JWT认证简单介绍

关于Jwt的介绍网上很多，此处不在赘述，我们主要看看jwt的结构。

JWT主要由三部分组成，如下：

HEADER.PAYLOAD.SIGNATURE

HEADER包含token的元数据，主要是加密算法，和签名的类型，如下面的信息，说明了

加密的对象类型是JWT，加密算法是HMAC SHA-256

{"alg":"HS256","typ":"JWT"}

然后需要通过BASE64编码后存入token中

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9    

Payload主要包含一些声明信息（claim），这些声明是key-value对的数据结构。

通常如用户名，角色等信息，过期日期等，因为是未加密的，所以不建议存放敏感信息。

{"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name":"admin","exp":1578645536,"iss":"webapi.cn","aud":"WebApi"}

最后生成的token如下

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiYWRtaW4iLCJleHAiOjE1Nzg2NDU1MzYsImlzcyI6IndlYmFwaS5jbiIsImF1ZCI6IldlYkFwaSJ9.2_akEH40LR2QWekgjm8Tt3lesSbKtDethmJMo_3jpF4

开发环境

框架：asp.net 3.1

IDE：VS2019

ASP.NET 3.1 Webapi中使用JWT认证

1、引用Jwt 的 Microsoft.AspNetCore.Authentication.JwtBearer库

 2、在Dto层新建一个Jwt签发类

    /// <summary>
    /// POCO类，用来存储签发或者验证jwt时用到的信息
    /// </summary>
    public class TokenManagement
    {
        public static string Secret = "123456123456123456";//私钥

        public static string Issuer = "webapi.cn";

        public static string Audience = "WebApi";

        public static int AccessExpiration = 180;//过期时间

        public static int RefreshExpiration = 180;//刷新时间
    }

3、在启动类中注册JWT服务，如下：

        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllers();
            #region 注册JWT
            services.AddAuthentication(x =>
            {
                x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(x =>
            {
                x.RequireHttpsMetadata = false;
                x.SaveToken = true;
                x.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(TokenManagement.Secret)),
                    ValidIssuer = TokenManagement.Issuer,
                    ValidAudience = TokenManagement.Audience,
                    ValidateIssuer = false,
                    ValidateAudience = false
                };
            });
            #endregion

View Code

4、在Configure方法中启用验证

app.UseAuthentication();

注意要添加在 app.UseAuthorization(); 上边

        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            //允许跨域
            app.UseCors(builder => builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod());
            // 启用Swagger中间件
            app.UseSwagger(c => c.RouteTemplate = "swagger/{documentName}/swagger.json");
            // 配置SwaggerUI
            app.UseSwaggerUI(c =>
            {
                //c.SwaggerEndpoint($"/swagger/demo/swagger.json", "demo");
                c.SwaggerEndpoint($"/swagger/v1/swagger.json", "V1");
            });

            app.UseHttpsRedirection();

            app.UseRouting();
            app.UseAuthentication();
            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }