AspNetCore3.0 和 JWT
添加NuGet引用
IdentityModel
Microsoft.AspNetCore.Authorization.JwtBearer
在appsettings.json中添加JwtBearer配置
"Authentication": {
"JwtBearer": {
"IsEnabled": "true",
"SecurityKey": "JWTStudyWebsite_DI20DXU3",
"Issuer": "JWTStudy",
"Audience": "JWTStudyWebsite"
}
}
创建JWT服务注册扩展
public static class JwtConfiguration
{
public static void AddJwtConfiguration(this IServiceCollection services, IConfiguration configuration)
{
if (bool.Parse(configuration["Authentication:JwtBearer:IsEnabled"]))
{
services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = "JwtBearer";
options.DefaultChallengeScheme = "JwtBearer";
}).AddJwtBearer("JwtBearer", options =>
{
options.Audience = configuration["Authentication:JwtBearer:Audience"];
options.TokenValidationParameters = new TokenValidationParameters
{
// The signing key must match!
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.ASCII.GetBytes(configuration["Authentication:JwtBearer:SecurityKey"])),
// Validate the JWT Issuer (iss) claim
ValidateIssuer = true,
ValidIssuer = configuration["Authentication:JwtBearer:Issuer"],
// Validate the JWT Audience (aud) claim
ValidateAudience = true,
ValidAudience = configuration["Authentication:JwtBearer:Audience"],
// Validate the token expiry
ValidateLifetime = true,
// If you want to allow a certain amount of clock drift, set that here
ClockSkew = TimeSpan.Zero
};
});
}
}
}
在startup>ConfigureServices中注册服务
services.AddJwtConfiguration(Configuration);
创建AccessTokenController
说明:用户首次使用用户名和密码登录,生成AccessToken和RefreshToken,
其中AccessToken的有效时间为30分钟,RefreshToken的有效时间为60分钟。
可能的情况
- AccessToken没有过期
- AccessToken已过期,RefreshToken未过期
- RefreshToken已过期
一、首先创建一个方法,用于生成AccessToken
private string GetAccessToken(SessionUser user)
{
var claims = new[]
{
new Claim(JwtClaimTypes.Id, user.Id.ToString()),
new Claim(JwtClaimTypes.Name, user.Name),
new Claim(JwtClaimTypes.Role, "user")
};
var key = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(_configuration["Authentication:JwtBearer:SecurityKey"]));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
_configuration["Authentication:JwtBearer:Issuer"],
_configuration["Authentication:JwtBearer:Audience"],
claims,
expires: DateTime.Now.AddMinutes(30),
signingCredentials: credentials
);
return new JwtSecurityTokenHandler().WriteToken(token);
}
二、通过用户名密码获取AccessToken
[HttpPost]
public IActionResult Post([FromBody]LoginModel model)
{
if (!string.IsNullOrWhiteSpace(model.Account) && !string.IsNullOrWhiteSpace(model.Pw))
{
var user = new SessionUser
{
Id = 1,
Name = "admin",
Role = "user"
};
var refreshToken = Guid.NewGuid().ToString("N");
var refreshTokenExpiredTime = DateTime.Now.AddMinutes(60);
var cacheKey = $"RefreshToken:{refreshToken}";
var cacheValue = JsonConvert.SerializeObject(user);
_cache.SetString(cacheKey, cacheValue,
new DistributedCacheEntryOptions
{
AbsoluteExpiration = refreshTokenExpiredTime
});
return Ok(new
{
AccessToken = GetAccessToken(user),
Code = 200,
RefreshTokenExpired = DateTimeHelper.ConvertToLong(refreshTokenExpiredTime),
RefreshToken = refreshToken
});
}
return Ok(new { Code = 0, Token = "" });
}
三、通过RefreshToken获取新的AccessToken
[Authorize]
[HttpPost("Refresh")]
public IActionResult Refresh(RefreshTokenRequest request)
{
var token = request.Token;
var cacheStr = _cache.GetString($"RefreshToken:{token}");
if (string.IsNullOrWhiteSpace(cacheStr))
{
return Ok(new
{
Code = 0,
Message = "Token不存在或已过期"
});
}
var cacheUser = JsonConvert.DeserializeObject<SessionUser>(cacheStr);
var userId = User.Claims.First(c => c.Type == JwtClaimTypes.Id);
if (userId == null || cacheUser.Id.ToString() != userId.Value)
{
return Ok(new
{
Code = 0,
Message = "用户不匹配"
});
}
var refreshToken = Guid.NewGuid().ToString("N");
var cacheKey = $"RefreshToken:{refreshToken}";
var refreshTokenExpiredTime = DateTime.Now.AddMinutes(60);
_cache.SetString(cacheKey, cacheStr, new DistributedCacheEntryOptions
{
AbsoluteExpiration = DateTime.Now.AddMinutes(30)
});
return Ok(new
{
AccessToken = GetAccessToken(cacheUser),
Code = 200,
RefreshTokenExpired = DateTimeHelper.ConvertToLong(refreshTokenExpiredTime),
RefreshToken = refreshToken
});
}
完整代码
public class LoginModel
{
[Required]
public string Account { get; set; }
[Required]
public string Pw { get; set; }
}
public class SessionUser
{
public int Id { get; set; }
public string Name { get; set; }
public string Role { get; set; }
}
public class DateTimeHelper
{
/// <summary>
/// DateTime转时间戳
/// </summary>
/// <param name="date"></param>
/// <returns></returns>
public static long ConvertToLong(DateTime date)
{
var startTime = TimeZoneInfo.ConvertTimeFromUtc(new DateTime(1970, 1, 1), TimeZoneInfo.Utc);
return (new DateTimeOffset(date).UtcTicks - startTime.Ticks) / 10000;
}
/// <summary>
/// 时间戳转DateTime
/// </summary>
/// <param name="timestamp"></param>
/// <returns></returns>
public static DateTime ConvertToDateTime(long timestamp)
{
var startTime = TimeZoneInfo.ConvertTimeFromUtc(new DateTime(1970, 1, 1), TimeZoneInfo.Local);
return startTime.Add(new TimeSpan(timestamp * 10000));
}
}
[Route("api/[controller]")]
[ApiController]
public class AccessTokenController : ControllerBase
{
private readonly IConfiguration _configuration;
private readonly IDistributedCache _cache;
private readonly UserService _service;
public AccessTokenController(IConfiguration configuration, IDistributedCache cache, UserService service)
{
_configuration = configuration;
_cache = cache;
_service = service;
}
/// <summary>
/// 登录,获取后原来RefreshToken将失效。
/// AccessToken有效时间30分钟
/// RefreshToken有效时间60分钟
/// </summary>
/// <param name="model"></param>
/// <returns></returns>
[HttpPost]
public ActionResult Post([FromBody]LoginModel model)
{
var result = _service.Login(model.Account, model.Pw);
if (result.Code != 200)
{
return Ok(new {Code = 0, Message = result.Message});
}
var user = new SessionUser
{
Id = result.Body.Id,
Name = result.Body.NickName,
Role = "user"
};
var refreshToken = Guid.NewGuid().ToString("N");
var refreshTokenExpiredTime = DateTime.Today.AddDays(7);
var cacheKey = $"RefreshToken:{refreshToken}";
var cacheValue = JsonConvert.SerializeObject(user);
_cache.SetString(cacheKey, cacheValue,
new DistributedCacheEntryOptions
{
AbsoluteExpiration = refreshTokenExpiredTime
});
return Ok(new
{
AccessToken = GetAccessToken(user),
Code = 200,
RefreshTokenExpired = DateTimeHelper.ConvertToLong(refreshTokenExpiredTime),
RefreshToken = refreshToken
});
}
/// <summary>
/// 刷新AccessToken
/// </summary>
/// <param name="request">刷新的请求 {"token": "refresh_token"}</param>
/// <returns></returns>
[Authorize]
[HttpPost("Refresh")]
public IActionResult Refresh(RefreshTokenRequest request)
{
var token = request.Token;
var cacheStr = _cache.GetString($"RefreshToken:{token}");
if (string.IsNullOrWhiteSpace(cacheStr))
{
return Ok(new
{
Code = 0,
Message = "Token不存在或已过期"
});
}
var cacheUser = JsonConvert.DeserializeObject<SessionUser>(cacheStr);
var userId = User.Claims.First(c => c.Type == JwtClaimTypes.Id);
if (userId == null || cacheUser.Id.ToString() != userId.Value)
{
return Ok(new
{
Code = 0,
Message = "用户不匹配"
});
}
var refreshToken = Guid.NewGuid().ToString("N");
var cacheKey = $"RefreshToken:{refreshToken}";
var refreshTokenExpiredTime = DateTime.Today.AddDays(7);
_cache.SetString(cacheKey, cacheStr, new DistributedCacheEntryOptions
{
AbsoluteExpiration = refreshTokenExpiredTime
});
return Ok(new
{
AccessToken = GetAccessToken(cacheUser),
Code = 200,
RefreshTokenExpired = DateTimeHelper.ConvertToLong(refreshTokenExpiredTime),
RefreshToken = refreshToken
});
}
/// <summary>
/// 通过SessionUser获取AccessToken
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
private string GetAccessToken(SessionUser user)
{
var claims = new[]
{
new Claim(JwtClaimTypes.Id, user.Id.ToString()),
new Claim(JwtClaimTypes.Name, user.Name),
new Claim(JwtClaimTypes.Role, "user")
};
var key = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(_configuration["Authentication:JwtBearer:SecurityKey"]));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
_configuration["Authentication:JwtBearer:Issuer"],
_configuration["Authentication:JwtBearer:Audience"],
claims,
expires: DateTime.Now.AddHours(2),
signingCredentials: credentials
);
return new JwtSecurityTokenHandler().WriteToken(token);
}
/// <summary>
/// 刷新AccessToken的请求
/// </summary>
public class RefreshTokenRequest
{
/// <summary>
/// RefreshToken,登录后获取
/// </summary>
public string Token { get; set; }
}
}
AspNetCore3.0 和 JWT的更多相关文章
- 在asp.net core2.1中添加中间件以扩展Swashbuckle.AspNetCore3.0支持简单的文档访问权限控制
Swashbuckle.AspNetCore3.0 介绍 一个使用 ASP.NET Core 构建的 API 的 Swagger 工具.直接从您的路由,控制器和模型生成漂亮的 API 文档,包括用于探 ...
- Swashbuckle.AspNetCore3.0的二次封装与使用
关于 Swashbuckle.AspNetCore3.0 一个使用 ASP.NET Core 构建的 API 的 Swagger 工具.直接从您的路由,控制器和模型生成漂亮的 API 文档,包括用于探 ...
- SpringBoot2.0+Shiro+JWT 整合
SpringBoot2.0+Shiro+JWT 整合 JSON Web Token(JWT)是一个非常轻巧的规范.这个规范允许我们使用 JWT 在用户和服务器之间传递安全可靠的信息. 我们利用一定的编 ...
- ASP.NET Core 3.0 一个 jwt 的轻量角色/用户、单个API控制的授权认证库
目录 说明 一.定义角色.API.用户 二.添加自定义事件 三.注入授权服务和中间件 三.如何设置API的授权 四.添加登录颁发 Token 五.部分说明 六.验证 说明 ASP.NET Core 3 ...
- 在AspNetCore3.0中使用Autofac
1. 引入Nuget包 Autofac Autofac.Extensions.DependencyInjection 2. 修改Program.cs 将默认ServiceProviderFactory ...
- oAuth2.0及jwt介绍
oAuth2.0流程示意如下: 关于jwt介绍: 说明: 关于jwt简单说明一下,jwt即为json web token,是用来和服务端建立加密通信所使用的的一种“约定”,主要组成见上图即可.服务端一 ...
- SpringBoot2.0 整合 JWT 框架,解决Token跨域验证问题
本文源码:GitHub·点这里 || GitEE·点这里 一.传统Session认证 1.认证过程 1.用户向服务器发送用户名和密码. 2.服务器验证后在当前对话(session)保存相关数据. 3. ...
- ASP.NET Core 6.0 添加 JWT 认证和授权
序言 本文将分别介绍 Authentication(认证) 和 Authorization(授权). 并以简单的例子在 ASP.NET Core 6.0 的 WebAPI 中分别实现这两个功能. 相关 ...
- .NET core3.0 使用Jwt保护api
摘要: 本文演示如何向有效用户提供jwt,以及如何在webapi中使用该token通过JwtBearerMiddleware中间件对用户进行身份认证. 认证和授权区别? 首先我们要弄清楚认证(Auth ...
随机推荐
- 深入剖析Linux IO原理和几种零拷贝机制的实现
深入剖析Linux IO原理和几种零拷贝机制的实现 来源 https://zhuanlan.zhihu.com/p/83398714 零壹技术栈 公众号[零壹技术栈] 前言 零拷贝(Zero ...
- 快速精通Mac效率神器Alfred以及常用workflow
概述 Alfred基础在上一篇 大纲 名称 作用 类别 出处 修改日期 Github 更便捷地使用Github 开发编程 Github 2017-01-28 Github Search Github搜 ...
- head引入样式
引入CSS(base基础样式,index页面样式): <link rel="stylesheet" type="text/css" href=" ...
- number与string的转换
// number -> string // toString() /* var num = 10; var res = num.toString(); alert(typeof (num)); ...
- C++之同名覆盖、多态
一.同名覆盖引发的问题 父子间的赋值兼容--子类对象可以当作父类对象使用(兼容性) 1.子类对象可以直接赋值给父类对象 2.子类对象可以直接初始化父类对象 3.父类指针可以指向子类对象 4.父类引用可 ...
- ..\USER\stm32f10x.h(428): error: #67: expected a "}" ADC1_2_IRQn = 18, /*!
MDK软件编译,出现如下错误: ..\USER\stm32f10x.h(428): error: #67: expected a "}" ADC1_2_IRQn = 18, /*! ...
- 学习python的日常4
偏函数: 偏函数是functools模块提供的一个功能,偏函数可以通过设定参数的默认值,降低函数调用的难度 其中设定的参数默认值实际上是可以被传入为其他值的,最后创建偏函数时可接收函数对象.*args ...
- tomcat运行一段时间出“org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header”
试了好多种方法,貌似还是没有解决问题,不过也学到了点东西,记录下备忘吧. 异常详情: 1.首先看到最多的就是说在server.xml中的Connector中添加maxHttpHeaderSize=&q ...
- .net core自定义读取配置文件
新建完成后项目目录下有个 appsettings.json { "Logging": { "LogLevel": { "Default": ...
- DTD学习
DTD 简介 文档类型定义(DTD)可定义合法的XML文档构建模块.它使用一系列合法的元素来定义文档的结构.DTD 可被成行地声明于 XML 文档中,也可作为一个外部引用. XML文件内部引用: 外部 ...