我要评论jwt
1、解析
1)客户端向授权服务系统发起请求,申请获取“令牌”。
2)授权服务根据用户身份,生成一张专属“令牌”,并将该“令牌”以jwt规范返回给客户端
3)客户端将获取到的“令牌”放到http请求的headers中后,向主服务系统发起请求。主服务系统收到请求后会从headers中获取“令牌”,并从“令牌”中解析出该用户的身份权限,然后做出相应的处理(同意或拒绝返回资源)
2、配置jwt
1、添加nuget包microsoft.aspnetcore.authentication.jwtbearer
2、在appsettings.json中添加jwt配置节点
"jwt": {
"seckey": "jamin1127!#@$%@%^^&*(~czmjklneafguvioszb%yuv&*6wvdf5dw#5dfw6f5w6faw%fw^f5wa65f^awf56", //密钥
"issuer": "jamin", //发行者
"expireseconds": 7200 //过期时间
}3、在program类里进行服务注册
#region jwt服务
// 注册jwt服务
builder.services.addsingleton(new jwthelper(builder.configuration));
builder.services.addauthentication( jwtbearerdefaults.authenticationscheme).addjwtbearer(options =>
{
options.tokenvalidationparameters = new tokenvalidationparameters()
{
validateissuer = true, //是否验证issuer
validissuer = builder.configuration["jwt:issuer"], //发行人issuer
validateaudience = false, //是否验证audience
validateissuersigningkey = true, //是否验证securitykey
issuersigningkey = new symmetricsecuritykey(encoding.utf8.getbytes(builder.configuration["jwt:seckey"])), //securitykey
validatelifetime = true, //是否验证失效时间
clockskew = timespan.fromseconds(30), //过期时间容错值,解决服务器端时间不同步问题(秒)
requireexpirationtime = true,
};
}
);
#endregion
//swagger里添加jwt授权
builder.services.addswaggergen(c=> {
c.swaggerdoc("v1", new openapiinfo { title = "web api", version = "v1" });
//开启注释
var xmlfile = $"{assembly.getentryassembly().getname().name}.xml";
var xmlpath = path.combine(appcontext.basedirectory, xmlfile);
c.includexmlcomments(xmlpath, true);
// 配置 jwt bearer 授权
c.addsecuritydefinition("bearer", new openapisecurityscheme
{
description = "jwt authorization header using the bearer scheme",
name = "authorization",
in = parameterlocation.header,
type = securityschemetype.http,
scheme = "bearer"
});
var securityscheme = new openapisecurityscheme
{
reference = new openapireference { type = referencetype.securityscheme, id = "bearer" }
};
var securityrequirement = new openapisecurityrequirement { { securityscheme, new string[] { } } };
c.addsecurityrequirement(securityrequirement);
});
//启用验证中间件
app.useauthentication();
app.useauthorization();4、创建jwt类进行token配置
using microsoft.identitymodel.tokens;
using system.diagnostics;
using system.identitymodel.tokens.jwt;
using system.security.claims;
using system.text;
namespace blog.core.common.auth
{
/// <summary>
/// 授权jwt类
/// </summary>
public class jwthelper
{
private readonly iconfiguration _configuration;
/// <summary>
/// token配置
/// </summary>
/// <param name="configuration"></param>
public jwthelper(iconfiguration configuration)
{
_configuration = configuration;
}
/// <summary>
/// 创建token 这里面可以保存自己想要的信息
/// </summary>
/// <param name="username"></param>
/// <param name="mobile"></param>
/// <returns></returns>
public string createtoken(string username, string mobile)
{
try
{
// 1. 定义需要使用到的claims
var claims = new[]
{
new claim("username", username),
new claim("mobile", mobile),
/* 可以保存自己想要信息,传参进来即可
new claim("sex", "sex"),
new claim("limit", "limit"),
new claim("head_url", "xxxxx")
*/
};
// 2. 从 appsettings.json 中读取secretkey
var secretkey = new symmetricsecuritykey(encoding.utf8.getbytes(_configuration["jwt:seckey"]));
// 3. 选择加密算法
var algorithm = securityalgorithms.hmacsha256;
// 4. 生成credentials
var signingcredentials = new signingcredentials(secretkey, algorithm);
// 5. 根据以上,生成token
var jwtsecuritytoken = new jwtsecuritytoken(
_configuration["jwt:issuer"], //issuer
_configuration["jwt:expireseconds"], //expireseconds
claims, //claims,
datetime.now, //notbefore
datetime.now.addseconds(30), //expires
signingcredentials //credentials
);
// 6. 将token变为string
var token = new jwtsecuritytokenhandler().writetoken(jwtsecuritytoken);
return token;
}
catch (exception)
{
throw;
}
}
/// <summary>
/// 获取信息
/// </summary>
/// <param name="jwt"></param>
/// <returns></returns>
public static string readertoken(string jwt)
{
var str = string.empty;
try
{
//获取token的三种方式
//第一种直接用jwtsecuritytokenhandler提供的read方法
var jwthander = new jwtsecuritytokenhandler();
jwtsecuritytoken jwtsecuritytoken = jwthander.readjwttoken(jwt);
str = jwtsecuritytoken.tostring();
}
catch (exception ex)
{
debug.writeline(ex.message);
}
return str;
}
/// <summary>
/// 解密jwt
/// </summary>
/// <param name="jwt"></param>
/// <returns></returns>
public string jwtdecrypt(string jwt)
{
stringbuilder sb = new stringbuilder();
try
{
jwtsecuritytokenhandler tokenhandler = new();
tokenvalidationparameters valparam = new();
var securitykey = new symmetricsecuritykey(encoding.utf8.getbytes(_configuration["jwt:seckey"]));
valparam.issuersigningkey = securitykey;
valparam.validateissuer = false;
valparam.validateaudience = false;
//解密
claimsprincipal claimsprincipal = tokenhandler.validatetoken(jwt,
valparam, out securitytoken sectoken);
foreach (var claim in claimsprincipal.claims)
{
sb.append($"{claim.type}={claim.value}");
}
}
catch (exception ex)
{
debug.writeline(ex.message);
}
return sb.tostring();
}
}
}5、创建用户实体,进行用户密码的接收
using system.componentmodel.dataannotations;
namespace blog.core.models
{
public class userinfo
{
/// <summary>
/// 其中 [required] 表示非空判断,其他自己研究百度
/// </summary>
[required]
public string username { get; set; }
[required]
public string password { get; set; }
[required]
public string phonenumber { get; set; }
}
}6、创建控制器,进行jwt的api调用
using blog.core.common.auth;
using blog.core.models;
using microsoft.aspnetcore.authorization;
using microsoft.aspnetcore.mvc;
namespace blog.core.controllers
{
[route("[controller]/[action]")]
[apicontroller]
public class usercontroller : controllerbase
{
private readonly jwthelper _jwt;
/// <summary>
/// 初始化
/// </summary>
/// <param name="jwthelper"></param>
public usercontroller(jwthelper jwthelper)
{
_jwt = jwthelper;
}
/// <summary>
/// 获取token
/// </summary>
/// <returns></returns>
[httppost]
public iactionresult gettoken(userinfo user)
{
//参数验证等等....
if (string.isnullorempty(user.username))
{
return ok("参数异常!");
}
//这里可以连接mysql数据库做账号密码验证
//这里可以做redis缓存验证等等
//这里获取token,当然,这里也可以选择传结构体过去
var token = _jwt.createtoken(user.username, user.phonenumber);
//解密后的token
var pwtoken = _jwt.jwtdecrypt( token);
return ok(token+"解密后:"+pwtoken);
}
/// <summary>
/// 获取自己的详细信息,其中 [authorize] 就表示要带token才行
/// </summary>
/// <returns></returns>
[httppost]
[authorize]
public iactionresult getselfinfo()
{
//执行到这里,就表示已经验证授权通过了
/*
* 这里返回个人信息有两种方式
* 第一种:从header中的token信息反向解析出用户账号,再从数据库中查找返回
* 第二种:从header中的token信息反向解析出用户账号信息直接返回,当然,在前面创建 token时,要保存进使用到的claims中。
*/
return ok("授权通过了!");
}
}
}
注:获取token后在swagger上输入token的value就可以进行接口的调用了
到此这篇关于asp.net中 swagger添加jwt验证的流程的文章就介绍到这了,更多相关swagger添加jwt验证内容请搜索代码网以前的文章或继续浏览下面的相关文章希望大家以后多多支持代码网!
发表评论