/// <summary>
/// 注入jwt
/// </summary>
/// <param name="services"></param>
public static void AddJwtService(this IServiceCollection services)
{
if (services == null)
{
throw new ArgumentNullException(nameof(services));
}
services.Configure <JwtConfig>(AppSetting.GetSection("Audience"));
JwtConfig jwtConfig = new JwtConfig();
AppSetting.BindSection("Audience", jwtConfig);
var keyByteArray = Encoding.ASCII.GetBytes(jwtConfig.IssuerSigningKey);
var signingKey = new SymmetricSecurityKey(keyByteArray);
services.AddAuthentication(o =>
{
//添加JWT Scheme
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = ClaimTypes.Name,
//是否验证SecurityKey
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
ValidateIssuer = true,
ValidIssuer = jwtConfig.Issuer, //发行人
ValidateAudience = true,
ValidAudience = jwtConfig.Audience, //订阅人
// 验证失效时间
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(jwtConfig.RefreshTokenExpiresMinutes),
RequireExpirationTime = true,
};
options.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
var token = context.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");
var jwtToken = (new JwtSecurityTokenHandler()).ReadJwtToken(token);
if (jwtToken.Issuer != jwtConfig.Issuer)
{
context.Response.Headers.Add("Token-Error-Iss", "issuer is wrong!");
}
if (jwtToken.Audiences.FirstOrDefault() != jwtConfig.Audience)
{
context.Response.Headers.Add("Token-Error-Aud", "Audience is wrong!");
}
// 如果过期,则把<是否过期>添加到,返回头信息中
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return(Task.CompletedTask);
}
};
});
}
