/// <summary> /// 中间件执行方法判断是否存在 /// </summary> /// <param name="httpContext"></param> /// <returns></returns> public Task Invoke(HttpContext httpContext) { if (httpContext.Request.Path == "/Login/CustomGetToken") { return(_next(httpContext)); } else { //检测是否包含'Authorization'请求头 if (!httpContext.Request.Headers.ContainsKey("Authorization")) { return(_next(httpContext)); } //解析Authorization的令牌 var tokenHeader = httpContext.Request.Headers["Authorization"].ToString().Replace("Bearer ", ""); if (tokenHeader.Length >= 128) { TokenModelJWT token = JwtHelper.SerializeJwt(tokenHeader); //获取角色授权 var claimList = new List <Claim>(); var claim = new Claim(ClaimTypes.Role, token.Role); claimList.Add(claim); var identity = new ClaimsIdentity(claimList); var principal = new ClaimsPrincipal(identity); httpContext.User = principal; } return(_next(httpContext)); } }
/// <summary> /// 颁发JWT字符串 /// </summary> /// <param name="tokenModel"></param> /// <returns></returns> public static string IssueJWT(TokenModelJWT tokenModel) { var Issuer = Appsettings.app(new string[] { "JwtSettings", "Issuer" }); var Audience = Appsettings.app(new string[] { "JwtSettings", "Audience" }); var SecretKey = Appsettings.app(new string[] { "JwtSettings", "SecretKey" }); var dateTime = DateTime.UtcNow; var jwtSettings = new JwtSettings() { Issuer = Issuer, //Appsettings.app(new string[] { "JwtSettings", "Issuer" }), Audience = Audience, //Appsettings.app(new string[] { "JwtSettings", "Audience" }), SecretKey = SecretKey, //Appsettings.app(new string[] { "JwtSettings", "SecretKey" }), }; //_configuration.Bind("JwtSettings", jwtSettings);//获取配置 //配置默认的Claim var claims = new List <Claim> { new Claim(JwtRegisteredClaimNames.Jti, tokenModel.Uid.ToString()), new Claim(JwtRegisteredClaimNames.Iat, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"), new Claim(JwtRegisteredClaimNames.Nbf, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"), //这个就是过期时间,目前是过期50秒,可自定义,注意JWT有自己的缓冲过期时间 new Claim(JwtRegisteredClaimNames.Exp, $"{new DateTimeOffset(DateTime.Now.AddDays(7)).ToUnixTimeSeconds()}"), new Claim(JwtRegisteredClaimNames.Iss, jwtSettings.Issuer), new Claim(JwtRegisteredClaimNames.Aud, jwtSettings.Audience), //new Claim(ClaimTypes.Role,tokenModel.Role),//为了解决一个用户多个角色(比如:Admin,System),用下边的方法 }; // 可以将一个用户的多个角色全部赋予; // 作者:DX 提供技术支持; claims.AddRange(tokenModel.Role.Split(',').Select(s => new Claim(ClaimTypes.Role, s))); //将未加密的Token进行加密 var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSettings.SecretKey)); //将未加密的Token进行加密 var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);//生成令牌 //创建JwtSecurityToken, var jwt = new JwtSecurityToken ( issuer: jwtSettings.Issuer, claims: claims, signingCredentials: creds ); var jwthandler = new JwtSecurityTokenHandler(); //通过JwtSecurityTokenHandler.WriteToken生成Token var encodedjwt = jwthandler.WriteToken(jwt); return(encodedjwt); }
/// <summary> /// 反序列化jwt /// </summary> /// <param name="jwtstr"></param> /// <returns></returns> public static TokenModelJWT SerializeJwt(string jwtstr) { var jwthandler = new JwtSecurityTokenHandler(); JwtSecurityToken jwtToken = jwthandler.ReadJwtToken(jwtstr); object role = new object(); try { jwtToken.Payload.TryGetValue(ClaimTypes.Role, out role); } catch (Exception e) { Console.WriteLine(e); throw e; } var tm = new TokenModelJWT { Uid = jwtToken.Id.ToGuid(), Role = role != null?role.ToString() : "", }; return(tm); }