上一篇我們已經弄好了swaager ,接下賴集成一下jwt進行認證。
首先引入Microsoft.AspNetCore.Authentication.JwtBearer nuget包
在startup中加入jwt配置。這里ValidIssuer和ValidAudience和secret 最好配置一下,我這里寫死了。
services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(x => { x.RequireHttpsMetadata = false; x.SaveToken = true; x.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("123456111111111111111111")),//token.Secret)), ValidIssuer = "webapi.cn",//token.Issuer, ValidAudience = "WebApi",//token.Audience, ValidateIssuer = true, ValidateAudience = true }; }); }
在上一篇swagger的配置中加入jwt驗證配置
services.AddSwaggerGen(s => { s.SwaggerDoc("v1", new OpenApiInfo { Title = "My API", Version = "v1" }); s.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme() { Description = "在下框中輸入請求頭中需要添加Jwt授權Token:Bearer Token", Name = "Authorization", In = ParameterLocation.Header, Type = SecuritySchemeType.ApiKey, BearerFormat = "JWT", Scheme = "Bearer" }); s.AddSecurityRequirement(new OpenApiSecurityRequirement { { new OpenApiSecurityScheme{ Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "Bearer"} },new string[] { } } }); });
這樣swaager的jwt授權認證就弄好了,接下來寫個接口獲取一下token
[HttpGet] [Route("/GetToken")] public ActionResult<string> GetToken() { var claims = new[] { new Claim(ClaimTypes.Name,"Ers") }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("123456111111111111111111")); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var jwtToken = new JwtSecurityToken("webapi.cn", "WebApi", claims, expires: DateTime.Now.AddMinutes(30), signingCredentials: credentials); var token = new JwtSecurityTokenHandler().WriteToken(jwtToken); return token; }
在原來的天氣接口上加上[Authorize] 特性
在startup管道中啟用授權app.UseAuthentication();
運行一下,訪問天氣接口,發現訪問不了,因為加了[Authorize]特性后需要認證,如下圖,出現401沒有權限的標志。
訪問swagger主頁出現一個Authorize的標志,點擊可以輸入jwt的驗證字符。
運行獲取weatherforecast接口,運行結果還是401,因為我們在接口添加了【Authorize】后接口需要一個認證
現在去拿一下token,運行GetToken,獲取Token字符串,
將字符串添加到swagger提供的Authorize認證框里面,粘貼token之前要寫上Bearer加一個空格,再粘上token.點擊Authorize,完成。
再次運行獲取天氣接口
成功了,。