碼上歡樂
相關內容    簡體    繁體

.net core webapi jwt 更為清爽的認證 ,續期很簡單(2)

本文轉載自   查看原文   2019-05-27 16:19   1437    C#隨筆

.net core webapi jwt 更為清爽的認證  后續:續期以及設置Token過期

續期: 續期的操作是在中間件中進行的,續期本身包括了前一個Token的過期加發放新的Token,所以在說續期前先說Token過期

在開始之前先增加相應的配置:續期間隔 和 續期攜帶給前端的新Token的Head.jwtConfig同步修改

 "Jwt": {
    "Issuer": "issuer",
    "Audience": "Audience",
    "SecretKey": "abc",
    "Lifetime": 20, //單位分鍾
    "RenewalTime": 10, //單位分鍾,Token續期的時間間隔,10表示超過10分鍾再次請求就續期
    "ValidateLifetime": true,
    "HeadField": "Auth", //頭字段
    "ReTokenHeadField": "ReToken",
    "Prefix": "", //前綴
    "IgnoreUrls": [ "/swagger/index.html", "/swagger/v1/swagger.json", "/Auth/GetToken", "/Auth/InvalidateToken" ]
  }
 internal class JwtConfig
    {
        public string Issuer { get; set; }
        public string Audience { get; set; }

        /// <summary>
        /// 加密key
        /// </summary>
        public string SecretKey { get; set; }
        /// <summary>
        /// 生命周期
        /// </summary>
        public int Lifetime { get; set; }
        /// <summary>
        /// 續期時間
        /// </summary>
        public int RenewalTime { get; set; }
        /// <summary>
        /// 是否驗證生命周期
        /// </summary>
        public bool ValidateLifetime { get; set; }
        /// <summary>
        /// 驗證頭字段
        /// </summary>
        public string HeadField { get; set; }
        /// <summary>
        /// 新Token的Head字段
        /// </summary>
        public string ReTokenHeadField { get; set; }
        /// <summary>
        /// jwt驗證前綴
        /// </summary>
        public string Prefix { get; set; }
        /// <summary>
        /// 忽略驗證的url
        /// </summary>
        public List<string> IgnoreUrls { get; set; }
    }
View Code

 

1.設置Token過期

首先在Jwt.cs中增加靜態屬性 

public static List<string> InvalidateTokens = new List<string>();

然后添加 Jwt中添加方法:

bool InvalidateToken(string Token);
View Code 
public bool InvalidateToken(string Token)
        {
            if (!InvalidateTokens.Contains(Token))
            {
                InvalidateTokens.Add(Token);
            }
            return true;
        }
View Code

修改Jwt中GetToken的方法:

string GetToken(IDictionary<string, string> Clims,string OldToken=null);
  public string GetToken(IDictionary<string, string> Claims,string OldToken=null)
        {
            List<Claim> claimsAll = new List<Claim>();
            foreach (var item in Claims)
            {
                claimsAll.Add(new Claim(item.Key, item.Value??""));
            }
            var symmetricKey = Convert.FromBase64String(this._base64Secret);
            var tokenHandler = new JwtSecurityTokenHandler();
            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Issuer = _jwtConfig.Issuer,
                Audience = _jwtConfig.Audience,
                Subject = new ClaimsIdentity(claimsAll),
                NotBefore = DateTime.Now,
                Expires = DateTime.Now.AddMinutes(this._jwtConfig.Lifetime),
                SigningCredentials =new SigningCredentials(new SymmetricSecurityKey(symmetricKey),
                                           SecurityAlgorithms.HmacSha256Signature)
            };
            var securityToken = tokenHandler.CreateToken(tokenDescriptor);
            if (!string.IsNullOrEmpty(OldToken))//執行舊Token過期
            {
                if (!InvalidateTokens.Contains(OldToken))
                {
                    InvalidateTokens.Add(OldToken);
                }
            }
            return tokenHandler.WriteToken(securityToken);
        }
View Code

修改: ValidateToken

  public bool ValidateToken(string Token, out Dictionary<string, string> Clims)
        {
            Clims = new Dictionary<string, string>();
            if (InvalidateTokens.Contains(Token))
            {
                return false;
            }
            ClaimsPrincipal principal = null;
            if (string.IsNullOrWhiteSpace(Token))
            {
                return false;
            }
            var handler = new JwtSecurityTokenHandler();
            try
            {
                var jwt = handler.ReadJwtToken(Token);
                if (jwt == null)
                {
                    return false;
                }
                var secretBytes = Convert.FromBase64String(this._base64Secret);
                var validationParameters = new TokenValidationParameters
                {
                    RequireExpirationTime = true,
                    IssuerSigningKey = new SymmetricSecurityKey(secretBytes),
                    ClockSkew = TimeSpan.Zero,
                    ValidateIssuer = true,//是否驗證Issuer
                    ValidateAudience = true,//是否驗證Audience
                    ValidateLifetime = this._jwtConfig.ValidateLifetime,//是否驗證失效時間
                    ValidateIssuerSigningKey = true,//是否驗證SecurityKey
                    ValidAudience = this._jwtConfig.Audience,
                    ValidIssuer = this._jwtConfig.Issuer
                };
                SecurityToken securityToken;
                principal = handler.ValidateToken(Token, validationParameters, out securityToken);
                foreach (var item in principal.Claims)
                {
                    Clims.Add(item.Type, item.Value);
                }
                return true;
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
                return false;
            }
        }
View Code

 

緊接着在Auth中增加接口

/// <summary>
        /// 強制Token失效
        /// </summary>
        /// <param name="Token"></param>
        /// <returns></returns>
        [HttpPost]
        public IActionResult InvalidateToken(string Token)
        {
            return new JsonResult(this._jwt.InvalidateToken(Token));
        }

//需要讓當前Token強制過期的時候,客戶端調用 InvalidateToken 傳入當前Token就可以

2.續期:修改中間件:UseJwtMiddleware

public class UseJwtMiddleware
    {
        private readonly RequestDelegate _next;
        private JwtConfig _jwtConfig =new JwtConfig();
        private IJwt _jwt;
        public UseJwtMiddleware(RequestDelegate next, IConfiguration configration,IJwt jwt)
        {
            _next = next;
            this._jwt = jwt;
            configration.GetSection("Jwt").Bind(_jwtConfig);
        }
        public Task InvokeAsync(HttpContext context)
        {
            if (_jwtConfig.IgnoreUrls.Contains(context.Request.Path))
            {
                return this._next(context);
            }
            else
            {
                if (context.Request.Headers.TryGetValue(this._jwtConfig.HeadField, out Microsoft.Extensions.Primitives.StringValues authValue))
                {
                    var authstr = authValue.ToString();
                    if (this._jwtConfig.Prefix.Length > 0)
                    {
                        authstr = authValue.ToString().Substring(this._jwtConfig.Prefix.Length+1, authValue.ToString().Length -(this._jwtConfig.Prefix.Length+1));
                    }
                    if (this._jwt.ValidateToken(authstr, out Dictionary<string, string> Clims)&&!Jwt.InvalidateTokens.Contains(authstr))
                    {
                        List<string> climsKeys = new List<string>() { "nbf", "exp", "iat", "iss","aud" };
                        IDictionary<string, string> RenewalDic = new Dictionary<string, string>();
                        foreach (var item in Clims)
                        {
                            if (climsKeys.FirstOrDefault(o=>o==item.Key) == null)
                            {
                                context.Items.Add(item.Key, item.Value);
                                RenewalDic.Add(item.Key, item.Value);
                            }
                        }
                        //驗證通過的情況下判斷續期時間
                        if (Clims.Keys.FirstOrDefault(o => o == "exp") != null)
                        {
                            var start = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
                            var timespan = long.Parse(Clims["exp"]);
                            var expDate = start.AddSeconds(timespan).ToLocalTime();
                            var o = expDate - DateTime.Now;
                            if (o.TotalMinutes < _jwtConfig.RenewalTime)
                            {
                                //執行續期當前Token立馬失效
                                //var newToken = this._jwt.GetToken(RenewalDic, authstr);
                   //var newToken=this._jwt.GetToken(RenewalDic);//生成新Token當前Token仍可用,過期時間以Lifetime設置為准
                                context.Response.Headers.Add(_jwtConfig.ReTokenHeadField, newToken);
                            }
                        }
                        return this._next(context);
                    }
                    else
                    {
                        context.Response.StatusCode = 401;
                        context.Response.ContentType = "application/json";
                        return context.Response.WriteAsync("{\"status\":401,\"statusMsg\":\"auth vaild fail\"}");
                    }
                }
                else
                {
                    context.Response.StatusCode = 401;
                    context.Response.ContentType = "application/json";
                    return context.Response.WriteAsync("{\"status\":401,\"statusMsg\":\"auth vaild fail\"}");
                }
            }
        }
    }

本例中,當客戶端獲取Token超過10分鍾未超過20分鍾的這個時間段如果再執行請求,那么服務端就會給Head頭上帶上 ReToken:newToken

下次請求帶着新Token過來就可以

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 .NET Core 集成JWT認證 【從0開始.NET CORE認證】-4 開啟OAuth認證之JWT 【轉】ASP.NET Core WebAPI JWT Bearer 認證失敗返回自定義數據 Json ASP.NET Core WebAPI中使用JWT Bearer認證和授權 .Net5.0 WebApi 注冊登錄以及基於JWT的簡單身份認證與授權 .NET core webApi 使用JWT驗證簽名 .NET CORE WebAPI JWT身份驗證 路由其實也可以很簡單-------Asp.net WebAPI學習筆記(一) ASP.NET Core 基於JWT的認證(二) ASP.NET Core 基於JWT的認證(一)
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM