第一步 先安装相应的Nuget包
第二步 现在startup中添加认证服务
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
#region 直接jwt验证
var Issurer = "JWTBearer.Auth"; //发行人
var Audience = "api.auth"; //受众人
var secretCredentials = "q2xiARx$4x3TKqBJ"; //密钥
//配置认证服务
services.AddAuthentication(x =>
{
//默认身份验证方案 Bearer token
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
//默认挑战方案
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(o =>
{
o.TokenValidationParameters = new TokenValidationParameters
{
//是否验证发行人
ValidateIssuer = true,
ValidIssuer = Issurer,//发行人
//是否验证受众人
ValidateAudience = true,
ValidAudience = Audience,//受众人
//是否验证密钥
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretCredentials)),
ValidateLifetime = true, //验证生命周期
RequireExpirationTime = true, //过期时间
};
});
#endregion
}
第三步 applicationbuilder app中使用
//1.先开启认证
app.UseAuthentication();
//2.再开启授权
app.UseAuthorization();
第四步 新建一个授权控制器 里面token生成的内容与在startup中注入的内容一致(发行人 受众人 过期时间 密钥等等)
[Route("api/[controller]")]
[ApiController]
public class AuthController : ControllerBase
{
[AllowAnonymous]
[HttpGet, Route("GetToken")]
public IActionResult GetToken()
{
try
{
//定义发行人issuer
string iss = "JWTBearer.Auth";
//定义受众人audience
string aud = "api.auth";
//定义许多种的声明Claim,信息存储部分,Claims的实体一般包含用户和一些元数据
IEnumerable<Claim> claims = new Claim[]
{
new Claim(JwtClaimTypes.Id,"1"),
new Claim(JwtClaimTypes.Name,"i3yuan"),
};
//notBefore 生效时间
// long nbf =new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds();
var nbf = DateTime.UtcNow;
//expires //过期时间
// long Exp = new DateTimeOffset(DateTime.Now.AddSeconds(1000)).ToUnixTimeSeconds();
var Exp = DateTime.UtcNow.AddSeconds(1000);
//signingCredentials 签名凭证 密码
string sign = "q2xiARx$4x3TKqBJ"; //SecurityKey 的长度必须 大于等于 16个字符
//字符串转为字节串
var secret = Encoding.UTF8.GetBytes(sign);
//是根据预先的二进制字节数组生成一个安全秘钥,说白了就是密码
var key = new SymmetricSecurityKey(secret);
//生成一个Token证书 第一个参数密码,第二个参数是编码方式
var signcreds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
//public JwtSecurityToken(string issuer = null, string audience = null, IEnumerable<Claim> claims = null, DateTime? notBefore = null, DateTime? expires = null, SigningCredentials signingCredentials = null);
var jwt = new JwtSecurityToken(issuer: iss, audience: aud, claims: claims, notBefore: nbf, expires: Exp, signingCredentials: signcreds);
//创建一个JwtSecurityTokenHandler类,用来后续操作
var JwtHander = new JwtSecurityTokenHandler();
//创建一个token
var token = JwtHander.WriteToken(jwt);
return Ok(new
{
access_token = token,
token_type = "Bearer",
});
}
catch (Exception ex)
{
throw;
}
}
}
第五步 资源添加鉴权属性
实现效果