标签:def log time hex DDM header add bapi ons
nuget 引入 Microsoft.AspNetCore.Authentication.JwtBearer
Startup中
app.UseAuthentication();
#region JWT //读取配置文件 services.Configure<TokenManagement>(Configuration.GetSection("tokenManagement")); var token = Configuration.GetSection("tokenManagement").Get<TokenManagement>(); //注入JWT services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(x => { x.RequireHttpsMetadata = false; x.SaveToken = true; x.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(token.Secret)), ValidIssuer = token.Issuer, ValidAudience = token.Audience, ValidateIssuer = false, ValidateAudience = false }; }); //权限注入 services.AddScoped<IAuthenticateService, TokenAuthenticationService>(); //验证是否有权限 services.AddScoped<IUserService, UserService>(); #endregion
appsettings.json 中配置文件
"tokenManagement": { "secret": "123456123456123456", //发现HS256算法的秘钥长度最新为128位,转换成字符至少16字符 "issuer": "webapi.cn", "audience": "WebApi", "accessExpiration": 30, "refreshExpiration": 60 }
//jwt实体配置
public class TokenManagement { [JsonProperty("secret")] public string Secret { get; set; } [JsonProperty("issuer")] public string Issuer { get; set; } [JsonProperty("audience")] public string Audience { get; set; } [JsonProperty("accessExpiration")] public int AccessExpiration { get; set; } [JsonProperty("refreshExpiration")] public int RefreshExpiration { get; set; } }
//登陆验证返回token信息
public bool IsAuthenticated(LoginRequestDTO request, out string token) { token = string.Empty; if (!_userService.IsValid(request)) return false; var claims = new[] { new Claim(ClaimTypes.Name,request.Username) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_tokenManagement.Secret)); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var jwtToken = new JwtSecurityToken(_tokenManagement.Issuer, _tokenManagement.Audience, claims, expires: DateTime.Now.AddMinutes(_tokenManagement.AccessExpiration), signingCredentials: credentials); token = new JwtSecurityTokenHandler().WriteToken(jwtToken); return true; }
//获取token 信息
public static LoginRequestDTO UserInfo(this HttpContext httpcontent) { LoginRequestDTO user = null; var data = httpcontent.Request; var handerResult = httpcontent.Request.Headers["Authorization"].ToString().Replace("Bearer ", ""); if (!string.IsNullOrEmpty(handerResult)) { var dataResult = Validate(handerResult, payLoad => { user = new LoginRequestDTO(); user.Username = payLoad[ClaimTypes.Name]?.ToString(); return true; }); } return user; } public static bool Validate(string encodeJwt, Func<Dictionary<string, object>, bool> validatePayLoad) { var success = true; var jwtArr = encodeJwt.Split(‘.‘); var header = JsonConvert.DeserializeObject<Dictionary<string, object>>(Base64UrlEncoder.Decode(jwtArr[0])); var payLoad = JsonConvert.DeserializeObject<Dictionary<string, object>>(Base64UrlEncoder.Decode(jwtArr[1])); //配置信息 var hs256 = new HMACSHA256(Encoding.ASCII.GetBytes("123456123456123456")); //首先验证签名是否正确(必须的) success = success && string.Equals(jwtArr[2], Base64UrlEncoder.Encode(hs256.ComputeHash(Encoding.UTF8.GetBytes(string.Concat(jwtArr[0], ".", jwtArr[1]))))); if (!success) { return success;//签名不正确直接返回 } //其次验证是否在有效期内(也应该必须) var now = ToUnixEpochDate(DateTime.UtcNow); success = success && (now < long.Parse(payLoad["exp"].ToString())); //再其次 进行自定义的验证 success = success && validatePayLoad(payLoad); return success; } public static long ToUnixEpochDate(DateTime date) => (long)Math.Round((date.ToUniversalTime() - new DateTimeOffset(1970, 1, 1, 0, 0, 0, TimeSpan.Zero)).TotalSeconds);
标签:def log time hex DDM header add bapi ons
原文地址:https://www.cnblogs.com/zxp6/p/12210544.html