Пример #1
0
        /// <summary>
        /// 验证授权
        /// </summary>
        /// <param name="httpContext"></param>
        /// <returns></returns>
        public Task Invoke(HttpContext httpContext)
        {
            var headers = httpContext.Request.Headers;

            //检测是否包含'Authorization'请求头,如果不包含返回context进行下一个中间件,用于访问不需要认证的API
            if (!headers.ContainsKey("Authorization"))
            {
                return(_next(httpContext));
            }
            var tokenStr = headers["Authorization"];

            try
            {
                string jwtStr = tokenStr.ToString().Substring("Bearer ".Length).Trim();
                //验证缓存中是否存在该jwt字符串
                if (!RayPIMemoryCache.Exists(jwtStr))
                {
                    return(httpContext.Response.WriteAsync("非法请求"));
                }
                TokenModel tm = ((TokenModel)RayPIMemoryCache.Get(jwtStr));
                //提取tokenModel中的Sub属性进行authorize认证
                List <Claim> lc = new List <Claim>();
                Claim        c  = new Claim(tm.Sub + "Type", tm.Sub);
                lc.Add(c);
                ClaimsIdentity  identity  = new ClaimsIdentity(lc);
                ClaimsPrincipal principal = new ClaimsPrincipal(identity);
                httpContext.User = principal;
                return(_next(httpContext));
            }
            catch (Exception)
            {
                return(httpContext.Response.WriteAsync("token验证异常"));
            }
        }
Пример #2
0
        /// <summary>
        /// 获取JWT字符串并存入缓存
        /// </summary>
        /// <param name="tm"></param>
        /// <param name="expireSliding"></param>
        /// <param name="expireAbsoulte"></param>
        /// <returns></returns>
        public static string IssueJWT(TokenModel tokenModel, TimeSpan expiresSliding, TimeSpan expiresAbsoulte)
        {
            DateTime UTC = DateTime.UtcNow;

            Claim[] claims = new Claim[]
            {
                new Claim(JwtRegisteredClaimNames.Sub, tokenModel.Sub),                            //Subject,
                new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),                 //JWT ID,JWT的唯一标识
                new Claim(JwtRegisteredClaimNames.Iat, UTC.ToString(), ClaimValueTypes.Integer64), //Issued At,JWT颁发的时间,采用标准unix时间,用于验证过期
            };

            JwtSecurityToken jwt = new JwtSecurityToken(
                issuer: "RayPI",                                                                                                              //jwt签发者,非必须
                audience: tokenModel.Uname,                                                                                                   //jwt的接收该方,非必须
                claims: claims,                                                                                                               //声明集合
                expires: UTC.AddHours(12),                                                                                                    //指定token的生命周期,unix时间戳格式,非必须
                signingCredentials: new Microsoft.IdentityModel.Tokens
                .SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes("RayPI's Secret Key")), SecurityAlgorithms.HmacSha256)); //使用私钥进行签名加密

            var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);                                                                   //生成最后的JWT字符串

            RayPIMemoryCache.AddMemoryCache(encodedJwt, tokenModel, expiresSliding, expiresAbsoulte);                                         //将JWT字符串和tokenModel作为key和value存入缓存
            return(encodedJwt);
        }