签名Token生产

using System;

using System.Collections.Generic;

using System.IdentityModel.Tokens.Jwt;

using System.Linq;

using System.Security.Claims;

using System.Text;

using System.Threading.Tasks;

using Microsoft.AspNetCore.Authorization;

using Microsoft.AspNetCore.Mvc;

using Microsoft.Extensions.Options;

using Microsoft.IdentityModel.Tokens;

namespace CoreTest.Controllers

{

    public class TokenController : Controller

    {

        private ITokenHelper _tokenHelper = null;

        public TokenController(ITokenHelper tokenHelper)

        {

            _tokenHelper = tokenHelper;

        }

        public IActionResult Index(string code, string pwd)

        {

            User user = TemporaryData.GetUser(code);

            if (null != user && user.Password.Equals(pwd))

            {

                return Ok(_tokenHelper.CreateToken(user));

            }

            return BadRequest();

        }

        [HttpPost]

        [Authorize]

        public IActionResult Index()

        {

            return Ok(_tokenHelper.RefreshToken(Request.HttpContext.User));

        }

    }

    public interface ITokenHelper

    {

        Token CreateAccessToken(User user);

        ComplexToken CreateToken(User user);

        ComplexToken CreateToken(Claim[] claims);

        Token RefreshToken(ClaimsPrincipal claimsPrincipal);

    }

    public class TokenHelper : ITokenHelper

    {

        private IOptions<JWTConfig> _options;

        public TokenHelper(IOptions<JWTConfig> options)

        {

            _options = options;

        }

        public Token CreateAccessToken(User user)

        {

            Claim[] claims = new Claim[] { new Claim(ClaimTypes.NameIdentifier, user.Code), new Claim(ClaimTypes.Name, user.Name) };

            return CreateToken(claims, TokenType.AccessToken);

        }

        public ComplexToken CreateToken(User user)

        {

            Claim[] claims = new Claim[] { new Claim(ClaimTypes.NameIdentifier, user.Code), new Claim(ClaimTypes.Name, user.Name)

            //下面两个Claim用于测试在Token中存储用户的角色信息,对应测试在FlyLolo.JWT.API的两个测试Controller的Put方法,若用不到可删除

            , new Claim(ClaimTypes.Role, "TestPutBookRole"), new Claim(ClaimTypes.Role, "TestPutStudentRole")

        };

            return CreateToken(claims);

        }

        public ComplexToken CreateToken(Claim[] claims)

        {

            return new ComplexToken { AccessToken = CreateToken(claims, TokenType.AccessToken), RefreshToken = CreateToken(claims, TokenType.RefreshToken) };

        }

        /// <summary>

        /// 用于创建AccessToken和RefreshToken。

        /// 这里AccessToken和RefreshToken只是过期时间不同,【实际项目】中二者的claims内容可能会不同。

        /// 因为RefreshToken只是用于刷新AccessToken,其内容可以简单一些。

        /// 而AccessToken可能会附加一些其他的Claim。

        /// </summary>

        /// <param name="claims"></param>

        /// <param name="tokenType"></param>

        /// <returns></returns>

        private Token CreateToken(Claim[] claims, TokenType tokenType)

        {

            var now = DateTime.Now;

            var expires = now.Add(TimeSpan.FromMinutes(tokenType.Equals(TokenType.AccessToken) ? _options.Value.AccessTokenExpiresMinutes : _options.Value.RefreshTokenExpiresMinutes));//设置不同的过期时间

            var token = new JwtSecurityToken(

                issuer: _options.Value.Issuer,

                audience: tokenType.Equals(TokenType.AccessToken) ? _options.Value.Audience : _options.Value.RefreshTokenAudience,//设置不同的接受者

                claims: claims,

                notBefore: now,

                expires: expires,

                signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.Value.IssuerSigningKey)), SecurityAlgorithms.HmacSha256));

            return new Token { TokenContent = new JwtSecurityTokenHandler().WriteToken(token), Expires = expires };

        }

        public Token RefreshToken(ClaimsPrincipal claimsPrincipal)

        {

            var code = claimsPrincipal.Claims.FirstOrDefault(m => m.Type.Equals(ClaimTypes.NameIdentifier));

            if (null != code)

            {

                return CreateAccessToken(TemporaryData.GetUser(code.Value.ToString()));

            }

            else

            {

                return null;

            }

        }

    }

    public class User

    {

        public string Code { get; set; }

        public string Name { get; set; }

        public string Password { get; set; }

    }

    public class Token

    {

        public string TokenContent { get; set; }

        public DateTime Expires { get; set; }

    }

    public enum TokenType

    {

        AccessToken = ,

        RefreshToken =

    }

    public class ComplexToken

    {

        public Token AccessToken { get; set; }

        public Token RefreshToken { get; set; }

    }

    public class JWTConfig

    {

        public string Issuer { get; set; }

        public string Audience { get; set; }

        public string IssuerSigningKey { get; set; }

        public int AccessTokenExpiresMinutes { get; set; }

        public string RefreshTokenAudience { get; set; }

        public int RefreshTokenExpiresMinutes { get; set; }

    }

public static class TemporaryData

    {

        private static List<User> Users = new List<User>()

        {

            new User { Code = "", Name = "张三", Password = "" },

            new User { Code = "", Name = "李四", Password = "" }

        };

        public static User GetUser(string code)

        {

            return Users.FirstOrDefault(m => m.Code.Equals(code));

        }

    }

}

appsettings.json

{

  "Logging": {

    "LogLevel": {

      "Default": "Warning"

    }

  },

  "AllowedHosts": "*",

  "JWT": {

    "Issuer": "FlyLolo",

    "Audience": "TestAudience",

    "IssuerSigningKey": "FlyLolo1234567890",

    "AccessTokenExpiresMinutes": "",

    "RefreshTokenAudience": "RefreshTokenAudience",

    "RefreshTokenExpiresMinutes": ""

  }

}

Startup.cs

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Threading.Tasks;

using CoreTest.Controllers;

using Microsoft.AspNetCore.Authentication.JwtBearer;

using Microsoft.AspNetCore.Builder;

using Microsoft.AspNetCore.Hosting;

using Microsoft.AspNetCore.HttpsPolicy;

using Microsoft.AspNetCore.Mvc;

using Microsoft.Extensions.Configuration;

using Microsoft.Extensions.DependencyInjection;

using Microsoft.Extensions.Logging;

using Microsoft.Extensions.Options;

using Microsoft.IdentityModel.Tokens;

namespace CoreTest

{

    public class Startup

    {

        public Startup(IConfiguration configuration)

        {

            Configuration = configuration;

        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.

        public void ConfigureServices(IServiceCollection services)

        {

            services.Configure<Controllers.UserInfo>(Configuration.GetSection("User"));

            services.AddSingleton<ITokenHelper, TokenHelper>();

            services.Configure<JWTConfig>(Configuration.GetSection("JWT"));

            JWTConfig config = new JWTConfig();

            Configuration.GetSection("JWT").Bind(config);

            services.AddAuthentication(options => {

                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;

                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

            })

            .AddJwtBearer(options => {

                options.TokenValidationParameters = new TokenValidationParameters

                {

                    ValidIssuer = config.Issuer,

                    ValidAudience = config.RefreshTokenAudience,

                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config.IssuerSigningKey))

                };

            });

            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.

        public void Configure(IApplicationBuilder app, IHostingEnvironment env)

        {

            if (env.IsDevelopment())

            {

                app.UseDeveloperExceptionPage();

            }

            else

            {

                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.

                app.UseHsts();

            }

            app.UseHttpsRedirection();

            app.UseAuthentication();

            app.UseMvc(route =>

            {

                route.MapRoute(

                    name: "default",

                    template: "{controller=Home}/{action=Index}/{id?}"

                    );

            });

        }

    }

}

Token验证

using System;

using System.Collections.Generic;

using System.Linq;

using System.Threading.Tasks;

using Microsoft.AspNetCore.Authorization;

using Microsoft.AspNetCore.Http;

using Microsoft.AspNetCore.Mvc;

namespace ClientTest.Controllers

{

    [Route("api/[controller]")]

    [ApiController]

    [Authorize]

    public class BookController : ControllerBase

    {

        // GET: api/<controller>

        [HttpGet]

        [AllowAnonymous]

        public IEnumerable<string> Get()

        {

            return new string[] { "ASP", "C#" };

        }

        // POST api/<controller>

        [HttpPost]

        public JsonResult Post()

        {

            return new JsonResult("Create  Book ...");

        }

    }

    public class JWTConfig

    {

    public string Issuer { get; set; }

    public string Audience { get; set; }

    public string IssuerSigningKey { get; set; }

    public int AccessTokenExpiresMinutes { get; set; }

}

}

appsettings.json

{

  "Logging": {

    "LogLevel": {

      "Default": "Warning"

    }

  },

  "AllowedHosts": "*",

  "JWT": {

    "Issuer": "FlyLolo",

    "Audience": "TestAudience",

    "IssuerSigningKey": "FlyLolo1234567890",

    "AccessTokenExpiresMinutes": ""

  }

}

Startup.cs

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Threading.Tasks;

using ClientTest.Controllers;

using Microsoft.AspNetCore.Authentication.JwtBearer;

using Microsoft.AspNetCore.Builder;

using Microsoft.AspNetCore.Hosting;

using Microsoft.AspNetCore.HttpsPolicy;

using Microsoft.AspNetCore.Mvc;

using Microsoft.Extensions.Configuration;

using Microsoft.Extensions.DependencyInjection;

using Microsoft.Extensions.Logging;

using Microsoft.Extensions.Options;

using Microsoft.IdentityModel.Tokens;

namespace ClientTest

{

    public class Startup

    {

        public Startup(IConfiguration configuration)

        {

            Configuration = configuration;

        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.

        public void ConfigureServices(IServiceCollection services)

        {

            #region 读取配置

            JWTConfig config = new JWTConfig();

            Configuration.GetSection("JWT").Bind(config);

            #endregion

            #region 启用JWT认证

            services.AddAuthentication(options =>

            {

                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;

                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

            }).

            AddJwtBearer(options =>

            {

                options.TokenValidationParameters = new TokenValidationParameters

                {

                    ValidIssuer = config.Issuer,

                    ValidAudience = config.Audience,

                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config.IssuerSigningKey)),

                    ClockSkew = TimeSpan.FromMinutes()

                };

            });

            #endregion

            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.

        public void Configure(IApplicationBuilder app, IHostingEnvironment env)

        {

            if (env.IsDevelopment())

            {

                app.UseDeveloperExceptionPage();

            }

            else

            {

                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.

                app.UseHsts();

            }

            app.UseHttpsRedirection();

            app.UseAuthentication();

            app.UseMvc();

        }

    }

}

JWT签名与验签的更多相关文章

  1. .NET RSA解密、签名、验签

    using System; using System.Collections.Generic; using System.Text; using System.IO; using System.Sec ...

  2. PHP SHA1withRSA加密生成签名及验签

    最近公司对接XX第三方支付平台的代付业务,由于对方公司只有JAVA的demo,所以只能根据文档自己整合PHP的签名加密,网上找过几个方法,踩到各种各样的坑,还好最后算是搞定了,话不多说,代码分享出来. ...

  3. 中行P1签名及验签

    分享中国银行快捷.NET P1签名和验签方法代码中ReturnValue为自定义类型请无视 #region 验证签名 /// <summary> /// 验证签名 /// </sum ...

  4. 几个例子理解对称加密与非对称加密、公钥与私钥、签名与验签、数字证书、HTTPS加密方式

    # 原创,转载请留言联系 为什么会出现这么多加密啊,公钥私钥啊,签名啊这些东西呢?说到底还是保证双方通信的安全性与完整性.例如小明发一封表白邮件给小红,他总不希望给别人看见吧.而各种各样的技术就是为了 ...

  5. erlang的RSA签名与验签

    1.RSA介绍 RSA是目前最有影响力的公钥加密算法,该算法基于一个十分简单的数论事实:将两个大素数相乘十分容易,但那时想要对 其乘积进行因式分解却极其困难,因此可以将乘积公开作为加密密钥,即公钥,而 ...

  6. Delphi微信支付【支持MD5和HMAC-SHA256签名与验签】

    作者QQ:(648437169) 点击下载➨微信支付            微信支付api文档 [Delphi 微信支付]支持付款码支付.二维码支付.订单查询.申请退款.退款查询.撤销订单.关闭订单. ...

  7. Delphi支付宝支付【支持SHA1WithRSA(RSA)和SHA256WithRSA(RSA2)签名与验签】

    作者QQ:(648437169) 点击下载➨Delphi支付宝支付             支付宝支付api文档 [Delphi支付宝支付]支持条码支付.扫码支付.交易查询.交易退款.退款查询.交易撤 ...

  8. RSA后台签名前台验签的应用(前台采用jsrsasign库)

    写在前面 安全测试需要, 为防止后台响应数据返给前台过程中被篡改前台再拿被篡改后的数据进行接下来的操作影响正常业务, 决定采用RSA对响应数据进行签名和验签, 于是有了这篇<RSA后台签名前台验 ...

  9. Delphi RSA签名与验签【支持SHA1WithRSA(RSA1)、SHA256WithRSA(RSA2)和MD5WithRSA签名与验签】

    作者QQ:(648437169) 点击下载➨ RSA签名与验签 [delphi RSA签名与验签]支持3种方式签名与验签(SHA1WithRSA(RSA1).SHA256WithRSA(RSA2)和M ...

随机推荐

  1. ASP.NET Core 集成测试中模拟登录用户的一种姿势

    不管哪种用户验证方式,最终都是在验证成功后设置 HttpContext.User ,后续处理环节通过 HttpContext.User 获取用户信息.如果能直接修改 HttpContext.User ...

  2. CPU参数指标说明

    %user %user表示CPU一共花了多少比例的时间运行在用户态空间或者说是用户进程(running user space processes) 典型的用户态空间程序有:Shells.数据库.web ...

  3. zabbix 监控项报"Value "(No info could be read for "-p": geteuid()=1002 but you should be root"

    zabbix 监控项报错如下: “Value "(No info could be read for "-p": geteuid()=1002 but you shoul ...

  4. ASP.NET Core 如何用 Cookie 来做身份验证

    前言 本示例完全是基于 ASP.NET Core 3.0.本文核心是要理解 Claim, ClaimsIdentity, ClaimsPrincipal,读者如果有疑问,可以参考文章 理解ASP.NE ...

  5. Visual Studio 2019 16.1 使用 .NET Core 3.0

    一.前言 早在很久之前微软便公布 .NET Core 3.0 将支持开发Winform应用程序等等新特性,现如今 .NET Core 3.0 预览版已经出来第五个预览版了,从 .NET Core 2. ...

  6. UserControl关闭

    直接 Application.Current.Shutdown();关闭程序.

  7. Swagger UI in AspNetCore WebAPI

    Swagger其实包含了三个部分,分别是Swagger Editor文档接口编辑器,根据接口文档生成code的Swagger Codegen,以及生成在线文档的Swagger UI.在AspNetCo ...

  8. Ganglia+Nagios监控系统

    第1章 简介 ganglia是一款为HPC(高性能计算) 集群设计的可扩展性 的分布式监控系统,它可以监视和显示集群中节点的各种状态信息,他由运行在各个节点上的gmond守护进程来采集 CPU.内存. ...

  9. Python 自定义元类的两种写法

    有关元类是什么大家自己搜索了解,我这里写一下实现元类的两种写法 # 自定义元类 #继承type class LowercaseMeta(type): ''' 修改类的属性名称为小写的元类 ''' # ...

  10. 压测应用服务对RabbitMQ消息的消费能力--实践脚本

    最近运维跟我反馈我负责的应用服务线上监控到消费RabbitMQ消息队列过慢,目前只有20左右,监控平台会有消息积压的告警. 开发修改了一版应用服务的版本,提交给我做压测验证. 之前没有做过消息中间件的 ...