一、專案>管理Nuget包 安裝
二、.appsettings.json添加
"JWT": {
"Secret": "~!@#$%^&*()_+qwertyuiopasldkh[o51485421ajshk^%*)kasd", // 密鑰
"Issuer": "kfjdhf", // 頒發者
"Audience": "kfjdhf", // 接收者
//"Expired": 30 // 過期時間(30min)
}三、ConfigureServices注入jwt
#region 注冊JWT
//獲取組態檔
var JWTConfig = Configuration.GetSection("JWT");
//生成密鑰
var symmetricKeyAsBase64 = JWTConfig.GetValue<string>("Secret");
var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
var signingKey = new SymmetricSecurityKey(keyByteArray);
//認證引數
services.AddAuthentication("Bearer")
.AddJwtBearer(o =>
{
o.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,//是否驗證簽名,不驗證的畫可以篡改資料,不安全
IssuerSigningKey = signingKey,//解密的密鑰
ValidateIssuer = true,//是否驗證發行人,就是驗證載荷中的Iss是否對應ValidIssuer引數
ValidIssuer = JWTConfig.GetValue<string>("Iss"),//發行人
ValidateAudience = true,//是否驗證訂閱人,就是驗證載荷中的Aud是否對應ValidAudience引數
ValidAudience = JWTConfig.GetValue<string>("Aud"),//訂閱人
ValidateLifetime = true,//是否驗證過期時間,過期了就拒絕訪問
ClockSkew = TimeSpan.Zero,//這個是緩沖過期時間,也就是說,即使我們配置了過期時間,這里也要考慮進去,過期時間+緩沖,默認好像是7分鐘,你可以直接設定為0
RequireExpirationTime = true,
};
});
#endregion(2).Configure啟用
app.UseAuthentication();//jwt四、創建jwt幫助類
using Microsoft.Extensions.Configuration;
using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Text;
namespace SystemAPi.JWT
{
public class JwtHelper
{
public JwtHelper(IConfiguration configuration)
{
Configuration = configuration;
}
/// <summary>
/// 配置屬性
/// </summary>
public IConfiguration Configuration { get; }
/// <summary>
/// 生成Token
/// </summary>
/// <returns></returns>
public string GenerateToken(List<Claim> claims)
{
var jwtConfig = Configuration.GetSection("Jwt");
//秘鑰,就是標頭,這里用Hmacsha256演算法,需要256bit的密鑰
var securityKey = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtConfig.GetValue<string>("Secret"))), SecurityAlgorithms.HmacSha256);
//Claim,JwtRegisteredClaimNames中預定義了好多種默認的引數名,也可以像下面的Guid一樣自己定義鍵名.
//ClaimTypes也預定義了好多型別如role、email、name,Role用于賦予權限,不同的角色可以訪問不同的介面
//相當于有效載荷
List<Claim> baseClaims = new List<Claim>{
new Claim(JwtRegisteredClaimNames.Iss,jwtConfig.GetValue<string>("Issuer")),
new Claim(JwtRegisteredClaimNames.Aud,jwtConfig.GetValue<string>("Audience")),
new Claim("Guid",Guid.NewGuid().ToString("D")),
new Claim(ClaimTypes.Role,"admin"),
};
claims = claims.Union<Claim>(baseClaims).ToList<Claim>();//合并Claim,洗掉重復專案
SecurityToken securityToken = new JwtSecurityToken(
signingCredentials: securityKey,
expires: DateTime.Now.AddDays(1),//過期時間
claims: claims
);
//生成jwt令牌
return new JwtSecurityTokenHandler().WriteToken(securityToken);
}
}
}
五、測驗登錄成功把賬戶資訊存進token
/// 登錄
/// </summary>
/// <returns>登錄</returns>
[HttpGet]
public ReturnJson login(string name, string pwd)
{
User data = bll.login(name, pwd);
if (data!=null)
{
if (data.name == name && data.password == pwd)
{
List<Claim> claims = new List<Claim>() {
new Claim(ClaimTypes.NameIdentifier, data.name),
new Claim(ClaimTypes.Role,data.AdminId.ToString()),
new Claim("AdminRole",data.AdminId.ToString())
};
string token=jwtHelper.GenerateToken(claims);
return new ReturnJson<string>().Success(token);
};
}
return new ReturnJson().Fail();
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/houduan/379466.html
標籤:java
下一篇:【Linux 學習筆記】Linux 搭建 JavaEE 環境(包括 JDK、IDEA、MySQL、tomcat)