/// <summary>
/// Token 创建
/// Claim(每一项的证件信息)=》ClaimsIdentity(证件)=》ClaimsPrincipal(证件持有者)
/// </summary>
/// <param name="dto">用户信息数据传输对象</param>
/// <returns></returns>
public JwtAuthorizationDto Create(IdentityUser dto)
{
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
SymmetricSecurityKey key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Jwt:SecurityKey"]));
DateTime authTime = DateTime.Now;
DateTime expiresAt = authTime.AddMinutes(Convert.ToDouble(_configuration["Jwt:ExpireMinutes"]));
//将用户信息添加到 Claim 中,制作身份证
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
//自定义添加用户信息
IEnumerable <Claim> claims = new Claim[] {
new Claim(ClaimTypes.Name, dto.Name),
new Claim(ClaimTypes.Role, dto.RoleId.ToString()),
new Claim(ClaimTypes.Email, dto.Password),
new Claim(ClaimTypes.Expiration, expiresAt.ToString())
};
//身份证添加信息
identity.AddClaims(claims);
var authProperties = new AuthenticationProperties
{
AllowRefresh = true,
ExpiresUtc = DateTime.Now.AddHours(24),//24
};
// 第一步 根据配置信息和用户信息创建一个 token
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims), //创建声明信息
Issuer = _configuration["Jwt:Issuer"], //Jwt token 的签发者
Audience = _configuration["Jwt:Audience"], //Jwt token 的接收者
Expires = expiresAt, //过期时间
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256) //创建 token,使用的hash算法,如:HMAC SHA256或RSA
};
var token = tokenHandler.CreateToken(tokenDescriptor);
// 第二步 将加密后的用户信息写入到 HttpContext 上下文中, 先签发一个加密后的用户信息凭证,用来标识用户的身份
var principal = new ClaimsPrincipal(identity);
_httpContextAccessor.HttpContext.SignInAsync(JwtBearerDefaults.AuthenticationScheme, principal, authProperties);
//第三步 将创建好的 token 信息添加到静态的 HashSet<JwtAuthorizationDto> 集合中。
var jwt = new JwtAuthorizationDto
{
UserId = dto.Id,
Token = tokenHandler.WriteToken(token),
Auths = new DateTimeOffset(authTime).ToUnixTimeSeconds(),
Expires = new DateTimeOffset(expiresAt).ToUnixTimeSeconds(),
Success = true
};
_tokens.Add(jwt);
return(jwt);
}
/// <summary>
/// Token 创建
/// </summary>
/// <param name="dto">用户信息数据传输对象</param>
/// <returns></returns>
public JwtAuthorizationDto Create(UserDto dto)
{
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
SymmetricSecurityKey key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Jwt:SecurityKey"]));
DateTime authTime = DateTime.UtcNow;
DateTime expiresAt = authTime.AddMinutes(Convert.ToDouble(_configuration["Jwt:ExpireMinutes"]));
//将用户信息添加到 Claim 中
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
IEnumerable <Claim> claims = new Claim[] {
new Claim(ClaimTypes.Name, dto.UserName),
new Claim(ClaimTypes.Role, dto.Role.ToString()),
new Claim(ClaimTypes.Email, dto.Email),
new Claim(ClaimTypes.Expiration, expiresAt.ToString())
};
identity.AddClaims(claims);
var authProperties = new AuthenticationProperties
{
AllowRefresh = true,
ExpiresUtc = DateTimeOffset.UtcNow.AddHours(24),//24
};
var principal = new ClaimsPrincipal(identity);
//签发一个加密后的用户信息凭证,用来标识用户的身份
_httpContextAccessor.HttpContext.SignInAsync(JwtBearerDefaults.AuthenticationScheme, principal, authProperties);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims), //创建声明信息
Issuer = _configuration["Jwt:Issuer"], //Jwt token 的签发者
Audience = _configuration["Jwt:Audience"], //Jwt token 的接收者
Expires = expiresAt, //过期时间
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256) //创建 token
};
var token = tokenHandler.CreateToken(tokenDescriptor);
//存储 Token 信息
var jwt = new JwtAuthorizationDto
{
UserId = dto.Id,
Token = tokenHandler.WriteToken(token),
Auths = new DateTimeOffset(authTime).ToUnixTimeSeconds(),
Expires = new DateTimeOffset(expiresAt).ToUnixTimeSeconds(),
Success = true
};
_tokens.Add(jwt);
return(jwt);
}
/// <summary>
/// 新增 Token
/// </summary>
/// <param name="dto">用户信息数据传输对象</param>
/// <returns></returns>
public JwtAuthorizationDto Create(Base_User dto)
{
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
SymmetricSecurityKey key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(ConfigHelper.GetValue("Jwt:SecurityKey")));
DateTime authTime = DateTime.UtcNow;
DateTime expiresAt = authTime.AddMinutes(Convert.ToDouble(ConfigHelper.GetValue("Jwt:ExpireMinutes")));
//将用户信息添加到 Claim 中
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
IEnumerable <Claim> claims = new Claim[] {
new Claim(ClaimTypes.Name, dto.UserName),
new Claim("UserId", dto.UserId),
new Claim("RealName", dto.RealName),
new Claim(ClaimTypes.Role, string.Join(",", dto.Base_UserRoleMaps.Select(c => c.RoleId).ToList())),
new Claim(ClaimTypes.Email, dto.Email),
new Claim(ClaimTypes.Expiration, expiresAt.ToString())
};
identity.AddClaims(claims);
//签发一个加密后的用户信息凭证,用来标识用户的身份
HttpContextCore.Current.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal(identity));
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims), //创建声明信息
Issuer = ConfigHelper.GetValue("Jwt:Issuer"), //Jwt token 的签发者
Audience = ConfigHelper.GetValue("Jwt:Audience"), //Jwt token 的接收者
Expires = expiresAt, //过期时间
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256) //创建 token
};
var token = tokenHandler.CreateToken(tokenDescriptor);
//存储 Token 信息
var jwt = new JwtAuthorizationDto
{
UserId = dto.UserId,
Token = tokenHandler.WriteToken(token),
Auths = new DateTimeOffset(authTime).ToUnixTimeSeconds(),
Expires = new DateTimeOffset(expiresAt).ToUnixTimeSeconds(),
Success = true
};
_tokens.Add(jwt);
return(jwt);
}
public JwtAuthorizationDto CreateJwtToken(TokenModel tokenModel)
{
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
//秘钥
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtConfig.JWTSecretKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
DateTime authTime = DateTime.UtcNow;
DateTime expiresAt = authTime;
#region 计算jwt有效时间
//过期时间
int exp = 0;
switch (tokenModel.TokenType.ToLower())
{
case "web":
exp = jwtConfig.WebExp;
break;
case "app":
exp = jwtConfig.AppExp;
break;
case "miniprogram":
exp = jwtConfig.MiniProgramExp;
break;
case "other":
exp = jwtConfig.OtherExp;
break;
}
switch (tokenModel.EffectiveTimeType)
{
case "year":
expiresAt = expiresAt.AddYears(exp);
break;
case "month":
expiresAt = expiresAt.AddMonths(exp);
break;
case "day":
expiresAt = expiresAt.AddDays(exp);
break;
case "hours":
expiresAt = expiresAt.AddHours(exp);
break;
case "min":
expiresAt = expiresAt.AddMinutes(exp);
break;
case "sec":
expiresAt = expiresAt.AddSeconds(exp);
break;
}
#endregion
//将用户信息添加到 Claim 中
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
IEnumerable <Claim> claims = new Claim[] {
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), //用户Id
new Claim(ClaimTypes.Role, tokenModel.Role), //身份
new Claim("Project", tokenModel.Project), //项目名称
new Claim(JwtRegisteredClaimNames.Iat, authTime.ToString(), ClaimValueTypes.Integer64),
new Claim(ClaimTypes.Expiration, expiresAt.ToString()) //过期时间
};
identity.AddClaims(claims);
//签发一个加密后的用户信息凭证,用来标识用户的身份
_httpContextAccessor.HttpContext.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal(identity));
//生成jwt token
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims), //创建声明信息
Issuer = jwtConfig.Issuer, //Jwt token 的签发者
Audience = jwtConfig.Audience, //Jwt token 的接收者
Expires = expiresAt, //过期时间
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256) //创建 token
};
var tokenInfo = tokenHandler.CreateToken(tokenDescriptor);
string tokenStr = tokenHandler.WriteToken(tokenInfo);
//存储 Token 信息
var jwt = new JwtAuthorizationDto
{
UserId = Guid.NewGuid().ToString(),
Token = tokenStr,
Auths = new DateTimeOffset(authTime).ToUnixTimeSeconds(),
Expires = new DateTimeOffset(expiresAt).ToUnixTimeSeconds(),
Success = true
};
//写入Redis
redisCacheHelper.Set(tokenStr, tokenModel, new DistributedCacheEntryOptions
{
AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(Convert.ToDouble(jwtConfig.WebExp))
});
return(jwt);
}
