安装包 Microsoft.AspNetCore.Authentication.JwtBearer
在.net8.0 在program.cs 内添加 以下:
// token验证
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer =builder.Configuration["JWT:Issuer"],
ValidateAudience = true,
ValidAudience = builder.Configuration["JWT:Audience"],
ValidateLifetime = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["JWT:SecretKey"]))
}
);
配置文件 appsetting.json:
"JWT": {
"SecretKey": "密钥自定义",
"Issuer": "自定义",
"Expires": 24, //token过期时间
"Audience": "自定义"
}
在program.cs内添加
//开启认证
app.UseAuthentication();
//开启授权
app.UseAuthorization();
编写生成Token方法
需要下载 Microsoft.Extensions.Configuration包;
public class TokenCode
{
private readonly IConfiguration Configuration;
public TokenCode(IConfiguration Configuration)
{
this.Configuration = Configuration;
}
/// <summary>
/// 生成token
/// </summary>
/// <param name="uid">用户的id</param>
/// <returns>自己创建的类</returns>
public LoginDTO CreateToken(string uid)
{
// 1. 定义需要使用到的Claims
var claims = new[]
{
//把用户的id加密进去,使用的时候可以从token里解密拿出来
new Claim("uid", uid),
//也可以多传几个参数
//new Claim("name", "Admin")
};
// 2. 从 appsettings.json 中读取SecretKey
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JWT:SecretKey"]));
// 3. 选择加密算法
var algorithm = SecurityAlgorithms.HmacSha256;
// 4. 生成Credentials
var signingCredentials = new SigningCredentials(secretKey, algorithm);
// 5. 从 appsettings.json 中读取Expires
var expires = Convert.ToDouble(Configuration["JWT:Expires"]);
// 6. 根据以上,生成token
var token = new JwtSecurityToken(
Configuration["JWT:Issuer"], //Issuer
Configuration["JWT:Audience"], //Audience
claims, //Claims,
DateTime.Now, //notBefore
DateTime.Now.AddHours(expires), //expires token过期时间,这里我设置了24小时
signingCredentials //Credentials
);
// 7. 将token变为string
var jwtToken = new JwtSecurityTokenHandler().WriteToken(token);
return new LoginDTO
{
UID = uid,
//LoginDTO是自定义的类,Expires我定义为unix时间戳类型,可以改成其他类型
Expires = DateTime.Now.AddHours(expires),
Token = jwtToken
};
}
}
从Token获取验证信息
protected ValueTask<string> GetUserIdAsync()
{
//在Claim中填入的uid取出来
var userId = HttpContext.User.Claims.FirstOrDefault(t => t.Type == "uid")?.Value ?? string.Empty;
if (!string.IsNullOrWhiteSpace(userId))
{
return new ValueTask<string>(userId);
}
return new ValueTask<string>("-1");
}
调用
string userId= await GetUserIdAsync();
那个控制器接口需要Token验证加上
[Authorize]