NetCore WebAPi 基于 JwtBearer 的鉴权验证

1.安装 NuGet 包：Microsoft.AspNetCore.Authentication.JwtBearer
2.配置：appsettings.json
3.配置：Program.cs
4.获取Token，在控制器上加入[AllowAnonymous]
5.鉴权，在控制器上加入[Authorize]
6.提交Token方式
7.获取Token信息
8.源码下载：Micro.AspNetCore.Identity.zip

---

1.安装 NuGet 包：Microsoft.AspNetCore.Authentication.JwtBearer

 

2.配置：appsettings.json

{
  "JWT": {
    //加密的key（SecretKey必须大于等于16位字符）
    "SecretKey": "1234567812345678",
    //token是谁颁发的
    "Issuer": "tenantid",
    //过期时间
    "Expires": 10,
    //token可以给哪些客户端使用
    "Audience": "appid"
  }
}

 

3.配置：Program.cs

using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using System.Text;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();

//配置认证服务
builder.Services.AddAuthentication(x =>
{
    x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
    options.TokenValidationParameters = new TokenValidationParameters();
    options.Events = new JwtBearerEvents()
    {
        OnMessageReceived = context =>
        {
            context.Token = context.Request.Query["access_token"];
            return Task.CompletedTask;
        }
    };
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true, //是否验证Issuer
        ValidateAudience = true, //是否验证Audience
        ValidateLifetime = true, //是否验证失效时间
        RequireExpirationTime = true, //过期时间
        ValidateIssuerSigningKey = true, //是否验证IssuerSigningKey
        ValidAudience = builder.Configuration["JWT:Audience"],
        ValidIssuer = builder.Configuration["JWT:Issuer"],
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["JWT:SecretKey"])),
        //自定义校验规则:新登录后,之前的token无效
        //AudienceValidator = (audiences, securityToken, validationParameters) =>
        //{
        //    return audiences != null && audiences.FirstOrDefault().Equals(audience);
        //}
    };
});

var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

//1.先开启认证
app.UseAuthentication();
//2.再开启授权
app.UseAuthorization();

app.MapControllers();

app.Run();

 

4.获取Token，在控制器上加入[AllowAnonymous]

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;

namespace Micro.AspNetCore.Identity.Controllers
{
    [Route("api/[controller]")]
    [ApiController]
    [AllowAnonymous]
    public class TokenController : ControllerBase
    {
        private readonly IConfiguration _configuration;
        //一定要在这里注入configuration
        public TokenController(IConfiguration configuration)
        {
            _configuration = configuration;
        }

        [HttpPost]
        public string Post([FromBody] string value)
        {
            // 1. 定义需要使用到的Claims
            var claims = new[]
            {
                new Claim("Id", "9527"),
                new Claim("Name", "Admin")
            };
            // 2. 从 appsettings.json 中读取SecretKey
            var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JWT:SecretKey"]));
            // 3. 选择加密算法
            var algorithm = SecurityAlgorithms.HmacSha256;
            // 4. 生成Credentials
            var signingCredentials = new SigningCredentials(secretKey, algorithm);
            // 5. 从 appsettings.json 中读取Expires
            var expires = Convert.ToDouble(_configuration["JWT:Expires"]);
            // 6. 根据以上，生成token
            var token = new JwtSecurityToken(
                _configuration["JWT:Issuer"],     //Issuer
                _configuration["JWT:Audience"],   //Audience
                claims,                          //Claims,
                DateTime.Now,                    //notBefore
                DateTime.Now.AddDays(expires),   //expires
                signingCredentials               //Credentials
            );
            // 7. 将token变为string
            var jwtToken = new JwtSecurityTokenHandler().WriteToken(token);
            return jwtToken;
        }
    }
}

 

5.鉴权，在控制器上加入[Authorize]

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Security.Claims;

namespace Micro.AspNetCore.Identity.Controllers
{
    [Route("api/[controller]")]
    [ApiController]
    [Authorize]
    public class UsersController : ControllerBase
    {
        // GET api/<UsersController>/5
        [HttpGet("{id}")]
        public string Get(int id)
        {
            var user = HttpContext.User;
            var claim = (ClaimsIdentity)HttpContext.User.Identity;
            var Id = Convert.ToInt32(claim.Claims.Where(x => x.Type.Contains("Id")).FirstOrDefault().Value);

            return Id.ToString();
        }
    }
}

 

6.提交Token

方式一：

方式二：

 

方式三：

 

7.获取Token信息

var user = HttpContext.User;
var claim = (ClaimsIdentity)HttpContext.User.Identity;
var Id = Convert.ToInt32(claim.Claims.Where(x => x.Type.Contains("Id")).FirstOrDefault().Value);

 

参考文献：http://img.tnblog.net/chengpeng/article/details/8052