JWT(JSON Web Token)是一種用於在網絡應用之間傳遞信息的開放標準(RFC 7519)。它使用 JSON 對象在安全可靠的方式下傳遞信息,通常用於身份驗證和信息交換。
在Web API中,JWT通常用於對用戶進行身份驗證和授權。當用戶登錄成功後,服務器會生成一個Token並返回給客戶端,客戶端在接下來的請求中攜帶該Token來進行身份驗證。
使用:
安裝包:JWT
1.添加一個Web Api項目
appsettings.json設置
"JWT": { "SecretKey": "123456789ffffffffffffffffffffffffffffffffffff", //私鑰 "Issuer": "zhansan", //發佈者 "Audience": "lisi" //接收者 }
2.添加一個控制器用於獲取Token
[Route("api/[controller]/[action]")] [ApiController] public class TokenController : ControllerBase { public readonly IConfiguration configuration; public TokenController(IConfiguration configuration) { this.configuration = configuration; } [HttpGet] public string GetToken() {//HmacSha256算法 var signingAlogorithm = SecurityAlgorithms.HmacSha256; //存放用戶信息 var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub,"userId"), new Claim(ClaimTypes.Role,"admin"), new Claim(ClaimTypes.Name,"ClaimTypesName"),new Claim("policy","EmployeeNumber"), };//取出私鑰並以utf8編碼字節輸出 var secretByte = Encoding.UTF8.GetBytes(configuration["JWT:SecretKey"]); //使用非對稱算法對私鑰進行加密 var signingKey = new SymmetricSecurityKey(secretByte); //使用HmacSha256來驗證加密後的私鑰生成數字簽名 var signingCredentials = new SigningCredentials(signingKey, signingAlogorithm); //生成Token var Token = new JwtSecurityToken( issuer: configuration["JWT:Issuer"], //發佈者 audience: configuration["JWT:Audience"], //接收者 claims: claims, //存放的用戶信息 notBefore: DateTime.UtcNow, //發佈時間 expires: DateTime.UtcNow.AddDays(1), //有效期設置爲1天 signingCredentials //數字簽名 ); //生成字符串token var _Tokenstring = new JwtSecurityTokenHandler().WriteToken(Token); return _Tokenstring; } }
3.Program.cs設置
public class Program { public static void Main(string[] args) { var builder = WebApplication.CreateBuilder(args); // Add services to the container. builder.Services.AddControllers(); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(c => { //版本控制 foreach (FieldInfo field in typeof(EditionV).GetFields()) { c.SwaggerDoc(field.Name, new OpenApiInfo() { Title = field.Name + "版本", Version = field.Name, Description = $"{field.Name}版本" }); } //爲swagger UI設置xml文檔註釋路徑 var file = Path.Combine(AppContext.BaseDirectory, "WebApiApp.xml"); // xml文檔絕對路徑 var path = Path.Combine(AppContext.BaseDirectory, file); // xml文檔絕對路徑 c.IncludeXmlComments(path, true); // true : 顯示控制器層註釋 c.OrderActionsBy(o => o.RelativePath); // 對action的名稱進行排序,如果有多個,就可以看見效果了。 //註冊到swagger中 c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme { Description = "Value: Bearer {token}", Name = "Authorization", In = ParameterLocation.Header, Type = SecuritySchemeType.ApiKey, Scheme = "Bearer" }); c.AddSecurityRequirement(new OpenApiSecurityRequirement() {{ new OpenApiSecurityScheme { Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "Bearer" }, Scheme = "oauth2", Name = "Bearer", In = ParameterLocation.Header }, new List<string>() } }); });
//策略授權 builder.Services.AddAuthorization(options => { options.AddPolicy("policy", policy => policy.RequireClaim("policy")); }); //身份認證--如何鑑權 builder.Services.AddAuthentication(options => { //options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { //取出私鑰 var secretByte = Encoding.UTF8.GetBytes(builder.Configuration["JWT:SecretKey"]); options.TokenValidationParameters = new TokenValidationParameters() { //驗證發佈者 ValidateIssuer = true, ValidIssuer = builder.Configuration["JWT:Issuer"], //驗證接收者 ValidateAudience = true, ValidAudience = builder.Configuration["JWT:Audience"], //ValidateIssuerSigningKey= true,//是否驗證SigningKey //驗證是否過期 ValidateLifetime = true, //驗證私鑰 IssuerSigningKey = new SymmetricSecurityKey(secretByte) }; }); //配置跨域服務 builder.Services.AddCors(options => { options.AddPolicy("cross", p => { p.AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader(); }); }); var app = builder.Build(); // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseSwagger(); app.UseSwaggerUI(c => { foreach (FieldInfo field in typeof(EditionV).GetFields()) { c.SwaggerEndpoint($"/swagger/{field.Name}/swagger.json", $"{field.Name}"); } }); } app.UseCors("cross"); //跨域 app.UseHttpsRedirection(); app.UseAuthentication(); //鑑權 app.UseAuthorization();//授權 app.MapControllers(); app.Run(); } }
4.swagger設置
/// <summary> /// 版本 /// </summary> public static class EditionV { public static string V1; public static string V2; public static string V3; public static string V4; public static string V5; }
添加一個WebApiApp.xml文件,屬性:複製到輸出目錄:始終複製
項目--->屬性--->文檔文件勾上。
5.添加一個UserInfoController.cs用於測試
[Route("api/[controller]/[action]")] [ApiController] [ApiExplorerSettings(GroupName =nameof(EditionV.V1))] public class UserInfoController : ControllerBase { /// <summary> /// 獲取用戶 /// </summary> /// <param name="id"></param> /// <returns></returns> [HttpGet] [Authorize] public string GetUser(string id) { return $"用戶id{id}---姓名:張三"; } /// <summary> /// 獲取用戶名 /// </summary> /// <returns></returns> [Authorize(Roles = "admin")] [HttpPost] public string GetUserName() { return "你好,我是李四"; }
/// <summary> /// 獲取用戶顏色 /// </summary> /// <returns></returns> [Authorize(Policy = "policy")] [HttpPost] public string GetUserColour() { return "我衣服的顏色爲紅色"; } }