/// <summary>
/// 获取Token
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public static string GetToken(User user)
{
string issuer = Appsettings.GetJsonString(new string[] { "Audience", "Issuer" }); //获取发布人
string audience = Appsettings.GetJsonString(new string[] { "Audience", "Audience" }); //获取作者
string privateKey = Appsettings.GetJsonString(new string[] { "Audience", "PrivateKey" }); //获取私钥
//创建声明
var claims = new List <Claim> {
new Claim(JwtRegisteredClaimNames.Jti, user.UserAccount),
new Claim(JwtRegisteredClaimNames.Iat, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"),
new Claim(JwtRegisteredClaimNames.Nbf, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"),
//这个就是过期时间,目前是过期1000秒,可自定义,注意JWT有自己的缓冲过期时间
new Claim(JwtRegisteredClaimNames.Exp, $"{new DateTimeOffset(DateTime.Now.AddMinutes(180)).ToUnixTimeSeconds()}"),
new Claim(JwtRegisteredClaimNames.Iss, issuer),
new Claim(JwtRegisteredClaimNames.Aud, audience)
};
//将一个用户的多个角色都加入到声明中
//claims.AddRange(tokenModel.Role.Split(",").Select(x => new Claim(ClaimTypes.Role, x)));
//加载密钥
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(privateKey));
//密钥加入数字签名
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var jwt = new JwtSecurityToken(
issuer: issuer,
claims: claims,
signingCredentials: creds);
var jwtHandler = new JwtSecurityTokenHandler();
var token = jwtHandler.WriteToken(jwt);
return(token);
}
public static void AddDbContextService(this IServiceCollection services)
{
if (services == null)
{
throw new ArgumentNullException(nameof(services));
}
services.AddDbContext <MyContext>(options =>
{
var sqlServerString = Appsettings.GetJsonString(new string[] { "ConnectionStrings", "MySqlConnection" });
options.UseMySQL(sqlServerString, b => b.MigrationsAssembly("MediaHub.Data"));
});
}
public static void AddAuthorizationService(this IServiceCollection services)
{
if (services == null)
{
throw new ArgumentNullException(nameof(services));
}
//读取配置文件
var symmetricKeyAsBase64 = Appsettings.GetJsonString(new string[] { "Audience", "PrivateKey" });
var issuer = Appsettings.GetJsonString(new string[] { "Audience", "Issuer" });
var audience = Appsettings.GetJsonString(new string[] { "Audience", "Audience" });
var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
var signingKey = new SymmetricSecurityKey(keyByteArray);
// 令牌验证参数
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
ValidateIssuer = true,
ValidIssuer = issuer, //发行人
ValidateAudience = true,
ValidAudience = audience, //订阅人
ValidateLifetime = true,
ClockSkew = TimeSpan.FromSeconds(30), //总的有效时间是 JwtRegisteredClaimNames.Exp + ClockSkew,这里是30s+150s
RequireExpirationTime = true,
};
//2.1【认证】、core自带官方JWT认证
// 开启Bearer认证
services.AddAuthentication("Bearer")
// 添加JwtBearer服务
.AddJwtBearer(o =>
{
o.TokenValidationParameters = tokenValidationParameters;
o.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
// 如果过期,则把<是否过期>添加到,返回头信息中
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return(Task.CompletedTask);
}
};
});
}
public static void AddCorsService(this IServiceCollection services)
{
if (services == null)
{
throw new ArgumentNullException(nameof(services));
}
services.AddCors(c =>
{
c.AddPolicy("LimitRequests", policy =>
{
// 支持多个域名端口,注意端口号后不要带/斜杆:比如localhost:8000/,是错的
// 注意,http://127.0.0.1:1818 和 http://localhost:1818 是不一样的,尽量写两个
policy
.WithOrigins(Appsettings.GetJsonString(new string[] { "Cors", "IPs" }).Split(','))
.AllowAnyHeader()//Ensures that the policy allows any header.
.AllowAnyMethod()
.AllowAnyOrigin();
});
});
}