
                 new Claim(JwtRegisteredClaimNames.Jti,id),
                 //发行人可以理解为网站属于发行人
                 new Claim(JwtRegisteredClaimNames.Iss,iss),
                 //受众可以理解为哪些人可以使用
                 new Claim(JwtRegisteredClaimNames.Aud,aud),
                 //主体可以理解为对令牌的说明
                 new Claim(JwtRegisteredClaimNames.Sub,"主体"),
                 //发行时间即为令牌生成的时间
                 new Claim (JwtRegisteredClaimNames.Iat,$"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"),
                 //在此时间之前不可用
                 new Claim(JwtRegisteredClaimNames.Nbf,$"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"),
                 //令牌过期时间
                 new Claim(JwtRegisteredClaimNames.Exp,$"{new DateTimeOffset(DateTime.Now.AddSeconds(60)).ToUnixTimeSeconds()}"),
                 new Claim(ClaimTypes.Name,Name)
            };

            //使用密钥生成签名凭证
            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret));
            var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
            //序列化jwt
            var jwt = new JwtSecurityTokenHandler().WriteToken(
                new JwtSecurityToken(
                issuer: iss,
                claims: claims,
                signingCredentials: creds));
            return jwt;
        }
   
生成token

2.引入包:Microsoft.AspNetCore.Authentication.JwtBearer 

//注册bearer认证
builder.Services.AddAuthentication(options =>
{
    options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(o =>
{
    var SigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("12345678912345671234567891234567"));
    //验证的参数
    o.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
    {
        //验证密钥
        ValidateIssuerSigningKey = true,
        IssuerSigningKey = SigningKey,
        //验证发行者
        ValidateIssuer = true,
        ValidIssuer = "发行人",
        //验证受众
        ValidateAudience = true,
        ValidAudience = "受众人",
        //验证有效期
        ValidateLifetime = true,
        ClockSkew = TimeSpan.FromSeconds(30),
        //必须有过期值/时间
        RequireExpirationTime = true
    };
    o.Events = new JwtBearerEvents()
    {
        //当JWT Bearer认证失败时,即请求未包含有效的JWT令牌或令牌验证失败,该事件会被触发
        OnChallenge = context =>
        {
            context.Response.Headers.Add("Token-Error", context.ErrorDescription);
            return Task.CompletedTask;
        },
        //当JWT Bearer认证过程中出现异常时,例如令牌过期、签名验证失败等情况,该事件会被触发
        OnAuthenticationFailed = context =>
        {
            var jwtHandler = new JwtSecurityTokenHandler();
            var token = context.Request.Headers["Authorization"].ObjToString().Replace("Bearer ", string.Empty).Replace("bearer",string.Empty).Trim();

            var jwtToken = jwtHandler.ReadJwtToken(token);

            if (jwtToken.Issuer != "发行人")
            {
                context.Response.Headers.Add("Token-Error-Iss", "issuer is wrong!");
            }

            if (jwtToken.Audiences.FirstOrDefault() != "受众人")
            {
                context.Response.Headers.Add("Token-Error-Aud", "Audience is wrong!");
            }
            // 如果过期,则把<是否过期>添加到,返回头信息中
            if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
            {
                context.Response.Headers.Add("Token-Expired", "true");
            }
            return Task.CompletedTask;
        }
    };
});
bearer认证

3和4:引入包:SwashBuckle.AspNetCore.Filters

builder.Services.AddSwaggerGen(a =>
{
    // 开启加权小锁(暂时不知道什么意思)
    a.OperationFilter<AddResponseHeadersFilter>();
    //(接口显示认证角色信息)
    a.OperationFilter<AppendAuthorizeToSummaryOperationFilter>();
    // 在header中添加token,传递到后台(添加小锁)
    a.OperationFilter<SecurityRequirementsOperationFilter>();

    a.AddSecurityDefinition("oauth2", new Microsoft.OpenApi.Models.OpenApiSecurityScheme
    {
        Description = "JWT授权(数据将在请求头中进行传输) 直接在下框中输入Bearer {token}(注意两者之间是一个空格)\"",
        Name = "Authorization",        //jwt默认的参数名称
        In = ParameterLocation.Header, //jwt默认存放Authorization信息的位置(请求头中)
        Type = SecuritySchemeType.ApiKey//安全方案/类型(模式)APIkey
    });
});
添加到swagger显示锁

 

 

 

posted on 2023-07-22 20:47  尝尝手指  阅读(179)  评论(0编辑  收藏  举报