ASP.NET Core 简单集成签发 JWT (JSON Web Tokens)
什么是 JWT ?
从 https://jwt.io/ 可以了解到对 JWT 的描述:JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
JWT 是一个开放的,RFC 7519 工业标准方法,用来在两个部分之间表示安全声明。
下面来看一个 JWT 的例子:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1laWRlbnRpZmllciI6IjEyMjAiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoi55So5oi3NTk4OCIsImlzcyI6IkhaRyIsImF1ZCI6IkhaRyJ9.ipS3XPIF6QFm98olSaQzdqQ5vVrIR-_ACgaBFt0AFCg 上面是一个 JWT。可以看到,整体被两个点分为三部分,依次为 header,payload,加密部分。 header 部分: base64 编码,这部分可以通过 base64 解码得到,示例中的解码后为:{
"alg": "HS256",
"typ": "JWT"
}
其中,alg 表示服务端加密所用的算法,typ 表示 token 为 JWT
payload 部分代表附加的信息,可以传递一些用户信息等,也是 base 64 编码,示例中解析后为 :
{
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "1220",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "用户5988",
"iss": "HZG",
"aud": "HZG"
}
都是一些声明,可以在生成 JWT 的时候声明。
第三部分是加密部分,也就是使用 header 中的算法,把 header 和 payload 部分加密,用来验证传递的信息是否被修改。
如何在 ASP.NET Core 中集成 JWT?
首先我们需要考虑的是要实现什么功能?我们这里只是实现了简单的 JWT 签发功能,不做过多讨论
- 生成 token
IJwtService.cs
using System.Threading.Tasks; namespace JWTSample.Jwt; ////// Jwt 功能接口 /// public interface IJwtService { // 生成 JWT token string GetnerateJWTToken(UserDto userDto); }
JwtService.cs
using System; using System.Linq; using System.IdentityModel.Tokens.Jwt; using System.Text; using System.Security.Claims; using Microsoft.IdentityModel.Tokens; using Microsoft.Extensions.Configuration; using Microsoft.AspNetCore.Http; namespace JWTSample.Jwt; ////// JWT 功能类 /// public class JwtService : IJwtService { // 配置 private readonly IConfiguration _configuration; public JwtService(IConfiguration configuration) { _configuration = configuration; } /// /// 生成 JWT /// /// 用户信息 /// public string GetnerateJWTToken(UserDto userDto) { var claims = new Claim[] { new Claim(ClaimTypes.Name, userDto.UserName), new Claim(ClaimTypes.Role, userDto.Roles), // 用户所在的分组 new Claim("groups", userDto.Groups) }; var issuer = _configuration[JwtOptionsConst.IssuerSettingPath]; var audience = _configuration[JwtOptionsConst.AudienceSettingPath]; var security = _configuration[JwtOptionsConst.SecurityKeySettingPath]; var expires = DateTime.Now.AddHours(Convert.ToDouble(_configuration[JwtOptionsConst.ExpiresHourSettingPath])); SymmetricSecurityKey symmetricSecurityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(security)); var signingCredentials = new SigningCredentials(symmetricSecurityKey, SecurityAlgorithms.HmacSha256); var jwtSecurityToken = new JwtSecurityToken(claims: claims, issuer: issuer, audience: audience, expires: expires, signingCredentials: signingCredentials); var tokenHandler = new JwtSecurityTokenHandler(); return tokenHandler.WriteToken(jwtSecurityToken); } }
如何使用?我们可以直接在控制器中注入使用
using System; using System.Linq; using System.Threading.Tasks; using System.Collections.Generic; using System.Security.Claims; using System.IdentityModel.Tokens.Jwt; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.IdentityModel.Tokens; using JWTSample.Jwt; using JWTSample.Models; namespace JWTSample.Controllers; public class AuthController : Controller { private readonly IJwtService _jwtService; public AuthController(IJwtService jwtService) { _jwtService = jwtService; } [AllowAnonymous] [HttpPost] public IActionResult Login([FromBody] LoginUserInfo loginUserInfo) { if (loginUserInfo.Name == null) { return Ok(new { Message = "用户名不能为空!" }); } var userDto = new UserDto() { UserId = new Random().Next(1000), UserName = loginUserInfo.Name, Groups = "技术部", Roles = "软件工程师", Email = "123456789@qq.com", Phone = "123456789" }; var token = _jwtService.GetnerateJWTToken(userDto); return Ok(new { Token = token }); } }