/// <summary>
/// 获取基于JWT的Token
/// </summary>
/// <param name="claims">需要在登陆的时候配置</param>
/// <param name="permissionRequirement">在startup中定义的参数</param>
/// <returns></returns>
public static dynamic BuildJwtToken(Claim[] claims, PermissionRequirement permissionRequirement)
{
var now = DateTime.Now.ToLocalTime();
// 实例化JwtSecurityToken
var jwt = new JwtSecurityToken(
issuer: permissionRequirement.Issuer,
audience: permissionRequirement.Audience,
claims: claims,
notBefore: now,
expires: now.Add(permissionRequirement.Expiration),
signingCredentials: permissionRequirement.SigningCredentials
);
// 生成 Token
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
//打包返回前台
var responseJson = new
{
token = encodedJwt,
expires_in = permissionRequirement.Refresh.TotalSeconds,
timeStamp = now.Add(permissionRequirement.Refresh).TimeToString(),
token_type = "Bearer"
};
return(JsonRes.Success(responseJson));
// ResponseMessage.Success(OperateType.Get, "登录", data: responseJson);
}
/// <summary>
/// jwt认证配置
/// </summary>
/// <param name="services"></param>
public static void AddJWT(this IServiceCollection services)
{
string SSecretKey = AppSettings.App("JWTSettings", "SecretKey");
string SRefreshTime = AppSettings.App("JWTSettings", "RefreshTime");
string SAbsoluteTime = AppSettings.App("JWTSettings", "AbsoluteTime");
string SIssuer = AppSettings.App("JWTSettings", "Issuer");
string SAudience = AppSettings.App("JWTSettings", "Audience");
//读取配置文件
//var audienceConfig = Configuration.GetSection("JWTSettings");
var symmetricKeyAsBase64 = SSecretKey; // 密钥
var refreshTime = int.Parse(SRefreshTime); // 刷新token时间
var absoluteTime = int.Parse(SAbsoluteTime); // 绝对过期时间
var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
var signingKey = new SymmetricSecurityKey(keyByteArray);
// 生成加密签名
var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
//角色列表
var permission = new List <PermissionItem>();
// 角色与接口的权限要求参数
var permissionRequirement = new PermissionRequirement(
"/api/denied", // 拒绝授权的跳转地址(目前无用)
permission,
ClaimTypes.UserData, //基于用户的授权
SIssuer, //发行人
SAudience, //听众
signingCredentials, //签名凭据
expiration: TimeSpan.FromSeconds(absoluteTime), //接口的过期时间
refresh: TimeSpan.FromSeconds(refreshTime) // token刷新时间
);
//【授权】
services.AddAuthorization(options =>
{
options.AddPolicy("Permission",
policy => policy.Requirements.Add(permissionRequirement));
});
// 令牌验证参数
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
ValidateIssuer = true,
ValidIssuer = SIssuer, //发行人
ValidateAudience = true,
ValidAudience = SAudience, //订阅人
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero, // 缓冲过期时间
// RequireExpirationTime = true,
};
//2.1【认证】、core自带官方JWT认证
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
o.TokenValidationParameters = tokenValidationParameters;
o.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
// 如果过期,则把<是否过期>添加到,返回头信息中
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return(Task.CompletedTask);
}
};
});
services.AddSingleton <IAuthorizationHandler, PermissionHandler>();
services.AddSingleton(permissionRequirement);
}