/// <summary> /// 获取Token /// </summary> /// <param name="user"></param> /// <returns></returns> public static string GetToken(User user) { string issuer = Appsettings.GetJsonString(new string[] { "Audience", "Issuer" }); //获取发布人 string audience = Appsettings.GetJsonString(new string[] { "Audience", "Audience" }); //获取作者 string privateKey = Appsettings.GetJsonString(new string[] { "Audience", "PrivateKey" }); //获取私钥 //创建声明 var claims = new List <Claim> { new Claim(JwtRegisteredClaimNames.Jti, user.UserAccount), new Claim(JwtRegisteredClaimNames.Iat, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"), new Claim(JwtRegisteredClaimNames.Nbf, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"), //这个就是过期时间,目前是过期1000秒,可自定义,注意JWT有自己的缓冲过期时间 new Claim(JwtRegisteredClaimNames.Exp, $"{new DateTimeOffset(DateTime.Now.AddMinutes(180)).ToUnixTimeSeconds()}"), new Claim(JwtRegisteredClaimNames.Iss, issuer), new Claim(JwtRegisteredClaimNames.Aud, audience) }; //将一个用户的多个角色都加入到声明中 //claims.AddRange(tokenModel.Role.Split(",").Select(x => new Claim(ClaimTypes.Role, x))); //加载密钥 var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(privateKey)); //密钥加入数字签名 var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var jwt = new JwtSecurityToken( issuer: issuer, claims: claims, signingCredentials: creds); var jwtHandler = new JwtSecurityTokenHandler(); var token = jwtHandler.WriteToken(jwt); return(token); }
public static void AddDbContextService(this IServiceCollection services) { if (services == null) { throw new ArgumentNullException(nameof(services)); } services.AddDbContext <MyContext>(options => { var sqlServerString = Appsettings.GetJsonString(new string[] { "ConnectionStrings", "MySqlConnection" }); options.UseMySQL(sqlServerString, b => b.MigrationsAssembly("MediaHub.Data")); }); }
public static void AddAuthorizationService(this IServiceCollection services) { if (services == null) { throw new ArgumentNullException(nameof(services)); } //读取配置文件 var symmetricKeyAsBase64 = Appsettings.GetJsonString(new string[] { "Audience", "PrivateKey" }); var issuer = Appsettings.GetJsonString(new string[] { "Audience", "Issuer" }); var audience = Appsettings.GetJsonString(new string[] { "Audience", "Audience" }); var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64); var signingKey = new SymmetricSecurityKey(keyByteArray); // 令牌验证参数 var tokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = signingKey, ValidateIssuer = true, ValidIssuer = issuer, //发行人 ValidateAudience = true, ValidAudience = audience, //订阅人 ValidateLifetime = true, ClockSkew = TimeSpan.FromSeconds(30), //总的有效时间是 JwtRegisteredClaimNames.Exp + ClockSkew,这里是30s+150s RequireExpirationTime = true, }; //2.1【认证】、core自带官方JWT认证 // 开启Bearer认证 services.AddAuthentication("Bearer") // 添加JwtBearer服务 .AddJwtBearer(o => { o.TokenValidationParameters = tokenValidationParameters; o.Events = new JwtBearerEvents { OnAuthenticationFailed = context => { // 如果过期,则把<是否过期>添加到,返回头信息中 if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) { context.Response.Headers.Add("Token-Expired", "true"); } return(Task.CompletedTask); } }; }); }
public static void AddCorsService(this IServiceCollection services) { if (services == null) { throw new ArgumentNullException(nameof(services)); } services.AddCors(c => { c.AddPolicy("LimitRequests", policy => { // 支持多个域名端口,注意端口号后不要带/斜杆:比如localhost:8000/,是错的 // 注意,http://127.0.0.1:1818 和 http://localhost:1818 是不一样的,尽量写两个 policy .WithOrigins(Appsettings.GetJsonString(new string[] { "Cors", "IPs" }).Split(',')) .AllowAnyHeader()//Ensures that the policy allows any header. .AllowAnyMethod() .AllowAnyOrigin(); }); }); }