/// <summary> /// 此方法用解码字符串token,并返回秘钥的信息对象 /// </summary> /// <param name="token"></param> /// <returns></returns> protected ClaimsPrincipal GetPrincipal(string token) { try { var tokenHandler = new JwtSecurityTokenHandler(); // 创建一个JwtSecurityTokenHandler类,用来后续操作 var jwtToken = tokenHandler.ReadToken(token) as JwtSecurityToken; // 将字符串token解码成token对象 if (jwtToken == null) { return(null); } var validationParameters = new TokenValidationParameters() // 生成验证token的参数 { ValidateIssuer = true, //是否验证Issuer ValidateAudience = true, //是否验证Audience ValidateLifetime = true, //是否验证失效时间 ValidateIssuerSigningKey = true, //是否验证SecurityKey ValidAudience = AppConfigurations.GetSection("JWT:audience"), //Audience ValidIssuer = AppConfigurations.GetSection("JWT:issuer"), //Issuer,这两项和前面签发jwt的设置一致 IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(AppConfigurations.GetSection("JWT:SecurityKey"))) //拿到SecurityKey }; SecurityToken securityToken; // 接受解码后的token对象 return(tokenHandler.ValidateToken(token, validationParameters, out securityToken)); } catch { return(null); } }
/// <summary> /// 获取Token /// </summary> /// <param name="claims"></param> /// <returns></returns> private string CreateAccessToken(IEnumerable <Claim> claims) { var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(AppConfigurations.GetSection("JWT:SecurityKey"))); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var authTime = DateTime.UtcNow; var expiresAt = authTime.AddDays(int.Parse(AppConfigurations.GetSection("JWT:expires"))); var token = new JwtSecurityToken( issuer: AppConfigurations.GetSection("JWT:issuer"), audience: AppConfigurations.GetSection("JWT:audience"), claims: claims, expires: expiresAt, signingCredentials: creds); return(new JwtSecurityTokenHandler().WriteToken(token)); }