nuget 引入 Microsoft.AspNetCore.Authentication.JwtBearer

Startup中

app.UseAuthentication();

#region JWT //读取配置文件 services.Configure<TokenManagement>(Configuration.GetSection("tokenManagement")); var token = Configuration.GetSection("tokenManagement").Get<TokenManagement>(); //注入JWT services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(x => { x.RequireHttpsMetadata = false; x.SaveToken = true; x.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(token.Secret)), ValidIssuer = token.Issuer, ValidAudience = token.Audience, ValidateIssuer = false, ValidateAudience = false }; }); //权限注入 services.AddScoped<IAuthenticateService, TokenAuthenticationService>(); //验证是否有权限 services.AddScoped<IUserService, UserService>(); #endregion

　　appsettings.json 中配置文件

"tokenManagement": { "secret": "123456123456123456", //发明HS256算法的秘钥长度最新为128位，转换成字符至少16字符 "issuer": "webapi.cn", "audience": "WebApi", "accessExpiration": 30, "refreshExpiration": 60 }

//jwt实体配置
public class TokenManagement { [JsonProperty("secret")] public string Secret { get; set; } [JsonProperty("issuer")] public string Issuer { get; set; } [JsonProperty("audience")] public string Audience { get; set; } [JsonProperty("accessExpiration")] public int AccessExpiration { get; set; } [JsonProperty("refreshExpiration")] public int RefreshExpiration { get; set; } }

//登陆验证返回token信息
public bool IsAuthenticated(LoginRequestDTO request, out string token) { token = string.Empty; if (!_userService.IsValid(request)) return false; var claims = new[] { new Claim(ClaimTypes.Name,request.Username) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_tokenManagement.Secret)); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var jwtToken = new JwtSecurityToken(_tokenManagement.Issuer, _tokenManagement.Audience, claims, expires: DateTime.Now.AddMinutes(_tokenManagement.AccessExpiration), signingCredentials: credentials); token = new JwtSecurityTokenHandler().WriteToken(jwtToken); return true; }

//获取token 信息
public static LoginRequestDTO UserInfo(this HttpContext httpcontent) { LoginRequestDTO user = null; var data = httpcontent.Request; var handerResult = httpcontent.Request.Headers["Authorization"].ToString().WordStr("Bearer ", ""); if (!string.IsNullOrEmpty(handerResult)) { var dataResult = Validate(handerResult, payLoad => { user = new LoginRequestDTO(); user.Username = payLoad[ClaimTypes.Name]?.ToString(); return true; }); } return user; } public static bool Validate(string encodeJwt, Func<Dictionary<string, object>, bool> validatePayLoad) { var success = true; var jwtArr = encodeJwt.Split(‘.‘); var header = JsonConvert.DeserializeObject<Dictionary<string, object>>(Base64UrlEncoder.Decode(jwtArr[0])); var payLoad = JsonConvert.DeserializeObject<Dictionary<string, object>>(Base64UrlEncoder.Decode(jwtArr[1])); //配置信息 var hs256 = new HMACSHA256(Encoding.ASCII.GetBytes("123456123456123456")); //首先验证签名是否正确（必需的） success = success && string.Equals(jwtArr[2], Base64UrlEncoder.Encode(hs256.ComputeHash(Encoding.UTF8.GetBytes(string.Concat(jwtArr[0], ".", jwtArr[1]))))); if (!success) { return success;//签名不正确直接返回 } //其次验证是否在有效期内（也应该必需） var now = ToUnixEpochDate(DateTime.UtcNow); success = success && (now < long.Parse(payLoad["exp"].ToString())); //再其次 进行自界说的验证 success = success && validatePayLoad(payLoad); return success; } public static long ToUnixEpochDate(DateTime date) => (long)Math.Round((date.ToUniversalTime() - new DateTimeOffset(1970, 1, 1, 0, 0, 0, TimeSpan.Zero)).TotalSeconds);

Asp.net Core JsonWebToken记录