예제 #1
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="httpContext"></param>
        /// <returns></returns>
        public Task Invoke(HttpContext httpContext)
        {
            var headers = httpContext.Request.Headers;

            //检测是否包含'Authorization'请求头,如果不包含返回context进行下一个中间件,用于访问不需要认证的API
            if (!headers.ContainsKey("Authorization"))
            {
                return(_next(httpContext));
            }

            var tokenStr = headers["Authorization"];

            try
            {
                string jwtStr = tokenStr.ToString().Trim();

                //如何存在Authorization,但是和缓存的不一样,那就是被篡改了
                if (!RayPIMemoryCache.Exists(jwtStr))
                {
                    return(httpContext.Response.WriteAsync("非法请求"));
                }

                TokenModel tm = ((TokenModel)RayPIMemoryCache.Get(jwtStr));

                //提取tokenModel中的Sub属性进行authorize认证
                List <Claim> lc = new List <Claim>();
                Claim        c  = new Claim(tm.Sub + "Type", tm.Sub);
                lc.Add(c);

                ClaimsIdentity  identity  = new ClaimsIdentity(lc);
                ClaimsPrincipal principal = new ClaimsPrincipal(identity);
                httpContext.User = principal;

                return(_next(httpContext));
            }
            catch (Exception)
            {
                return(httpContext.Response.WriteAsync("token验证异常"));
            }
        }
예제 #2
0
        /// <summary>
        /// 获取JWT字符串并存入缓存
        /// </summary>
        /// <param name="tm"></param>
        /// <param name="expireSliding"></param>
        /// <param name="expireAbsoulte"></param>
        /// <returns></returns>
        public static string IssueJWT(TokenModel tokenModel, TimeSpan expiresSliding, TimeSpan expiresAbsoulte)
        {
            DateTime UTC = DateTime.UtcNow;

            Claim[] claims = new Claim[]
            {
                new Claim(JwtRegisteredClaimNames.Sub, tokenModel.Sub),                            //Subject,
                new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),                 //JWT ID,JWT的唯一标识
                new Claim(JwtRegisteredClaimNames.Iat, UTC.ToString(), ClaimValueTypes.Integer64), //Issued At,JWT颁发的时间,采用标准unix时间,用于验证过期
            };

            JwtSecurityToken jwt = new JwtSecurityToken(
                issuer: "Blog.Core",        //jwt签发者,非必须,自定义
                audience: tokenModel.Uname, //jwt的接收该方,非必须
                claims: claims,             //声明集合
                expires: UTC.AddHours(12),  //指定token的生命周期,unix时间戳格式,非必须
                signingCredentials: new Microsoft.IdentityModel.Tokens
                .SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes("Blog.Core's Secret Key")), SecurityAlgorithms.HmacSha256));

            var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);

            RayPIMemoryCache.AddMemoryCache(encodedJwt, tokenModel, expiresSliding, expiresAbsoulte);//将JWT字符串,令牌实体,存入缓存
            return(encodedJwt);
        }