第一步:在Nuget上安裝"Microsoft.AspNet.WebApi.Cors"包,並對api controller使用[EnableCors]特性以及Microsoft.AspNetCore.Authentication.JwtBearer包
第二步:創建.netcore API項目 /控制器:AuthenticateController
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Cors; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; using static JSON_WEB_Token.Helper; namespace JSON_WEB_Token.Controllers { //跨域標簽
[EnableCors("anyPolicy")] //API接口打上Authorize標簽
[Authorize] [ApiController] //路由配置
[Route("api/[controller]/[action]")] public class AuthenticateController : ControllerBase { private JwtSettingsModel _jwtSettings; public AuthenticateController(IOptions<JwtSettingsModel> jwtSetting) { _jwtSettings = jwtSetting.Value; } [HttpPost] public IActionResult Token([FromBody]PasswordModel request) { var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtSettings.SecetKey)); string userId = request.UserName == null ? request.UserName : request.UserNo; if (request.UserName != "test" && request.PassWord != "123" ) { return BadRequest(); }
var tokenModel = Helper.GetAccessTokenModel (new UserData() { UserGid = strUserGid, UserNo = "test" }, 24 * 365 ); return Ok(tokenModel); } } public class PasswordModel { public string UserName { get; set; } public string PassWord { get; set; } public string UserNo { get; set; } public string ClientSecret { get; set; } } }
第三步: Helper
using Microsoft.Extensions.Configuration; using Microsoft.IdentityModel.Tokens; using System; using System.Collections.Generic; using System.ComponentModel.DataAnnotations; using System.IdentityModel.Tokens.Jwt; using System.IO; using System.Linq; using System.Security.Claims; using System.Text; using System.Threading.Tasks; namespace JSON_WEB_Token { public class Helper { public static AccessTokenResponse GetAccessTokenModel(UserData userData, int hours = 24, DateTime? expireTimeSpan = null) { JwtSettingsModel _jwtSettings = GetAppsettings<JwtSettingsModel>("JwtSettings"); //創建claim
var claim = new Claim[]{ new Claim(ClaimTypes.Sid,userData.UserGid.ToString()), new Claim(ClaimTypes.Name,userData.UserNo), new Claim(ClaimTypes.Role,TokenRoleType.UserApp),
}; //對稱秘鑰 簽名秘鑰
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtSettings.SecetKey)); //簽名證書(秘鑰,加密算法)
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); //生成token
DateTime expiresDate = expireTimeSpan ?? System.DateTime.Now.AddHours(hours); var token = new JwtSecurityToken(_jwtSettings.Issuer, _jwtSettings.Audience, claim, DateTime.Now, expiresDate, creds); //保存token
var accessTokenModel = new AccessTokenResponse(); accessTokenModel.TokenType = "Bearer"; accessTokenModel.UserNo = userData.UserNo; accessTokenModel.ExpiresDate = DateTimeToTimestamp(expiresDate); accessTokenModel.AccessToken = new JwtSecurityTokenHandler().WriteToken(token); return accessTokenModel; } public static long DateTimeToTimestamp(DateTime dateTime) { var start = new DateTime(1970, 1, 1, 0, 0, 0, dateTime.Kind); return Convert.ToInt64((dateTime - start).TotalSeconds); } public class UserData { public Guid UserGid { get; set; } public string UserNo { get; set; } [Required] public string UserName { get; set; } public string PassWord { get; set; } } public class AccessTokenResponse { public string TokenType { get; set; } = "Bearer"; public string UserNo { get; set; } public string AccessToken { get; set; } public long ExpiresDate { get; set; } } /// <summary>
/// 獲取配置文件信息 /// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="setKey"></param>
/// <returns></returns>
public static T GetAppsettings<T>(string setKey) { var builder = new Microsoft.Extensions.Configuration.ConfigurationBuilder() .SetBasePath(Directory.GetCurrentDirectory()) .AddJsonFile("appsettings.json").Build(); return builder.GetSection(setKey).Get<T>(); } /// <summary>
/// Token用戶類型 /// </summary>
public class TokenRoleType { /// <summary>
/// 匿名Token /// </summary>
public const string GuoWaiApp = "國外渠道"; /// <summary>
/// 用戶Token /// </summary>
public const string UserApp = "國內渠道"; } } }
第四:JwtSettingsModel
using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; namespace JSON_WEB_Token { public class JwtSettingsModel { //token是誰頒發的
public string Issuer { get; set; } //token可以給哪些客戶端使用
public string Audience { get; set; } //加密的key 必須是16個字符以上,要大於128個字節
public string SecetKey { get; set; } } public class AccessTokenErrModel { public string AppId { get; set; } public string errcode { get; set; } public string errmsg { get; set; } public Guid UserGid { get; set; } } }
第五:appsettings
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*",
"JwtSettings": {
"Issuer": "http://localhost:44305",
"Audience": "http://localhost:44305",
"SecetKey": "HelloWorldHelloWorldHelloWorld"
}
}
第六:Startup
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.HttpsPolicy; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Logging; using Microsoft.IdentityModel.Tokens; namespace JSON_WEB_Token { public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services) { services.AddControllers(); #region json web token 添加認證服務
//將appsettings.json中的JwtSettings部分文件讀取到JwtSettings中
services.Configure<JwtSettingsModel>(Configuration.GetSection("JwtSettings")); //使用Bind的方式讀取配置 //將配置綁定到JwtSettings實例中
var jwtSettings = new JwtSettingsModel(); Configuration.Bind("JwtSettings", jwtSettings); services.AddAuthentication(options => { //認證middleware配置
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(options => { //options.SaveToken = true; //options.RequireHttpsMetadata = false; //主要是jwt token參數設置
options.TokenValidationParameters = new TokenValidationParameters { //Token頒發機構
ValidIssuer = jwtSettings.Issuer, //頒發給誰
ValidAudience = jwtSettings.Audience, //這里的key要進行加密
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSettings.SecetKey)) }; }); #endregion
#region 注冊跨域請求服務 CORS 中間件處理跨域請求
//注冊跨域請求服務 允許所有來源、所有方法、所有請求標頭、允許請求憑據
services.AddCors(options => { //注冊默認策略
options.AddDefaultPolicy( builder => { builder.AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() // .AllowCredentials()
; }); //注冊一個策略名稱
options.AddPolicy("anyPolicy", builder => { builder.WithOrigins("http://127.0.0.1:9102", "https://www.baidu.com") .AllowAnyMethod() .AllowAnyHeader() // .AllowCredentials()
; }); }); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_3_0); #endregion } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseExceptionHandler("/Home/Error"); } app.UseHttpsRedirection(); ///////////////////////////////////////////// //授權(Authorization)
app.UseAuthorization(); ///添加中間件(Middleware) 啟用驗證
app.UseAuthentication(); /////////////////////////////////////////////////
app.UseCors("anyPolicy"); // 設置全局跨域
app.UseRouting(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); endpoints.MapControllerRoute( name: "default", pattern: "{controller=Authenticate}/{action=Index}/{id?}"); }); } } }
第七:postman請求
