在ASP.NET Web API中實作JWT驗證
JWT概述
JSON Web令牌(JWT)是包含聲明的令牌,這些聲明被編碼為三個用句點分隔的base64編碼部分。聲明包含有關使用者、其權限和過期時間的資訊。
實作JWT驗證
要在您的舊版Web API中實作JWT驗證,您可以按照以下步驟操作:
產生JWT令牌
驗證JWT令牌
配置
config.Filters.Add(new AuthorizeAttribute())為您的API啟用授權。 程式碼範例
產生JWT令牌:
private const string Secret = "[对称密钥]";
public static string GenerateToken(string username, int expireMinutes = 20)
{
var symmetricKey = Convert.FromBase64String(Secret);
var tokenHandler = new JwtSecurityTokenHandler();
var now = DateTime.UtcNow;
var tokenDescriptor = new SecurityTokenDescriptor {
Subject = new ClaimsIdentity(new[] {
new Claim(ClaimTypes.Name, username)
}),
Expires = now.AddMinutes(Convert.ToInt32(expireMinutes)),
SigningCredentials = new SigningCredentials(
new SymmetricSecurityKey(symmetricKey),
SecurityAlgorithms.HmacSha256Signature)
};
var stoken = tokenHandler.CreateToken(tokenDescriptor);
var token = tokenHandler.WriteToken(stoken);
return token;
}驗證JWT令牌:
protected Task<IPrincipal> AuthenticateJwtToken(string token)
{
string username;
if (ValidateToken(token, out username))
{
var claims = new List<Claim> {
new Claim(ClaimTypes.Name, username)
// 根据需要添加更多声明
};
var identity = new ClaimsIdentity(claims, "Jwt");
var user = new ClaimsPrincipal(identity);
return Task.FromResult(user);
}
return Task.FromResult<IPrincipal>(null);
}
private static bool ValidateToken(string token, out string username)
{
username = null;
var tokenHandler = new JwtSecurityTokenHandler();
var jwtToken = tokenHandler.ReadToken(token) as JwtSecurityToken;
if (jwtToken == null) return false;
var symmetricKey = Convert.FromBase64String(Secret);
var validationParameters = new TokenValidationParameters {
RequireExpirationTime = true,
ValidateIssuer = false,
ValidateAudience = false,
IssuerSigningKey = new SymmetricSecurityKey(symmetricKey)
};
var principal = tokenHandler.ValidateToken(token, validationParameters, out _);
return principal != null;
}以上是如何在 ASP.NET Web API 中實作 JWT 驗證?的詳細內容。更多資訊請關注PHP中文網其他相關文章!
