/// <summary> /// JwtToken 注入Token生成器参数,在token生成项目的Startup的ConfigureServices中使用 /// </summary> /// <param name="services">IServiceCollection</param> /// <returns></returns> public static IServiceCollection AddJTokenBuild(this IServiceCollection services) { var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Secret)), SecurityAlgorithms.HmacSha256); //如果第三个参数,是ClaimTypes.Role,上面集合的每个元素的Name为角色名称,如果ClaimTypes.Name,即上面集合的每个元素的Name为用户名 var permissionRequirement = new PermissionRequirement(Issuer, Audience, signingCredentials); return(services.AddSingleton(permissionRequirement)); }
/// <summary> /// 获取基于JWT的Token /// </summary> /// <returns></returns> public static string BuildJwtToken(Claim[] claims, PermissionRequirement permissionRequirement, TimeSpan expireTime) { var now = DateTime.UtcNow; var jwt = new JwtSecurityToken( issuer: permissionRequirement.Issuer, audience: permissionRequirement.Audience, claims: claims, notBefore: now, expires: now.Add(expireTime), signingCredentials: permissionRequirement.SigningCredentials ); return(new JwtSecurityTokenHandler().WriteToken(jwt)); }
public void ConfigureServices(IServiceCollection services, List <ResourcePremission> urls, List <UserPermission> permission) { //读取配置文件 var keyByteArray = Encoding.ASCII.GetBytes(Secret); var signingKey = new SymmetricSecurityKey(keyByteArray); var tokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = signingKey, ValidateIssuer = true, ValidIssuer = Issuer, ValidateAudience = true, ValidAudience = Audience, ValidateLifetime = true, ClockSkew = TimeSpan.Zero }; services.AddAuthentication(options => { options.DefaultScheme = AuthenticateScheme; //options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; //options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(AuthenticateScheme, o => { //不使用https o.RequireHttpsMetadata = false; o.TokenValidationParameters = tokenValidationParameters; }); var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256); //这个集合模拟用户权限表,可从数据库中查询出来 //如果第三个参数,是ClaimTypes.Role,上面集合的每个元素的Name为角色名称,如果ClaimTypes.Name,即上面集合的每个元素的Name为用户名 _permissionRequirement = new PermissionRequirement(Issuer, Audience, signingCredentials); //注入授权Handler services.AddSingleton <IAuthorizationHandler, PermissionHandler>(); services.AddSingleton(_permissionRequirement); services.AddAuthorization(options => { options.AddPolicy("Permission", policy => policy.Requirements.Add(_permissionRequirement)); }); }
public static string Login(this Controller c, LoginData data, PermissionRequirement permissionRequirement) { var claims = new Claim[] { new Claim(ClaimTypes.Sid, data.Sid), new Claim(ClaimTypes.Name, data.Name), new Claim(ClaimTypes.Role, data.Role), new Claim(ClaimTypes.Expiration, DateTime.Now.AddSeconds(ExpireTime.TotalSeconds).ToString(CultureInfo.InvariantCulture)) }; //用户标识 var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme); identity.AddClaims(claims); string token = JwtToken.BuildJwtToken(claims, permissionRequirement, ExpireTime); return(token.TrimStart('"').TrimEnd('"')); }
/// <summary> /// 注入Ocelot jwt策略,在业务API应用中的Startup的ConfigureServices调用 /// </summary> /// <param name="services">IServiceCollection</param> /// <param name="permission"></param> /// <param name="defaultScheme">默认架构</param> /// <returns></returns> public static AuthenticationBuilder AddOcelotPolicyJwtBearer(this IServiceCollection services, List <UserPermission> permission, string defaultScheme) { var keyByteArray = Encoding.ASCII.GetBytes(Secret); var signingKey = new SymmetricSecurityKey(keyByteArray); var tokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = signingKey, ValidateIssuer = true, ValidIssuer = Issuer, //发行人 ValidateAudience = true, ValidAudience = Audience, //订阅人 ValidateLifetime = true, ClockSkew = TimeSpan.Zero, RequireExpirationTime = true, }; var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256); //如果第三个参数,是ClaimTypes.Role,上面集合的每个元素的Name为角色名称,如果ClaimTypes.Name,即上面集合的每个元素的Name为用户名 var permissionRequirement = new PermissionRequirement(Issuer, Audience, signingCredentials); //注入授权Handler services.AddSingleton <IAuthorizationHandler, PermissionHandler>(); services.AddSingleton(permissionRequirement); services.AddSingleton(permission); return(services.AddAuthorization(options => { options.AddPolicy("Permission", policy => policy.Requirements.Add(permissionRequirement)); }) .AddAuthentication(options => { options.DefaultScheme = defaultScheme; }) .AddJwtBearer(defaultScheme, o => { //不使用https o.RequireHttpsMetadata = false; o.TokenValidationParameters = tokenValidationParameters; })); }