ASP.NET Core - JWT认证实现 - 爱站程序员基地-爱站程序员基地

一、JWT结构

　JWT介绍就太多了，这里主要关注下Jwt的结构。　

　Jwt中包含三个部分：Header（头部）.Payload（负载）.Signature（签名）

Header：描述 JWT 的元数据的JSON对象，如：
```
{\"alg\":\"HS256\",\"typ\":\"JWT\"}
```

Payload：一个用来存放实际需要传递的数据的JSON 对象。如：

\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\": \"admin\",\"exp\": 1610877510,\"iss\": \"cba\",\"aud\": \"cba\"}

Signature：对前两部分（Header、Payload）的签名，防止数据篡改。
```
HMACSHA256(base64UrlEncode(header) + \".\" + base64UrlEncode(payload), secret)
```

　　JWT示例56c：

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiYWRtaW4iLCJleHAiOjE2MTA4Nzc1MTAsImlzcyI6ImNiYSIsImF1ZCI6ImNiYSJ9.O9lbZwfqRuA6vKcRCfYieA1zLkTPppdSvTc8UzwCkNw

二、ASP.NET Core 使用JTW认证

　1、添加Nuget包引用：

dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer

　2、定义一个JwtSettingDto结构，用于读取JWT配置信息

public class JwtSetting{/// <summary>/// 发行者/// </ad8summary>public string Issuer { get; set; }/// <summary>/// 受众/// </summary>public string Audience { get; set; }/// <summary>/// 秘钥/// </summary>public string SecretKey { get; set; }/// <summary>/// 过期时间/// </summary>public int AccessExpiration { get; set; }/// <summary>/// 刷新时间/// </summary>public int RefreshExpiration { get;564set; }}

　3、在appsetting.json配置文件中，添加jwt相关配置信息

\"JWTSetting\": {\"Issuer\": \"cba\",\"Audience\": \"cba\",\"SecretKey\": \"123456789abcdefghi\",\"AccessExpiration\": 60,\"RefreshExpiration\": 80}

　4、在Startup.cs 中启用Jwt认证

public void ConfigureServices(IServiceCollection services){services.Configure<JwtSetting>(Configuration.GetSection(\"JWTSetting\"));var token = Configuration.GetSection(\"JWTSetting\").Get<JwtSetting>();//JWT认证services.AddAuthentication(x =>{x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;}).AddJwtBearer(x =>{x.RequireHttpsMetadata = false;x.SaveToken = true;x.TokenValidationParameters = new TokenValidationParameters{ValidateIssuerSigningKey = true,IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(token.SecretKey)),ValidIssuer = token.Issuer,ValidAudience = token.Audience,ValidateIssuer = false,ValidateAudience = false};});}// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.public void Configure(IApplicationBuilder app, IWebHostEnvironment env){app.UseAuthentication();app.UseAuthorization();}

　5、实现认证控制器：

　　a) 添加认证Dto

public class LoginDto{[Required]public string Username { get; set; }[Required]public string Password { get; set; }}

　　b) 实现用户校验服务：默认实现：当用户密码都等于admin通过校验　　

public interface IUserService{bool IsValid(LoginDto request);}public class UserService : IUserService{//本次，固定校验adminpublic bool IsValid(LoginDto request){return request.Password == request.Username && request.Username == \"admin\";}}

　　c) 实现签发token的认证服务：　　

//认证服务接口
public interface IAuthenticateService{bool IsAuthenticated(LoginDto request, out string token);}//认证服务public class TokenAuthenticationService : IAuthenticateService{private readonly IUserService _userService;private readonly JwtSetting _jwtSetting;public TokenAuthenticationService(IUserService userService, IOptions<JwtSetting> jwtSetting){_userService = userService;_jwtSetting = jwtSetting.Value;}public bool IsAuthenticated(LoginDto request, out string token){token = string.Empty;if (!_userService.IsValid(request))return false;var claims = new[] { new Claim(ClaimTypes.Name, request.Username) };var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtSetting.SecretKey));var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);var jwtToken = new JwtSecurityToken(_jwtSetting.Issuer, _jwtSetting.Audience, claims, expires: DateTime.Now.AddMinutes(_jwtSetting.AccessExpiration), signingCredentials: credentials);token = new JwtSecurityTokenHandler().WriteToken(jwtToken);return true;}}

　　d) 添加认证控制器

[Route(\"api/[controller]\")][ApiController]public class AuthenticationController : ControllerBase{private IAuthenticateService _authService;public AuthenticationController(IAuthenticateService authService){_authService = authService;}[AllowAnonymous][HttpPost, Route(\"RequestToken\")]public ActionResult RequestToken([FromBody] LoginDto request){if (!ModelState.IsValid){return BadRequest(\"Invalid Request\");}string token;if (_authService.IsAuthenticated(request, out token)){return Ok(token);}return BadRequest(\"Invalid Request\");}}

　6、注入服务：TokenAuthenticationService 、UserService

services.AddScoped<IUserService, UserService>();services.AddScoped<IAuthenticateService, TokenAuthenticationService>();

　7、添加测试控制器：

[Authorize][Route(\"api/[controller]\")][ApiController]public class AuditLogController : ControllerBase{// GET: api/<AuditLogController>[HttpGet]public IEnumerable<string> Get(){return new string[] { \"value1\", \"value2\" };}}

　　　到此Jwt认证在.net core中已经实现，接下来验证下运行效果

三、验证结果

　1、请求AuditLog接口：api/AuditLog未传入认证信息时：

　2、获取Token:

　3、添加token调用接口：

四、Swagger UI添加认证

　　在项目中通常都添加了Swagger UI来展示接口及基础测试，那么如果添加了认证后，如何在调用接口前添加认证信息呢？

　　在Startup中：ConfigureServices中添加Swagger设置时，添加认证设置

//注册Swagger生成器，定义一个和多个Swagger 文档services.AddSwaggerGen(c =>{c.SwaggerDoc(\"v1\", new OpenApiInfo { Title = \"AuditLogDemo API\", Version = \"v1\" });#region 启用swagger验证功能//添加一个必须的全局安全信息，和AddSecurityDefinition方法指定的方案名称一致即可。c.AddSecurityRequirement(new OpenApiSecurityRequirement{{new OpenApiSecurityScheme{Reference = new OpenApiReference {Type = ReferenceType.SecurityScheme,Id = \"Bearer\"}},new string[] { }}});c.AddSecurityDefinition(\"Bearer\", new OpenApiSecurityScheme{Description = \"JWT授权(数据将在请求头中进行传输) 在下方输入Bearer {token} 即可，注意两者之间有空格\",Name = \"Authorization\",//jwt默认的参数名称In = ParameterLocation.Header,//jwt默认存放Authorization信息的位置(请求头中)Type = SecuritySchemeType.ApiKey,BearerFormat = \"JWT\",Scheme = \"Bearer\",});#endregion});

　　运行效果：添加token->调用需认证接口