/// <summary>
/// Create token method.
/// </summary>
/// <param name="user">UserModel object.</param>
/// <returns>JwtTokenModel.</returns>
public JwtTokenModel CreateToken(UserModel user)
{
try
{
var jwtSecurityToken = GetJwtSecurityToken(user);
var token = new JwtTokenModel
{
AccessToken = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken),
Expiration = jwtSecurityToken.ValidTo.ToLocalTime().Ticks,
RefreshToken = GenerateRefreshToken(),
UserInfo = user,
};
var refreshTokenData = new TokenModel
{
Token = token.RefreshToken,
UserId = user.Id,
};
var cacheEntryOptions = new MemoryCacheEntryOptions().SetAbsoluteExpiration(jwtSecurityToken.ValidTo.ToLocalTime());
this._cache.Set(token.RefreshToken, refreshTokenData, cacheEntryOptions);
return(token);
}
catch (Exception ex)
{
return(null);
}
}
public async Task <ResponseModel> AuthencitateUser(LoginModel model)
{
ResponseModel response = new ResponseModel();
try
{
var password = PasswordSecurityHelper.GetHashedPassword(model.Password);
//
var md = await _context.UserRepository.FirstOrDefaultAsync(m => m.UserName == model.UserName &&
m.Password == password &&
m.IsActive &&
!m.Deleted).ConfigureAwait(false);
if (md != null)
{
UserModel user = new UserModel()
{
Id = md.Id,
UserName = md.UserName,
FullName = string.Empty, // TODO
Email = string.Empty // TODO
};
JwtTokenModel token = _tokenService.CreateToken(user);
response.ResponseStatus = Core.CommonModel.Enums.ResponseStatus.Success;
response.Result = token;
}
}
catch (Exception ex)
{
throw ex;
}
return(response);
}
public static TokenResponseModel GenerateToken(User_Info user, JwtTokenModel jwtToken)
{
TokenResponseModel response = new TokenResponseModel();
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtToken.JwtKey));
var claims = new Claim[]
{
new Claim("UserID", user.Id.ToString()),
new Claim("Account", user.Account),
new Claim("Name", user.Name)
};
var token = new JwtSecurityToken(
issuer: jwtToken.JwtIssuer,
audience: jwtToken.JwtAudience,
claims: claims,
notBefore: DateTime.Now,
expires: DateTime.Now.AddDays(jwtToken.JwtExpireDays),
signingCredentials: new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256)
);
response.access_token = new JwtSecurityTokenHandler().WriteToken(token);
response.type = JwtBearerDefaults.AuthenticationScheme;
response.expires = DateTime.Now.AddDays(jwtToken.JwtExpireDays);
return(response);
}
public async Task <ResponseModel> RefreshToken(TokenModel model)
{
ResponseModel response = new ResponseModel();
try
{
var refreshToken = _tokenService.CheckRefreshToken(model);
if (refreshToken != null)
{
var md = await _context.UserRepository.FirstOrDefaultAsync(m => m.Id == model.UserId &&
m.IsActive &&
!m.Deleted).ConfigureAwait(false);
UserModel user = new UserModel()
{
Id = md.Id,
UserName = md.UserName,
FullName = string.Empty, // TODO
Email = string.Empty // TODO
};
JwtTokenModel token = _tokenService.CreateToken(user);
response.ResponseStatus = Core.CommonModel.Enums.ResponseStatus.Success;
response.Result = token;
}
}
catch (Exception ex)
{
throw ex;
}
return(response);
}
public async Task <ResultMessage> Login(LoginModel model, JwtTokenModel jwtToken)
{
var user = await business.GetUser(model.Account);
if (null != user)
{
if (user.Password != SecretHelper.Md532(model.Password))
{
return(new ResultMessage()
{
Status = "0", Message = "密码错误"
});
}
return(new ResultMessage()
{
Status = "1", Response = JWTHelper.GenerateToken(user, jwtToken)
});
}
else
{
return(new ResultMessage()
{
Status = "0", Message = "用户名错误"
});
}
}
public IActionResult Authenticate([FromBody] OAuthModel login)
{
SmartHttpResult result = new SmartHttpResult();
try
{
var entity = DAL.SmartUser.GetEntityByName(login.UserName);
if (entity != null)
{
var encrypted = EncryptProvider.AESEncrypt(login.PassWord, entity.Salt);
if (entity.PassWord == encrypted)
{
//重新加密
var Saltkey = Guid.NewGuid().ToString("N");
var decrypted = EncryptProvider.AESEncrypt(login.PassWord, Saltkey);
//替换密码与密钥
DAL.SmartUser.utlSmartUserByName(login.UserName, decrypted, Saltkey);
var claims = new Claim[] {
new Claim(ClaimTypes.Name, login.UserName),
new Claim(ClaimTypes.Role, entity.Role)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(setting.SecretKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var tokenModel = new JwtSecurityToken(
setting.Issuer,
setting.Audience,
claims,
DateTime.Now,
DateTime.Now.AddMinutes(setting.TokenExpires),
creds);
var jwtToken = new JwtTokenModel();
jwtToken.Token = new JwtSecurityTokenHandler().WriteToken(tokenModel);
var tokenUser = new TokenUserModel();
tokenUser.UserName = entity.UserName;
tokenUser.Email = entity.Email;
tokenUser.Phone = entity.Phone;
tokenUser.Avatar = entity.Avatar;
jwtToken.User = tokenUser;
result.Set(true, jwtToken);
return(new JsonResult(result));
}
else
{
result.Set(false, "用户密码不正确!");
}
}
else
{
result.Set(false, "用户不存在!");
}
}
catch (Exception err)
{
result.Set(false, err.Message);
}
return(new JsonResult(result));
}
/// <summary>
/// Gets the token subject.
/// </summary>
/// <param name="definition">The definition.</param>
/// <param name="identityName">Name of the identity.</param>
/// <param name="customClaims">The custom claims.</param>
/// <returns>ClaimsIdentity.</returns>
private static ClaimsIdentity GetTokenSubject(JwtTokenModel definition,
string identityName,
IReadOnlyDictionary <string, string> customClaims)
{
var identity = new ClaimsIdentity("Bearer");
identity.AddClaim(new Claim(ClaimTypes.Name, identityName));
identity.AddClaim(new Claim(ClaimTypes.PrimarySid, identityName));
identity.AddClaim(new Claim(TokenInternalClaimNames.tn.ToString(), definition.TokenName));
identity.AddClaim(new Claim(TokenInternalClaimNames.jti.ToString(), Guid.NewGuid().ToString()));
identity.AddClaim(new Claim(TokenInternalClaimNames.exm.ToString(), definition.TokenExpirationInMinutes.ToString(CultureInfo.InvariantCulture)));
identity.AddClaim(new Claim(TokenInternalClaimNames.otu.ToString(), definition.OneTimeUse.ToString().ToLower()));
if (customClaims == null || customClaims.Count <= 0)
{
return(identity);
}
var internals = Enum.GetValues(typeof(TokenInternalClaimNames)).Cast <TokenInternalClaimNames>().Select(v => v.ToString()).ToList();
foreach (var claim in customClaims)
{
if (internals.Contains(claim.Key))
{
continue;
}
identity.AddClaim(new Claim(claim.Key, claim.Value));
}
return(identity);
}
public async Task <object> GetJwtStr(string name, string pass)
{
string jwtStr = string.Empty;
bool suc = false;
var userRole = await _sysUserInfoServices.GetUserRoleNameStr(name, pass);
if (userRole != null)
{
JwtTokenModel tokenModel = new JwtTokenModel {
Uid = 1, Role = userRole
};
jwtStr = JwtHelper.IssueJwt(tokenModel);
suc = true;
}
else
{
jwtStr = "login fail";
}
return(Ok(new
{
success = suc,
token = jwtStr
}));
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
var jwtTokenModel = new JwtTokenModel();
Configuration.GetSection("JwtToken").Bind(jwtTokenModel);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = jwtTokenModel.Issuer,
ValidAudience = jwtTokenModel.Audience,
ValidateLifetime = true,
ValidateIssuer = true,
ValidateAudience = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtTokenModel.Key))
};
});
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
// In production, the React files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/build";
});
services.AddHttpClient();
// sms
services.AddScoped <Functions>();
services.AddScoped <RequestProvider>();
services.AddScoped <SmsService>();
services.Configure <Key>(config => Configuration.GetSection("WhiteSMSConfig").Bind(config));
// jwtToken
services.AddScoped <JwtTokenGenerator>();
services.Configure <JwtTokenModel>(config => Configuration.GetSection("JwtToken").Bind(config));
// dbContext
services.AddDbContext <AppDbContext>(options =>
{
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"));
});
services.AddScoped <UserRepository>();
}
public async Task <ActionResult <JwtTokenModel> > RefreshToken([FromBody] JwtTokenModel model) => await Execute(async operation =>
{
if (!ModelState.IsValid)
{
throw CommonExceptions.NoAuthenticationData(operation);
}
var token = await authenticationService.RefreshToken(operation, model.AccessToken, model.RefreshToken);
return(token.GetJwtTokenModel());
});
public void SetToken(UserModel userModel)
{
var jwtTokenModel = new JwtTokenModel
{
AccessToken = GetToken(userModel),
RefreshToken = GenerateRefreshToken()
};
SetCookieTokenResponse(jwtTokenModel);
}
public IActionResult GetJwtToken3(DTO_UserInfo userInfo)
{
var data = _EFCoreService.GetByCountPwd(userInfo.UserName, userInfo.PassWord);
//var userInfo = _EFCoreService.
if (data != null)
{
#region 写死测试
//这一部分写死了,应该从数据库取
//var list = new List<JwtUserRoleInfo>();
//var jwtUserRole = new JwtUserRoleInfo();
//jwtUserRole.Role = "admin";
//jwtUserRole.Url = "/Manager/GetUserInfos";
//list.Add(jwtUserRole);
//list.Add(new JwtUserRoleInfo
//{
// Role = "admin",
// Url = "/Manager/GetUserInfoByQueryInfo"
//});
//list.Add(
// new JwtUserRoleInfo {
// Role = "admin",
// Url = "/Manager/AddUserInfo"
// }
//);
#endregion
//从数据库获取 角色和api
_jwtRequirement.jwtUserRoleInofs = _EFCoreService.GetAllRoleMenu();
var roles = _EFCoreService.GetRoleInfos(data.UserId);
var jwtTokenModle = new JwtTokenModel();
jwtTokenModle.Uid = data.UserId;
jwtTokenModle.Roles = roles;
var token = JwtHelper.IssueJwt(jwtTokenModle);
//记录登录日志
LogHelper.Info($"{("用户" + data.Name + "于" + System.DateTime.Now + "登录成功")}");
return(new JsonResult(new Result {
Data = token, Msg = "获取Token成功", Status = 200
}));
}
else
{
//记录登录日志
LogHelper.Info($"{("账号" + userInfo.UserName + "于" + System.DateTime.Now + "登录失败")}");
return(new JsonResult(new Result {
Data = null, Msg = "获取Token失败", Status = 204
}));
}
}
public JwtTokenModel RefreshToken(JwtTokenModel refreshTokenModel)
{
var principal = GetPrincipalFromExpiredToken(refreshTokenModel.AccessToken);
var jwtToken = new JwtTokenModel
{
AccessToken = GenerateJwtTokenWithClaims(principal.Claims),
RefreshToken = GenerateRefreshToken()
};
SetCookieTokenResponse(jwtToken);
return(jwtToken);
}
public JsonResult GetJWTStr(long id = 1, string sub = "Admin")
{
//这里就是用户登陆以后,通过数据库去调取数据,分配权限的操作
var tokenModel = new JwtTokenModel();
tokenModel.Uid = id;
tokenModel.Role = sub;
string jwtStr = JwtHelper.IssueJWT(tokenModel);
return(Json(jwtStr));
}
// GET: Authentication/GenerateJwtToken
public IActionResult GenerateJwtToken()
{
try
{
var jwtTokenModel = new JwtTokenModel(HttpContext);
return(View(jwtTokenModel));
}
catch (Exception e)
{
_log4Net.Error(string.Format("{0}, {1}", e.Message, e.StackTrace), e);
return(NotFound(e));
}
}
/// <summary>
/// 登陆
/// </summary>
/// <param name="userInfo"></param>
public static void Login(JwtTokenModel userInfo)
{
string userLoginId = Guid.NewGuid().ToString();
//往客户端写入Cookie
HttpContextCore.Current.Response.Cookies.Append(GlobalSettings.LyAdminOptions.DefaultAppKeys.CurrentUser, userLoginId, new CookieOptions()
{
HttpOnly = true
});
HttpContextCore.Current.Response.Cookies.Append("text", "12345", new CookieOptions {
Expires = DateTime.MaxValue, HttpOnly = true
});
//把登陆用户保存到缓存中
CacheHelper.Cache.SetCache(userLoginId, userInfo, TimeSpan.FromMinutes(30), ExpireTypeEnum.Relative);
}
/// <summary>
/// создание и возврат Jwt токенов
/// </summary>
/// <param name="user">почта пользователя</param>
/// <returns>токены доступа</returns>
public async Task <JwtTokenModel> CreateJwtTokens(ApplicationUser user)
{
//создание клеймов по почте пользователя
var claims = await CreateAuthClime(user);
//генерация токенов
var tokens = new JwtTokenModel(GenerateAccessToken(claims), GenerateRefreshToken());
if (user.Name != "guest")
{
user.SetRefreshToken(tokens.RefreshToken);
await _userManager.UpdateAsync(user);
}
return(tokens);
}
public JwtTokenModel CreateJwtToken(LoginServiceModel model)
{
var identity = GetIdentity(model).GetAwaiter().GetResult();
if (identity == null)
{
return(null);
}
var encodedJwt = GenerateToken(identity);
var token = new JwtTokenModel
{
AccessToken = encodedJwt,
UserName = identity.Name
};
return(token);
}
public async Task <IActionResult> Login([FromBody] LoginModel model)
{
if (!ModelState.IsValid)
{
return(ModelStateExtend.ToActionResultFirst(ModelState));
}
var jwtToken = new JwtTokenModel()
{
JwtKey = configuration.GetSection("Jwt")["JwtKey"],
JwtIssuer = configuration.GetSection("Jwt")["JwtIssuer"],
JwtAudience = configuration.GetSection("Jwt")["JwtAudience"],
JwtExpireDays = double.Parse(configuration.GetSection("Jwt")["JwtExpireDays"])
};
var result = await busines.Login(model, jwtToken);
return(ModelStateExtend.ToActionResult(result));
}
public async Task <IActionResult> GetJwt(DTO_UserInfo userInfo)
{
var data = await _userInfoService.QueryByWhereAsync(o => o.Name == userInfo.UserName && o.Pwd == userInfo.PassWord);
if (data != null)
{
//获取角色ID
var userRole = await _userRoleService.QueryByWhereAsync(o => o.UserId == data.UserId);
var roleIds = userRole.RoleId.Split(',').ToList();
StringBuilder sb = new StringBuilder();
foreach (var item in roleIds)
{
var role = await _roleInfoService.QueryById(item);
sb.Append(role.Role);
sb.Append(",");
}
var roles = sb.ToString().TrimEnd(',');
//从数据库获取 角色和api
_jwtRequirement.jwtUserRoleInofs = _EFCoreService.GetAllRoleMenu();
var jwtTokenModle = new JwtTokenModel();
jwtTokenModle.Uid = data.UserId;
jwtTokenModle.Roles = roles;
var token = JwtHelper.IssueJwt(jwtTokenModle);
//记录登录日志
LogHelper.Info($"{("用户" + data.Name + "于" + System.DateTime.Now + "登录成功")}");
return(new JsonResult(new Result {
Data = token, Msg = "获取Token成功", Status = 200
}));
}
else
{
//记录登录日志
LogHelper.Info($"{("账号" + userInfo.UserName + "于" + System.DateTime.Now + "登录失败")}");
return(new JsonResult(new Result {
Data = null, Msg = "获取Token失败", Status = 204
}));
}
}
// Post Authentication/GenerateJwtToken
public IActionResult GenerateJwtToken([Bind("UserName, Key, Expires")] JwtTokenModel model)
{
try
{
if (ModelState.IsValid)
{
model = model.GenerateJwtToken();
Configuration.SetAppSettingValue("JwtTokenUserName", model.UserName);
Configuration.SetAppSettingValue("JwtStringToken", model.JwtStringToken);
}
return(View(model));
}
catch (Exception e)
{
_log4Net.Error(string.Format("{0}, {1}", e.Message, e.StackTrace), e);
return(NotFound(e));
}
}
public async Task <ResponseModel> AccessToken([FromBody] LoginModel model)
{
// 实际开发时请使用登录服务类通过数据库验证用户名密码的正确性,并取得相应的权限,此处为案例
var user = await _loginServices.GetUser(model.UserCode, model.Password);
if (user.UserId > 0)
{
JwtTokenModel tokenModel = new JwtTokenModel();
tokenModel.Uid = user.UserId;
tokenModel.Name = user.UserName;
tokenModel.Role = user.RoleIds;
_ResponseModel.Data = JwtHelper.IssueJwt(tokenModel);
}
else
{
_ResponseModel.Code = ResponseCode.Error;
_ResponseModel.Message = MessageModel.IncorrectLogin;
}
return(_ResponseModel);
}
private JwtTokenModel GiveJWTToken(string email, string role)
{
var now = DateTime.UtcNow;
var jwt = new JwtSecurityToken(
issuer: _authOptions.Issuer,
audience: _authOptions.Audience,
notBefore: now,
claims: GetClaims(role),
expires: now.Add(TimeSpan.FromMinutes(_authOptions.LifeTime)),
signingCredentials: new SigningCredentials(AuthOptions.GetSymmetricSecurityKey(_authOptions.SecretKey), SecurityAlgorithms.HmacSha256));
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
var response = new JwtTokenModel
{
access_token = encodedJwt,
email = email,
};
return(response);
}
public async Task <ApplicationActionResult <AuthResult> > Refresh(JwtTokenModel authToken)
{
AuthResult refreshResult = new AuthResult();
string userLogin = _tokenHelper.GetUserNameFromExpiredToken(authToken.AccessToken);
ApplicationUser user = await _userManager.FindByNameAsync(userLogin);
//Validate refresh token
if (user.RefreshToken != authToken.RefreshToken)
{
refreshResult.InvalidRefreshToken();
return(new ApplicationActionResult <AuthResult>(refreshResult, (int)Core.Constants.ActionStatuses.Fail, ""));
}
//create access and refresh token
var token = await _tokenHelper.CreateJwtTokens(user);
//save user refresh token in database
user.SetRefreshToken(token.RefreshToken);
await _userManager.UpdateAsync(user);
refreshResult.SuccessAuth(token);
return(new ApplicationActionResult <AuthResult>(refreshResult, (int)Core.Constants.ActionStatuses.Success, ""));
}
public ActionResult GetJwtStr(string name, string pass)
{
string jwtStr;
bool suc;
// 获取用户的角色名,请暂时忽略其内部是如何获取的,可以直接用 var userRole="Admin"; 来代替更好理解。
//var userRole = await _sysUserInfoServices.GetUserRoleNameStr(name, pass);
if (true)
{
// 将用户id和角色名,作为单独的自定义变量封装进 token 字符串中。
JwtTokenModel tokenModel = new JwtTokenModel {
Uid = 1, Role = "Admin"
};
jwtStr = JwtHelper.IssueJwt(tokenModel);//登录,获取到一定规则的 Token 令牌
suc = true;
}
return(Ok(new
{
success = suc,
token = jwtStr
}));
}
public async Task <ResponseModel> RefreshToken(string token = "")
{
string jwtStr = string.Empty;
if (string.IsNullOrEmpty(token))
{
_ResponseModel.Code = ResponseCode.Error;
_ResponseModel.Message = MessageModel.InvalidToken;
return(_ResponseModel);
}
var oldTokenModel = JwtHelper.SerializeJwt(token);
if (oldTokenModel != null)
{
var user = await _loginServices.GetUser(oldTokenModel.Uid.ToString());
if (user != null)
{
JwtTokenModel tokenModel = new JwtTokenModel();
tokenModel.Uid = user.UserId;
tokenModel.Name = user.UserName;
tokenModel.Role = user.RoleIds;
_ResponseModel.Data = JwtHelper.IssueJwt(tokenModel);
return(_ResponseModel);
}
else
{
_ResponseModel.Code = ResponseCode.Error;
_ResponseModel.Message = MessageModel.InvalidToken;
return(_ResponseModel);
}
}
else
{
_ResponseModel.Code = ResponseCode.Error;
_ResponseModel.Message = MessageModel.InvalidToken;
return(_ResponseModel);
}
}
public Task Invoke(HttpContext httpContext)
{
PreProceed(httpContext);
// 检测是否包含"Authorization"请求头
if (!httpContext.Request.Headers.ContainsKey("Authorization"))
{
PostProceed(httpContext);
return(_next(httpContext));
}
var tokenHeader = httpContext.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");
try
{
if (tokenHeader.Length >= 128)
{
System.Console.WriteLine($"{System.DateTime.Now} token :{tokenHeader}");
JwtTokenModel tokenModel = JwtHelper.SerializeJwt(tokenHeader);
// 授权
var claimList = new System.Collections.Generic.List <System.Security.Claims.Claim>();
var claim = new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Role, tokenModel.Role);
claimList.Add(claim);
var identity = new System.Security.Claims.ClaimsIdentity(claimList);
var principal = new System.Security.Claims.ClaimsPrincipal(identity);
httpContext.User = principal;
}
}
catch (System.Exception ex)
{
System.Console.WriteLine($"{System.DateTime.Now} middleware wrong:{ex.Message}");
throw ex;
}
PostProceed(httpContext);
return(_next(httpContext));
}
public async Task <ApplicationActionResult <AuthResult> > Login(AuthModel authModel)
{
AuthResult authResult = new AuthResult();
var user = await _userManager.FindByNameAsync(authModel.Login);
if (user == null)
{
authResult.InvalidLogin();
return(new ApplicationActionResult <AuthResult>(authResult, (int)Core.Constants.ActionStatuses.Fail, ""));
}
var checkPasswordResult = await _userManager.CheckPasswordAsync(user, authModel.Password);
if (!checkPasswordResult)
{
authResult.InvalidPassword();
return(new ApplicationActionResult <AuthResult>(authResult, (int)Core.Constants.ActionStatuses.Fail, ""));
}
JwtTokenModel token = await _tokenHelper.CreateJwtTokens(user);
authResult.SuccessAuth(token);
return(new ApplicationActionResult <AuthResult>(authResult, (int)Core.Constants.ActionStatuses.Success, ""));
}
public IActionResult GoToBooks(JwtTokenModel jwtToken)
{
return(View("GoToBooks", jwtToken));
}
private void SetCookieTokenResponse(JwtTokenModel jwtToken)
{
_httpContextAccessor.HttpContext.Response.Cookies.Append(ACCESS_TOKEN_NAME, jwtToken.AccessToken);
_httpContextAccessor.HttpContext.Response.Cookies.Append(REFRESH_TOKEN_NAME, jwtToken.RefreshToken);
}