.net core webapi jwt 更为清爽的认证详解

"Jwt": {"Issuer": "issuer",//随意定义"Audience": "Audience",//随意定义"SecretKey": "abc",//随意定义"Lifetime": 20, //单位分钟"ValidateLifetime": true,//验证过期时间"HeadField": "useless", //头字段"Prefix": "prefix", //前缀"IgnoreUrls": [ "/Auth/GetToken" ]//忽略验证的url}

internal class JwtConfig  {    public string Issuer { get; set; }    public string Audience { get; set; }    /// <summary>    /// 加密key    /// </summary>    public string SecretKey { get; set; }    /// <summary>    /// 生命周期    /// </summary>    public int Lifetime { get; set; }    /// <summary>    /// 是否验证生命周期    /// </summary>    public bool ValidateLifetime { get; set; }    /// <summary>    /// 验证头字段    /// </summary>    public string HeadField { get; set; }    /// <summary>    /// jwt验证前缀    /// </summary>    public string Prefix { get; set; }    /// <summary>    /// 忽略验证的url    /// </summary>    public List<string> IgnoreUrls { get; set; }  }

 public interface IJwt  {    string GetToken(Dictionary<string, string> Clims);    bool ValidateToken(string Token,out Dictionary<string ,string> Clims);  }

install -package System.IdentityModel.Tokens.Jwt public class Jwt : IJwt  {    private IConfiguration _configuration;    private string _base64Secret;    private JwtConfig _jwtConfig = new JwtConfig();    public Jwt(IConfiguration configration)    {      this._configuration = configration;      configration.GetSection("Jwt").Bind(_jwtConfig);      GetSecret();    }    /// <summary>    /// 获取到加密串    /// </summary>    private void GetSecret()    {      var encoding = new System.Text.ASCIIEncoding();      byte[] keyByte = encoding.GetBytes("salt");      byte[] messageBytes = encoding.GetBytes(this._jwtConfig.SecretKey);      using (var hmacsha256 = new HMACSHA256(keyByte))      {        byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);        this._base64Secret= Convert.ToBase64String(hashmessage);      }    }    /// <summary>    /// 生成Token    /// </summary>    /// <param name="Claims"></param>    /// <returns></returns>    public string GetToken(Dictionary<string, string> Claims)    {      List<Claim> claimsAll = new List<Claim>();      foreach (var item in Claims)      {        claimsAll.Add(new Claim(item.Key, item.Value));      }      var symmetricKey = Convert.FromBase64String(this._base64Secret);      var tokenHandler = new JwtSecurityTokenHandler();      var tokenDescriptor = new SecurityTokenDescriptor      {        Issuer = _jwtConfig.Issuer,        Audience = _jwtConfig.Audience,        Subject = new ClaimsIdentity(claimsAll),        NotBefore = DateTime.Now,        Expires = DateTime.Now.AddMinutes(this._jwtConfig.Lifetime),        SigningCredentials =new SigningCredentials(new SymmetricSecurityKey(symmetricKey),                      SecurityAlgorithms.HmacSha256Signature)      };      var securityToken = tokenHandler.CreateToken(tokenDescriptor);      return tokenHandler.WriteToken(securityToken);    }    public bool ValidateToken(string Token, out Dictionary<string, string> Clims)    {      Clims = new Dictionary<string, string>();      ClaimsPrincipal principal = null;      if (string.IsNullOrWhiteSpace(Token))      {        return false;      }      var handler = new JwtSecurityTokenHandler();      try      {        var jwt = handler.ReadJwtToken(Token);        if (jwt == null)        {          return false;        }        var secretBytes = Convert.FromBase64String(this._base64Secret);        var validationParameters = new TokenValidationParameters        {          RequireExpirationTime = true,          IssuerSigningKey = new SymmetricSecurityKey(secretBytes),          ClockSkew = TimeSpan.Zero,          ValidateIssuer = true,//是否验证Issuer          ValidateAudience = true,//是否验证Audience          ValidateLifetime = this._jwtConfig.ValidateLifetime,//是否验证失效时间          ValidateIssuerSigningKey = true,//是否验证SecurityKey          ValidAudience = this._jwtConfig.Audience,          ValidIssuer = this._jwtConfig.Issuer        };        SecurityToken securityToken;        principal = handler.ValidateToken(Token, validationParameters, out securityToken);        foreach (var item in principal.Claims)        {          Clims.Add(item.Type, item.Value);        }        return true;      }      catch (Exception ex)      {        return false;      }    }  }

services.AddTransient<IJwt, Jwt>(); // Jwt注入[Route("[controller]/[action]")]  [ApiController]  public class AuthController : ControllerBase  {    private IJwt _jwt;    public AuthController(IJwt jwt)    {      this._jwt = jwt;    }    /// <summary>    /// getToken    /// </summary>    /// <returns></returns>    [HttpPost]    public IActionResult GetToken()    {      if (true)      {        Dictionary<string, string> clims = new Dictionary<string, string>();        clims.Add("userName", userName);        return new JsonResult(this._jwt.GetToken(clims));      }    }  }

 public class UseJwtMiddleware  {    private readonly RequestDelegate _next;    private JwtConfig _jwtConfig =new JwtConfig();    private IJwt _jwt;    public UseJwtMiddleware(RequestDelegate next, IConfiguration configration,IJwt jwt)    {      _next = next;      this._jwt = jwt;      configration.GetSection("Jwt").Bind(_jwtConfig);    }    public Task InvokeAsync(HttpContext context)    {      if (_jwtConfig.IgnoreUrls.Contains(context.Request.Path))      {        return this._next(context);      }      else      {        if (context.Request.Headers.TryGetValue(this._jwtConfig.HeadField, out Microsoft.Extensions.Primitives.StringValues authValue))        {          var authstr = authValue.ToString();          if (this._jwtConfig.Prefix.Length > 0)          {            authstr = authValue.ToString().Substring(this._jwtConfig.Prefix.Length+1, authValue.ToString().Length -(this._jwtConfig.Prefix.Length+1));          }          if (this._jwt.ValidateToken(authstr, out Dictionary<string, string> Clims))          {            foreach (var item in Clims)            {              context.Items.Add(item.Key, item.Value);            }            return this._next(context);          }          else          {            context.Response.StatusCode = 401;            context.Response.ContentType = "application/json";            return context.Response.WriteAsync("{/"status/":401,/"statusMsg/":/"auth vaild fail/"}");          }        }        else        {          context.Response.StatusCode = 401;          context.Response.ContentType = "application/json";          return context.Response.WriteAsync("{/"status/":401,/"statusMsg/":/"auth vaild fail/"}");        }      }    }  }

public static class UseUseJwtMiddlewareExtensions  {    /// <summary>    /// 权限检查    /// </summary>    /// <param name="builder"></param>    /// <returns></returns>    public static IApplicationBuilder UseJwt(this IApplicationBuilder builder)    {      return builder.UseMiddleware<UseJwtMiddleware>();    }  }

app.UseJwt();

userless:prefix (从Auth/GetToken中获取到的token)