Asp.Net Core JWT使用案例

三、JSON Web Token工作原理

1. 初次登录：用户初次登录，输入用户名密码
2. 密码验证：服务器从数据库取出用户名和密码进行验证
3. 生成JWT：服务器端验证通过，根据从数据库返回的信息，以及预设规则，生成JWT
4. 返还JWT：服务器的将token放在cookie中将JWT返还
5. 带JWT的请求：以后客户端发起请求，带上cookie中的token信息。

创建Web Api

创建AuthController(API)

appsettings.json里面添加

"JWT": {
    "SecurityKey": "aescraescraescraescr"
  }

ConfigureServices中注册jwt验证

        public void ConfigureServices(IServiceCollection services)
        {
            //添加jwt验证：
            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddJwtBearer(options => {
                    options.TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateIssuer = true,//是否验证Issuer
                        ValidateAudience = true,//是否验证Audience
                        ValidateLifetime = true,//是否验证失效时间
                        ValidateIssuerSigningKey = true,//是否验证SecurityKey
                        ValidAudience = "AESCR",//Audience
                        ValidIssuer = "AESCR",//Issuer，这两项和后面签发jwt的设置一致
                        ClockSkew = TimeSpan.Zero, // // 默认允许 300s  的时间偏移量，设置为0
                        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JWT:SecurityKey"]))//拿到SecurityKey
                    };
                });

          
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
        }

Configure中启动验证UseAuthentication

        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            app.UseAuthentication();//注意添加这一句，启用验证
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseHsts();
            }
            
            app.UseHttpsRedirection();
            app.UseMvc();
        }

创建用户名实体类

    public class TokenRequest
    {
        public string Username { get; set; }
        public string Password { get; set; }
    }

AuthController 控制器中生成并返回token

	[Produces("application/json")]
    [Route("api/[controller]")]
    [ApiController]
    public class AuthController : ControllerBase
    {
        private readonly IConfiguration _configuration;

        public AuthController(IConfiguration configuration)
        {
            _configuration = configuration;
        }
        [AllowAnonymous]
        [HttpPost]

        public IActionResult RequestToken([FromBody] TokenRequest request)
        {
            //判断用户名与密码
            if (request.Username=="AESCR"&&request.Password=="666666")
            {
                var claims = new[]
                {
                    new Claim(ClaimTypes.Name, request.Username)
                };
                var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JWT:SecurityKey"]));
                var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
                var token = new JwtSecurityToken(
                    issuer: "AESCR",
                    audience: "AESCR",
                    claims: claims,
                    expires: DateTime.Now.AddMinutes(30),
                    signingCredentials: creds);
                return Ok(new
                {
                    token = new JwtSecurityTokenHandler().WriteToken(token)
                });
            }
            return BadRequest("Could not verify username and password");
        }
    }

在需要认证的控制器上面添加 [Authorize]

   		[HttpGet]
        [Authorize]
        public ActionResult> Get()
        {
            return new string[] { "value1", "value2" };
        }

//最后请求测试
GET http://localhost:5200/api/SampleData/WeatherForecasts HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEiLCJuYW1lIjoiYWxpY2UiLCJlbWFpbCI6ImFsaWNlQGdtYWlsLmNvbSIsInBob25lX251bWJlciI6IjE4ODAwMDAwMDAxIiwibmJmIjoxNTA5NDY0MzQwLCJleHAiOjE1MTAwNjkxNDAsImlhdCI6MTUwOTQ2NDM0MH0.Y1TDz8KjLRh_vjQ_3iYP4oJw-fmhoboiAGPqIZ-ooNc