ASP.NET MVC中可以使用JWT实现登录功能,具体步骤如下:
- 安装Microsoft.AspNetCore.Authentication.JwtBearer包,该包支持使用JWT进行身份验证。
- 在Startup.cs文件中添加JWT身份验证服务:
csharpservices.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = "your_issuer",
ValidAudience = "your_audience",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("your_secret_key"))
};
});
- 在登录方法中生成JWT,并将其作为响应返回给客户端:
csharp[HttpPost("login")]
public IActionResult Login([FromBody]User user)
{
// 验证用户信息if (ValidateUser(user))
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes("your_secret_key");
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.Username)
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
return Ok(new { Token = tokenString });
}
else
{
return Unauthorized();
}
}
- 在需要验证身份的方法上添加[Authorize]标记:
csharp[HttpGet("getdata")]
[Authorize]
public IActionResult GetData()
{
// 获取数据return Ok(new { Data = "Hello World!" });
}
- 发送请求时,在请求头中添加Authorization字段,值为Bearer加上生成的JWT:
Authorization: Bearer your_jwt_token