关于Jwt的介绍网上很多,此处不在赘述,我们主要看看jwt的结构。
JWT主要由三部分组成,如下:
HEADER.PAYLOAD.SIGNATURE
HEADER
包含token的元数据,主要是加密算法,和签名的类型,如下面的信息,说明了
加密的对象类型是JWT,加密算法是HMAC SHA-256
{"alg":"HS256","typ":"JWT"}
然后需要通过BASE64编码后存入token中
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
Payload
主要包含一些声明信息(claim),这些声明是key-value对的数据结构。
通常如用户名,角色等信息,过期日期等,因为是未加密的,所以不建议存放敏感信息。
{"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name":"admin","exp":1578645536,"iss":"webapi.cn","aud":"WebApi"}
最后生成的token如下
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiYWRtaW4iLCJleHAiOjE1Nzg2NDU1MzYsImlzcyI6IndlYmFwaS5jbiIsImF1ZCI6IldlYkFwaSJ9.2_akEH40LR2QWekgjm8Tt3lesSbKtDethmJMo_3jpF4
开发环境
框架:asp.net 3.1
IDE:VS2019
ASP.NET 3.1 Webapi中使用JWT认证
1、引用Jwt 的 Microsoft.AspNetCore.Authentication.JwtBearer库
扫描二维码关注公众号,回复:
11474650 查看本文章
2、在Dto层新建一个Jwt签发类
/// <summary> /// POCO类,用来存储签发或者验证jwt时用到的信息 /// </summary> public class TokenManagement { public static string Secret = "123456123456123456";//私钥 public static string Issuer = "webapi.cn"; public static string Audience = "WebApi"; public static int AccessExpiration = 180;//过期时间 public static int RefreshExpiration = 180;//刷新时间 }
3、在启动类中注册JWT服务,如下:
public void ConfigureServices(IServiceCollection services) { services.AddControllers(); #region 注册JWT services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(x => { x.RequireHttpsMetadata = false; x.SaveToken = true; x.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(TokenManagement.Secret)), ValidIssuer = TokenManagement.Issuer, ValidAudience = TokenManagement.Audience, ValidateIssuer = false, ValidateAudience = false }; }); #endregion
4、在Configure
方法中启用验证
app.UseAuthentication();
注意要添加在 app.UseAuthorization(); 上边
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } //允许跨域 app.UseCors(builder => builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod()); // 启用Swagger中间件 app.UseSwagger(c => c.RouteTemplate = "swagger/{documentName}/swagger.json"); // 配置SwaggerUI app.UseSwaggerUI(c => { //c.SwaggerEndpoint($"/swagger/demo/swagger.json", "demo"); c.SwaggerEndpoint($"/swagger/v1/swagger.json", "V1"); }); app.UseHttpsRedirection(); app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); }