Startup类ConfigureServices中
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true,//validate the server ValidateAudience = true,//ensure that the recipient of the token is authorized to receive it ValidateLifetime = true,//check that the token is not expired and that the signing key of the issuer is valid ValidateIssuerSigningKey = true,//verify that the key used to sign the incoming token is part of a list of trusted keys ValidIssuer = Configuration["Jwt:Issuer"],//appsettings.json文件中定义的Issuer ValidAudience = Configuration["Jwt:Issuer"],//appsettings.json文件中定义的Audience IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"])) };//appsettings.json文件中定义的JWT Key });
Configure 启用中间件
app.UseAuthentication();//配置授权
appsetting.json中配置
"Jwt": { "Key": "veryVerySecretKey", "Issuer": "http://localhost:65356" }
Api控制器中 根据登录信息生成token令牌
using System; using System.Collections.Generic; using System.IdentityModel.Tokens.Jwt; using System.Linq; using System.Security.Claims; using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Cors; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.IdentityModel.Tokens; using OnlineClassroom.Common; using OnlineClassroom.Entity; using OnlineClassroom.IService; namespace OnlineClassroom.Api.Controllers { [Authorize] [Route("api/[controller]/[action]")] [ApiController] public class UsersApiController : ControllerBase { private IConfiguration _config; public IUsersService iUsersService = null; public UsersApiController(IConfiguration config, IUsersService _iUsersService) { _config = config; iUsersService = _iUsersService; }/// <summary> /// 登录 /// </summary> /// <param name="Name">用户名</param> /// <param name="Pwd">密码</param> /// <returns>自定义结果</returns> [HttpPost, AllowAnonymous] public IActionResult Login(string Name, string Pwd) { IActionResult response = Unauthorized(); LoginModel login = new LoginModel(); login.Username = Name; login.Password = Pwd; var user = Authenticate(login); if (user != null) { var tokenString = BuildToken(user); response = Ok(new {User=user.user, token = tokenString}); } return response; } /// <summary> /// 根据用户信息生成token /// </summary> /// <param name="user"></param> /// <returns></returns> private string BuildToken(UserModel user) { //添加Claims信息 var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, user.Name), new Claim(JwtRegisteredClaimNames.Email, user.Password), new Claim(JwtRegisteredClaimNames.Birthdate, user.Birthdate.ToString("yyyy-MM-dd")), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken(_config["Jwt:Issuer"], _config["Jwt:Issuer"], claims,//添加claims expires: DateTime.Now.AddMinutes(30), signingCredentials: creds); //一个典型的JWT 字符串由三部分组成: //header: 头部,meta信息和算法说明 //payload: 负荷(Claims), 可在其中放入自定义内容, 比如, 用户身份等 //signature: 签名, 数字签名, 用来保证前两者的有效性 //三者之间由.分隔, 由Base64编码.根据Bearer 认证规则, 添加在每一次http请求头的Authorization字段中, 这也是为什么每次这个字段都必须以Bearer jwy - token这样的格式的原因. return new JwtSecurityTokenHandler().WriteToken(token); } private UserModel Authenticate(LoginModel login) { UserModel user = null; var users = iUsersService.Login(login.Username, login.Password); if (users != null) { user = new UserModel { Name = login.Username, Password = login.Password,user=users }; } return user; } public class LoginModel { public string Username { get; set; } public string Password { get; set; } } private class UserModel { public Users user { get; set; } public string Name { get; set; } public string Password { get; set; } public DateTime Birthdate { get; set; } } } }