JWT验证

在.NET Core中想给API进行安全认证，现在最常用的就是Jwt了，简单记录下JWT的使用方法。

一、首先在appsettings.json里写基本配置，参数如下

  "JwtSecurity": {
    "Issuer": "", // 颁发者
    "Audience": "", // 接收者
    "TokenExpires": 7200, // 过期时间，秒为单位
    "SecurityKey": "hello world" // 密钥  
  },

　　

二、在Setup里加入限制

            #region JWT验证
            var jwtSecurity = Configuration.GetSection("JwtSecurity");
            var key = jwtSecurity.GetValue<string>("SecurityKey");
            services.AddAuthentication(x =>
            {
                x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                x.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(x =>
            {
                x.RequireHttpsMetadata = false;
                x.SaveToken = true;
                x.IncludeErrorDetails = true;
                x.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)),
                    ValidateIssuer = false,
                    ValidateAudience = false,
                    ValidateLifetime = true,
                    RequireExpirationTime = true,
                    ClockSkew = TimeSpan.FromSeconds(0),
                };
                x.Events = new JwtBearerEvents()
                {
                    OnChallenge = new Func<JwtBearerChallengeContext, System.Threading.Tasks.Task>(async target =>
                    {
                        target.HandleResponse();
                        target.Response.ContentType = "application/json";
                        target.Response.StatusCode = StatusCodes.Status401Unauthorized;
                        string result = Newtonsoft.Json.JsonConvert.SerializeObject(new { state = ResultType.TokenOver, message = "授权失败" });
                        await target.Response.WriteAsync(result);
                    }),
                };
            });
            #endregion

三、获取token

        async Task<object> GetToken(UserInfo user)
        {
            var tokenHandler = new JwtSecurityTokenHandler();
            var jwtSecurity = configuration.GetSection("JwtSecurity");
            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSecurity.GetValue<string>("SecurityKey")));
            var nowTime = DateTime.Now;
            var tokenExpires = nowTime.Add(TimeSpan.FromSeconds(jwtSecurity.GetValue<int>("TokenExpires")));

            var identity = new
            ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
            identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName.ToString()));

            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = identity,
                Expires = tokenExpires,
                SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256)
            };
            var token = tokenHandler.CreateToken(tokenDescriptor);
            return new
            {
                Code = ResultType.Success,
                Token = tokenHandler.WriteToken(token),
                TokenExpireTime = tokenExpires,
            };
        }

　在用户登录的时候，调用上面这个方法就可以获取token了，前端请求接口的时候需要携带token。