使用 jwt做登录验证的时候,token的过期时间的固定的, 也就是只要经过了一定的时间肯定会过期。有可能用户用着系统就突然提示登录失效了。这里通过在行为结果过滤器Result Filter中刷新Token。例如设置token失效时间为20分钟, 那么只要用户在20分钟之内没有访问后台接口,token将失效。
代码只是个范例,不严谨。小伙伴们自己修改吧!别报空引用哦~~~
public class MyResultFilter : IResultFilter
{
public void OnResultExecuted(ResultExecutedContext context)
{
Console.WriteLine("AddHeaderResultFilter:OnResultExecuted");
}
/// <summary>
/// 在结果过滤器中刷新jwt的token
/// </summary>
/// <param name="context"></param>
public void OnResultExecuting(ResultExecutingContext context)
{
//获取当前请求的Token
string tokenOld = context.HttpContext.Request.Headers["Authorization"].FirstOrDefault().Split(' ')[1];
var tokens = new JwtSecurityTokenHandler().ReadJwtToken(tokenOld);
var temp = tokens.Claims;
var claims = new List<Claim>();
claims.AddRange(temp.Where(t => t.Type != JwtRegisteredClaimNames.Iat));
//重置token的发布时间为当前时间
string time = DateTimeOffset.Now.ToUnixTimeSeconds().ToString();
claims.Add(new Claim(JwtRegisteredClaimNames.Iat, time, ClaimValueTypes.Integer64));
var now = DateTime.UtcNow;
var jwtSecurityToken = new JwtSecurityToken(
issuer: "111",
audience: "222",
claims: claims,
notBefore: now,
expires: now.Add(TimeSpan.FromDays(1)),
signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes("333")), SecurityAlgorithms.HmacSha256)
);
string tokenNew = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
//在响应头中返回新的Token
context.HttpContext.Response.Headers.Add("TokenNew", tokenNew);
}
}
配置过滤器全局生效
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(options =>
{
options.Filters.Add<MyResultFilter>(); //配置过滤器
});
}