1、nuget搜索JWT並安裝
2、創建ApiAuthorizeAttribute,作為驗證特性
/// <summary> /// 身份認證攔截器 /// </summary> public class ApiAuthorizeAttribute: AuthorizeAttribute { /// <summary> /// 指示指定的控件是否已獲得授權 /// </summary> /// <param name="actionContext"></param> /// <returns></returns> protected override bool IsAuthorized(HttpActionContext actionContext) { //前端請求api時會將token存放在名為"auth"的請求頭中 var authHeader = from t in actionContext.Request.Headers where t.Key == "Authorization" select t.Value.FirstOrDefault(); if (authHeader != null) { const string secretKey = "Hello World";//加密秘鑰 string token = authHeader.FirstOrDefault();//獲取token if (!string.IsNullOrEmpty(token)) { try { byte[] key = Encoding.UTF8.GetBytes(secretKey); IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); //解密 var json = decoder.DecodeToObject<AuthInfo>(token, key, verify: true); if (json != null) { //判斷口令過期時間 if (json.ExpiryDateTime < DateTime.Now) { return false; } actionContext.RequestContext.RouteData.Values.Add("Authorization", json); return true; } return false; } catch (Exception ex) { return false; } } } return false; } /// <summary> /// 處理授權失敗的請求 /// </summary> /// <param name="actionContext"></param> protected override void HandleUnauthorizedRequest(HttpActionContext actionContext) { var erModel = new { Success = "false", ErrorCode = "401" }; actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, erModel, "application/json"); }
3、新建3個類,
/// <summary> /// 身份驗證信息 模擬JWT的payload /// </summary> public class AuthInfo { /// <summary> /// 用戶名 /// </summary> public string UserName { get; set; } /// <summary> /// 角色 /// </summary> public List<string> Roles { get; set; } /// <summary> /// 是否管理員 /// </summary> public bool IsAdmin { get; set; } /// <summary> /// 口令過期時間 /// </summary> public DateTime? ExpiryDateTime { get; set; } }
/// <summary> /// 登錄用戶信息 /// </summary> public class LoginRequest { /// <summary> /// 用戶名 /// </summary> public string UserName { get; set; } /// <summary> /// 密碼 /// </summary> public string Password { get; set; } }
/// <summary> /// 生成的口令信息 /// </summary> public class TokenInfo { /// <summary> /// 是否成功 /// </summary> public bool Success { get; set; } /// <summary> /// 令牌 /// </summary> public string Token { get; set; } /// <summary> /// 錯誤信息 /// </summary> public string Message { get; set; } }
4、新建一個獲取token的controller
/// <summary> /// 登錄 /// </summary> /// <param name="loginRequest"></param> /// <returns></returns> [HttpPost] [Route("Login")] public TokenInfo Login([FromBody] LoginRequest loginRequest) { TokenInfo tokenInfo = new TokenInfo();//需要返回的口令信息 if (loginRequest != null) { string userName = loginRequest.UserName; string passWord = loginRequest.Password; bool isAdmin = (userName == "admin") ? true : false; //模擬數據庫數據,真正的數據應該從數據庫讀取 //身份驗證信息 AuthInfo authInfo = new AuthInfo { UserName = userName, Roles = new List<string> { "admin", "commonrole" }, IsAdmin = isAdmin, ExpiryDateTime = DateTime.Now.AddHours(2) }; const string secretKey = "Hello World";//口令加密秘鑰 try { byte[] key = Encoding.UTF8.GetBytes(secretKey); IJwtAlgorithm algorithm = new HMACSHA256Algorithm();//加密方式 IJsonSerializer serializer = new JsonNetSerializer();//序列化Json IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();//base64加解密 IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);//JWT編碼 var token = encoder.Encode(authInfo, key);//生成令牌 //口令信息 tokenInfo.Success = true; tokenInfo.Token = token; tokenInfo.Message = "OK"; } catch (Exception ex) { tokenInfo.Success = false; tokenInfo.Message = ex.Message.ToString(); } } else { tokenInfo.Success = false; tokenInfo.Message = "用戶信息為空"; } return tokenInfo; }
5、新建一個驗證controller
/// <summary> /// 獲取用戶信息 /// </summary> /// <returns></returns> [ApiAuthorize] [HttpGet] [Route("api/GetUserInfo")] public string GetUserInfo() { var userInfo = new { UserName = "test", Tel = "123456789", Address = "testddd" }; return JsonConvert.SerializeObject(userInfo); }
6、運行獲取token
7、驗證token
