/// <summary>
/// 此方法用解码字符串token,并返回秘钥的信息对象
/// </summary>
/// <param name="token"></param>
/// <returns></returns>
protected ClaimsPrincipal GetPrincipal(string token)
{
try
{
var tokenHandler = new JwtSecurityTokenHandler(); // 创建一个JwtSecurityTokenHandler类,用来后续操作
var jwtToken = tokenHandler.ReadToken(token) as JwtSecurityToken; // 将字符串token解码成token对象
if (jwtToken == null)
{
return(null);
}
var validationParameters = new TokenValidationParameters() // 生成验证token的参数
{
ValidateIssuer = true, //是否验证Issuer
ValidateAudience = true, //是否验证Audience
ValidateLifetime = true, //是否验证失效时间
ValidateIssuerSigningKey = true, //是否验证SecurityKey
ValidAudience = AppConfigurations.GetSection("JWT:audience"), //Audience
ValidIssuer = AppConfigurations.GetSection("JWT:issuer"), //Issuer,这两项和前面签发jwt的设置一致
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(AppConfigurations.GetSection("JWT:SecurityKey"))) //拿到SecurityKey
};
SecurityToken securityToken; // 接受解码后的token对象
return(tokenHandler.ValidateToken(token, validationParameters, out securityToken));
}
catch
{
return(null);
}
}
/// <summary>
/// 获取Token
/// </summary>
/// <param name="claims"></param>
/// <returns></returns>
private string CreateAccessToken(IEnumerable <Claim> claims)
{
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(AppConfigurations.GetSection("JWT:SecurityKey")));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var authTime = DateTime.UtcNow;
var expiresAt = authTime.AddDays(int.Parse(AppConfigurations.GetSection("JWT:expires")));
var token = new JwtSecurityToken(
issuer: AppConfigurations.GetSection("JWT:issuer"),
audience: AppConfigurations.GetSection("JWT:audience"),
claims: claims,
expires: expiresAt,
signingCredentials: creds);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
