/// <summary> /// Token 创建 /// Claim(每一项的证件信息)=》ClaimsIdentity(证件)=》ClaimsPrincipal(证件持有者) /// </summary> /// <param name="dto">用户信息数据传输对象</param> /// <returns></returns> public JwtAuthorizationDto Create(IdentityUser dto) { JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); SymmetricSecurityKey key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Jwt:SecurityKey"])); DateTime authTime = DateTime.Now; DateTime expiresAt = authTime.AddMinutes(Convert.ToDouble(_configuration["Jwt:ExpireMinutes"])); //将用户信息添加到 Claim 中,制作身份证 var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme); //自定义添加用户信息 IEnumerable <Claim> claims = new Claim[] { new Claim(ClaimTypes.Name, dto.Name), new Claim(ClaimTypes.Role, dto.RoleId.ToString()), new Claim(ClaimTypes.Email, dto.Password), new Claim(ClaimTypes.Expiration, expiresAt.ToString()) }; //身份证添加信息 identity.AddClaims(claims); var authProperties = new AuthenticationProperties { AllowRefresh = true, ExpiresUtc = DateTime.Now.AddHours(24),//24 }; // 第一步 根据配置信息和用户信息创建一个 token var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), //创建声明信息 Issuer = _configuration["Jwt:Issuer"], //Jwt token 的签发者 Audience = _configuration["Jwt:Audience"], //Jwt token 的接收者 Expires = expiresAt, //过期时间 SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256) //创建 token,使用的hash算法,如:HMAC SHA256或RSA }; var token = tokenHandler.CreateToken(tokenDescriptor); // 第二步 将加密后的用户信息写入到 HttpContext 上下文中, 先签发一个加密后的用户信息凭证,用来标识用户的身份 var principal = new ClaimsPrincipal(identity); _httpContextAccessor.HttpContext.SignInAsync(JwtBearerDefaults.AuthenticationScheme, principal, authProperties); //第三步 将创建好的 token 信息添加到静态的 HashSet<JwtAuthorizationDto> 集合中。 var jwt = new JwtAuthorizationDto { UserId = dto.Id, Token = tokenHandler.WriteToken(token), Auths = new DateTimeOffset(authTime).ToUnixTimeSeconds(), Expires = new DateTimeOffset(expiresAt).ToUnixTimeSeconds(), Success = true }; _tokens.Add(jwt); return(jwt); }
/// <summary> /// Token 创建 /// </summary> /// <param name="dto">用户信息数据传输对象</param> /// <returns></returns> public JwtAuthorizationDto Create(UserDto dto) { JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); SymmetricSecurityKey key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Jwt:SecurityKey"])); DateTime authTime = DateTime.UtcNow; DateTime expiresAt = authTime.AddMinutes(Convert.ToDouble(_configuration["Jwt:ExpireMinutes"])); //将用户信息添加到 Claim 中 var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme); IEnumerable <Claim> claims = new Claim[] { new Claim(ClaimTypes.Name, dto.UserName), new Claim(ClaimTypes.Role, dto.Role.ToString()), new Claim(ClaimTypes.Email, dto.Email), new Claim(ClaimTypes.Expiration, expiresAt.ToString()) }; identity.AddClaims(claims); var authProperties = new AuthenticationProperties { AllowRefresh = true, ExpiresUtc = DateTimeOffset.UtcNow.AddHours(24),//24 }; var principal = new ClaimsPrincipal(identity); //签发一个加密后的用户信息凭证,用来标识用户的身份 _httpContextAccessor.HttpContext.SignInAsync(JwtBearerDefaults.AuthenticationScheme, principal, authProperties); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), //创建声明信息 Issuer = _configuration["Jwt:Issuer"], //Jwt token 的签发者 Audience = _configuration["Jwt:Audience"], //Jwt token 的接收者 Expires = expiresAt, //过期时间 SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256) //创建 token }; var token = tokenHandler.CreateToken(tokenDescriptor); //存储 Token 信息 var jwt = new JwtAuthorizationDto { UserId = dto.Id, Token = tokenHandler.WriteToken(token), Auths = new DateTimeOffset(authTime).ToUnixTimeSeconds(), Expires = new DateTimeOffset(expiresAt).ToUnixTimeSeconds(), Success = true }; _tokens.Add(jwt); return(jwt); }
/// <summary> /// 新增 Token /// </summary> /// <param name="dto">用户信息数据传输对象</param> /// <returns></returns> public JwtAuthorizationDto Create(Base_User dto) { JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); SymmetricSecurityKey key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(ConfigHelper.GetValue("Jwt:SecurityKey"))); DateTime authTime = DateTime.UtcNow; DateTime expiresAt = authTime.AddMinutes(Convert.ToDouble(ConfigHelper.GetValue("Jwt:ExpireMinutes"))); //将用户信息添加到 Claim 中 var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme); IEnumerable <Claim> claims = new Claim[] { new Claim(ClaimTypes.Name, dto.UserName), new Claim("UserId", dto.UserId), new Claim("RealName", dto.RealName), new Claim(ClaimTypes.Role, string.Join(",", dto.Base_UserRoleMaps.Select(c => c.RoleId).ToList())), new Claim(ClaimTypes.Email, dto.Email), new Claim(ClaimTypes.Expiration, expiresAt.ToString()) }; identity.AddClaims(claims); //签发一个加密后的用户信息凭证,用来标识用户的身份 HttpContextCore.Current.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal(identity)); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), //创建声明信息 Issuer = ConfigHelper.GetValue("Jwt:Issuer"), //Jwt token 的签发者 Audience = ConfigHelper.GetValue("Jwt:Audience"), //Jwt token 的接收者 Expires = expiresAt, //过期时间 SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256) //创建 token }; var token = tokenHandler.CreateToken(tokenDescriptor); //存储 Token 信息 var jwt = new JwtAuthorizationDto { UserId = dto.UserId, Token = tokenHandler.WriteToken(token), Auths = new DateTimeOffset(authTime).ToUnixTimeSeconds(), Expires = new DateTimeOffset(expiresAt).ToUnixTimeSeconds(), Success = true }; _tokens.Add(jwt); return(jwt); }
public JwtAuthorizationDto CreateJwtToken(TokenModel tokenModel) { JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); //秘钥 var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtConfig.JWTSecretKey)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); DateTime authTime = DateTime.UtcNow; DateTime expiresAt = authTime; #region 计算jwt有效时间 //过期时间 int exp = 0; switch (tokenModel.TokenType.ToLower()) { case "web": exp = jwtConfig.WebExp; break; case "app": exp = jwtConfig.AppExp; break; case "miniprogram": exp = jwtConfig.MiniProgramExp; break; case "other": exp = jwtConfig.OtherExp; break; } switch (tokenModel.EffectiveTimeType) { case "year": expiresAt = expiresAt.AddYears(exp); break; case "month": expiresAt = expiresAt.AddMonths(exp); break; case "day": expiresAt = expiresAt.AddDays(exp); break; case "hours": expiresAt = expiresAt.AddHours(exp); break; case "min": expiresAt = expiresAt.AddMinutes(exp); break; case "sec": expiresAt = expiresAt.AddSeconds(exp); break; } #endregion //将用户信息添加到 Claim 中 var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme); IEnumerable <Claim> claims = new Claim[] { new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), //用户Id new Claim(ClaimTypes.Role, tokenModel.Role), //身份 new Claim("Project", tokenModel.Project), //项目名称 new Claim(JwtRegisteredClaimNames.Iat, authTime.ToString(), ClaimValueTypes.Integer64), new Claim(ClaimTypes.Expiration, expiresAt.ToString()) //过期时间 }; identity.AddClaims(claims); //签发一个加密后的用户信息凭证,用来标识用户的身份 _httpContextAccessor.HttpContext.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal(identity)); //生成jwt token var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), //创建声明信息 Issuer = jwtConfig.Issuer, //Jwt token 的签发者 Audience = jwtConfig.Audience, //Jwt token 的接收者 Expires = expiresAt, //过期时间 SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256) //创建 token }; var tokenInfo = tokenHandler.CreateToken(tokenDescriptor); string tokenStr = tokenHandler.WriteToken(tokenInfo); //存储 Token 信息 var jwt = new JwtAuthorizationDto { UserId = Guid.NewGuid().ToString(), Token = tokenStr, Auths = new DateTimeOffset(authTime).ToUnixTimeSeconds(), Expires = new DateTimeOffset(expiresAt).ToUnixTimeSeconds(), Success = true }; //写入Redis redisCacheHelper.Set(tokenStr, tokenModel, new DistributedCacheEntryOptions { AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(Convert.ToDouble(jwtConfig.WebExp)) }); return(jwt); }