Exemple #1
0
        /// <summary>
        /// 获取JwtToken
        /// </summary>
        /// <param name="identity">管理员信息</param>
        /// <returns></returns>
        public static string GetJwtToken(IdentityModel identity)
        {
            identity.NotNull(nameof(IdentityModel));
            //获取设定发行名
            var iss = AppSettings.GetVal("Authorize", "Issuer");
            //获取设定受众
            var aud = AppSettings.GetVal("Authorize", "Aud");
            //获取设定密码
            var pwd = AppSettings.GetVal("Authorize", "SginKey");

            var claims = new List <Claim>
            {
                //用户id做唯一标识符
                new Claim(JwtRegisteredClaimNames.Jti, identity.UId.ToString()),
                //开始时间
                new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds().ToString()),
                //限制不可早于这个时间
                new Claim(JwtRegisteredClaimNames.Nbf, new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds().ToString()),
                //过期时间
                new Claim(JwtRegisteredClaimNames.Exp, new DateTimeOffset(DateTime.Now.AddHours(1)).ToUnixTimeSeconds().ToString()),
                //发行人
                new Claim(JwtRegisteredClaimNames.Iss, iss),
                //受众
                new Claim(JwtRegisteredClaimNames.Aud, aud),
            };

            // 可以将一个用户的多个角色全部赋予
            identity.Role.ForEach(x =>
            {
                claims.Add(new Claim(ClaimTypes.Role, x.ToString()));
            });
            //获取Byte密码
            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(pwd));
            //设定加密格式加密
            var code = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
            //设定JwtSecurityToken实例
            var jwt = new JwtSecurityToken
                      (
                issuer: iss,
                claims: claims,
                signingCredentials: code
                      );

            //序列化JwtSecurityToken设定值
            return(new JwtSecurityTokenHandler().WriteToken(jwt));
        }