/// <summary> /// 创建一个token字符串,结构为tokenclaims的加密形式 /// </summary> /// <param name="usr">用户名</param> /// <param name="role">用户权限</param> /// <param name="overTime">token超时时间段 秒</param> /// <returns></returns> public static string MakeToken(string iss, string usr, string role, long overTime) { TokenClaims Claim = GetTokenClaims(iss, usr, role, overTime); var token = EncodeToken(Claim); return(token); }
/// <summary> /// 加密token结构为 /// </summary> /// <param name="token"></param> /// <returns></returns> private static string EncodeToken(TokenClaims token) { IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJsonSerializer serializer = new JsonNetSerializer(); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder); var tokenStr = encoder.Encode(token, TokenConfig.JwtKey); return(tokenStr); }
/// <summary> /// 获取token并填充到httpheader中 /// </summary> /// <returns></returns> private void FillTokenToReqHeader() { lock (_syncToken) { string tokencache = CheckCacheToken(); if (tokencache == null) { string tokenStr = MakeToken(); HttpClientSingle.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("auth", tokenStr); TokenClaims claim = TokenCache.SetTokenCache(CacheName, tokenStr); } } }
/// <summary> /// 解密token为token结构 /// </summary> /// <param name="encodetokenStr"></param> /// <returns></returns> public static TokenClaims DecodeToken(string encodetokenStr) { try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); var json = decoder.Decode(encodetokenStr, TokenConfig.JwtKey, verify: true);//token为之前生成的字符串 TokenClaims claim = serializer.Deserialize <TokenClaims>(json); return(claim); } catch (Exception ex) { ToolFactory.LogHelper.Error("解密token发生异常", ex); throw ex; } }
/// <summary> /// 验证客户端发来的token是否有效 /// </summary> /// <param name="header"></param> /// <returns></returns> public static ValidTokenResult ValidClientToken(string tokenStr) { if (string.IsNullOrWhiteSpace(tokenStr)) { return(new ValidTokenResult() { Success = false, Message = "请求的token为空" }); } TokenClaims tcParam = TokenBuilder.DecodeToken(tokenStr); if (tcParam.Iss != Iss) { ToolFactory.LogHelper.Info("token验证失败,token发行者与当前系统不匹配:iss" + tcParam.Iss); return(new ValidTokenResult() { Success = false, Message = "用户权限验证失败,token发行者与当前系统不匹配" }); } if (!ValidTokenAuth(tcParam.Role)) { ToolFactory.LogHelper.Info("token验证失败,用户权限验证失败,角色没有权限调用该接口:role" + tcParam.Role); return(new ValidTokenResult() { Success = false, Message = "用户权限验证失败,角色没有权限调用该接口" }); } if (TokenIsTimeLoss(tcParam.Exp)) { ToolFactory.LogHelper.Info("token验证失败,token过时,token:" + tokenStr); return(new ValidTokenResult() { Success = false, Message = "请求的token过时" }); } else { return(new ValidTokenResult() { Success = true }); } }