News center
资讯中心
资讯中心当前位置:首页>>资讯详情
.Net6环境下Jwt实现Token授权验证
发布:武汉灵犀教育发布时间:2022-02-14
JWT(Token)案例视频地址:https://www.cctalk.com/m/group/90974046
开发环境:Visual Studio 2022(.Net6)
步骤一:创建.NET WebApi项目,使用管理Nuget程序包搜索并安装Microsoft.AspNetCore.Authentication.JwtBearer
步骤二:在Program启动类中配置文件
//读取配置文件节点
builder.Services.Configure<Token>(builder.Configuration.GetSection("token"));
//映射为Token验证对象
Token token = builder.Configuration.GetSection("token").Get<Token>();
//新增token授权验证
builder.Services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;//验证
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;//检测
}).AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
//token配置验证参数
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
//获取或设置要使用的Microsoft.IdentityModel.Tokens.SecurityKey用于签名验证。
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(token.Secret)),
//获取或设置一个System.String,它表示将使用的有效发行者检查代币的发行者。
ValidIssuer = token.Issuer,
//获取或设置一个字符串,该字符串表示将用于检查的有效受众反对令牌的观众。
ValidAudience = token.Audience,
ValidateIssuer = false,
ValidateAudience = false,
};
});
//IOC依赖注入
builder.Services.AddScoped<IAuthenticateService, TokenAuthenticationService>();
builder.Services.AddScoped<IUserService, UserService>();
var app = builder.Build();
app.UseAuthentication();//token验证授权
步骤三:在配置文件appsettings.json中新增节点
"token": {
"secret": "123456789987654321",
"issuer": "lxitjy.com",
"audience": "lxitjy",
"accessExpiration": 60,
"refreshExpiration": 60
}
步骤四:编写验证控制器
[Route("Authentication")]
[ApiController]
public class AuthenticationController : ControllerBase
{
//构造函数注入
private readonly IAuthenticateService _authService;
public AuthenticationController(IAuthenticateService authService)
{
this._authService = authService;
}
[AllowAnonymous]
[HttpPost, Route("RequestToken")]
public ActionResult RequestToken([FromBody] DTOModel dto)
{
if (!ModelState.IsValid)
{
return BadRequest("Invalid Request");//无效请求
}
string token;
if (_authService.IsAuthenticated(dto, out token))
{
return Ok(token);//正常返回数据状态200
}
return BadRequest("Invalid Request");//无效请求
}
}
测试获取数据验证:
[ApiController]
[Route("Users")]
public class UsersController : Controller
{
[Authorize]//验证
[HttpGet, Route("GetList")]
public List<Users> GetList()
{
return new List<Users>(){
new Users(){ UserId=1001, Age=19, UserName="张三", Pwd="123456" },
new Users(){ UserId=1002, Age=20, UserName="李四", Pwd="123456" },
new Users(){ UserId=1003, Age=19, UserName="王五", Pwd="123456" },
};
}
[Authorize]//验证
[HttpGet, Route("GetUsers")]
public Users GetUsers()
{
return new Users() { UserId = 1002, Age = 20, UserName = "李四", Pwd = "123456" };
}
}