Ejemplo n.º 1
0
        /// <summary>
        /// 获取基于JWT的Token
        /// </summary>
        /// <param name="claims">需要在登陆的时候配置</param>
        /// <param name="permissionRequirement">在startup中定义的参数</param>
        /// <returns></returns>
        public static dynamic BuildJwtToken(Claim[] claims, PermissionRequirement permissionRequirement)
        {
            var now = DateTime.Now.ToLocalTime();
            // 实例化JwtSecurityToken
            var jwt = new JwtSecurityToken(
                issuer: permissionRequirement.Issuer,
                audience: permissionRequirement.Audience,
                claims: claims,
                notBefore: now,
                expires: now.Add(permissionRequirement.Expiration),
                signingCredentials: permissionRequirement.SigningCredentials
                );
            // 生成 Token
            var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);

            //打包返回前台
            var responseJson = new
            {
                token      = encodedJwt,
                expires_in = permissionRequirement.Refresh.TotalSeconds,
                timeStamp  = now.Add(permissionRequirement.Refresh).TimeToString(),
                token_type = "Bearer"
            };

            return(JsonRes.Success(responseJson));
            // ResponseMessage.Success(OperateType.Get, "登录", data: responseJson);
        }
Ejemplo n.º 2
0
        /// <summary>
        /// jwt认证配置
        /// </summary>
        /// <param name="services"></param>
        public static void AddJWT(this IServiceCollection services)
        {
            string SSecretKey    = AppSettings.App("JWTSettings", "SecretKey");
            string SRefreshTime  = AppSettings.App("JWTSettings", "RefreshTime");
            string SAbsoluteTime = AppSettings.App("JWTSettings", "AbsoluteTime");
            string SIssuer       = AppSettings.App("JWTSettings", "Issuer");
            string SAudience     = AppSettings.App("JWTSettings", "Audience");
            //读取配置文件
            //var audienceConfig = Configuration.GetSection("JWTSettings");
            var symmetricKeyAsBase64 = SSecretKey;               // 密钥
            var refreshTime          = int.Parse(SRefreshTime);  // 刷新token时间
            var absoluteTime         = int.Parse(SAbsoluteTime); // 绝对过期时间

            var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
            var signingKey   = new SymmetricSecurityKey(keyByteArray);

            // 生成加密签名
            var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);

            //角色列表
            var permission = new List <PermissionItem>();
            // 角色与接口的权限要求参数
            var permissionRequirement = new PermissionRequirement(
                "/api/denied",                                  // 拒绝授权的跳转地址(目前无用)
                permission,
                ClaimTypes.UserData,                            //基于用户的授权
                SIssuer,                                        //发行人
                SAudience,                                      //听众
                signingCredentials,                             //签名凭据
                expiration: TimeSpan.FromSeconds(absoluteTime), //接口的过期时间
                refresh: TimeSpan.FromSeconds(refreshTime)      // token刷新时间
                );

            //【授权】
            services.AddAuthorization(options =>
            {
                options.AddPolicy("Permission",
                                  policy => policy.Requirements.Add(permissionRequirement));
            });

            // 令牌验证参数
            var tokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey         = signingKey,
                ValidateIssuer           = true,
                ValidIssuer      = SIssuer,       //发行人
                ValidateAudience = true,
                ValidAudience    = SAudience,     //订阅人
                ValidateLifetime = true,
                ClockSkew        = TimeSpan.Zero, // 缓冲过期时间
                // RequireExpirationTime = true,
            };

            //2.1【认证】、core自带官方JWT认证
            services.AddAuthentication(x =>
            {
                x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                x.DefaultChallengeScheme    = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(o =>
            {
                o.TokenValidationParameters = tokenValidationParameters;
                o.Events = new JwtBearerEvents
                {
                    OnAuthenticationFailed = context =>
                    {
                        // 如果过期,则把<是否过期>添加到,返回头信息中
                        if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
                        {
                            context.Response.Headers.Add("Token-Expired", "true");
                        }
                        return(Task.CompletedTask);
                    }
                };
            });

            services.AddSingleton <IAuthorizationHandler, PermissionHandler>();
            services.AddSingleton(permissionRequirement);
        }