2023年6月20日发(作者:)

webapi使⽤JWT进⾏授权认证1,在 mvc 中常⽤的是 Cooke+Session 或者 form 认证(实际也是Cooke)的⽅式,当然都是mvc中在 webapi中也是可以使⽤的,那么上⾯的两种⽅式这⾥就不多写了,后⾯有时间写,今天最主要是 JWT的认证⽅式

2,简单说明⼀下,JWT是什么。JWT 全称 JSON Web Tokens ,是⼀种规范化的 token。是对 token 这⼀技术提出⼀套规范,其它细节,查资料就可。3,使⽤,.NET⾥⾯可以使⽤JWT来⽣成Token以及解密Token。我们打开Nuget,搜索JWT 安装。4,既然是根据同koken去获取权限,那么第⼀个就是去获取token private string secret = "zhonlong"; //这个密钥以⼀般⽤加密过的 public string Get() { IDateTimeProvider provider = new UtcDateTimeProvider(); var now = (); var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, ); // or use och var secondsSinceEpoch = ((now - unixEpoch).TotalSeconds); var payload = new Dictionary { {"name", "MrBug" }, {"exp",secondsSinceEpoch+1000 }, // 1000 秒过期时间,必须⼤于签发时间 {"jti","luozhipeng" } }; ine(secondsSinceEpoch); IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJsonSerializer serializer = new JsonNetSerializer(); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder); var token = (payload, secret); return token; }5,那么下次访问服务端的时候,获取到了token之后验证⼀下 //解密token

public string DecodeToken() { try { IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm); var json = ("密钥", secret, verify: true);//token为之前⽣成的字符串 } catch (TokenExpiredException) { ine("Token has expired"); //过期 } catch (SignatureVerificationException) { ine("Token has invalid signature"); //签名没有验证 } return "value"; // 根据你的json ⾥⾯解析出数据,然后去验证⼀下数据(当然这⼀步放到了验证中) }6,最后别忘记了加上验证public class TokenAuthAttribute : AuthorizeAttribute { //重写基类的验证⽅式,加⼊我们⾃定义的Ticket验证 public override void OnAuthorization(tionContext actionContext) { //url获取token var content = ties["MS_HttpContext"] as HttpContextBase; var token = s["Token"]; //⾃⼰加⼊在头部的名称 if (!OrEmpty(token)) { //解密⽤户ticket,并校验⽤户名密码是否匹配 if (ValidateTicket(token)) { orized(actionContext); } else { HandleUnauthorizedRequest(actionContext); } } //如果取不到⾝份验证信息,并且不允许匿名访问,则返回未验证401 else { var attributes = tomAttributes().OfType(); bool isAnonymous = (a => a is AllowAnonymousAttribute); if (isAnonymous) orization(actionContext); else HandleUnauthorizedRequest(actionContext); } } //校验票据(数据库数据匹配) private bool ValidateTicket(string encryptToken) { //正常这⾥是⽤的token 来验证的 bool flag = false; try { //获取数据库Token if ("jiaxiel" == encryptToken) //存在 { //未超时 flag = true; } } catch (Exception ex) { } return flag; } } 到此基本的验证授权都给上了,还需要优化!

2023年6月20日发(作者:)

webapi使⽤JWT进⾏授权认证1,在 mvc 中常⽤的是 Cooke+Session 或者 form 认证(实际也是Cooke)的⽅式,当然都是mvc中在 webapi中也是可以使⽤的,那么上⾯的两种⽅式这⾥就不多写了,后⾯有时间写,今天最主要是 JWT的认证⽅式

2,简单说明⼀下,JWT是什么。JWT 全称 JSON Web Tokens ,是⼀种规范化的 token。是对 token 这⼀技术提出⼀套规范,其它细节,查资料就可。3,使⽤,.NET⾥⾯可以使⽤JWT来⽣成Token以及解密Token。我们打开Nuget,搜索JWT 安装。4,既然是根据同koken去获取权限,那么第⼀个就是去获取token private string secret = "zhonlong"; //这个密钥以⼀般⽤加密过的 public string Get() { IDateTimeProvider provider = new UtcDateTimeProvider(); var now = (); var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, ); // or use och var secondsSinceEpoch = ((now - unixEpoch).TotalSeconds); var payload = new Dictionary { {"name", "MrBug" }, {"exp",secondsSinceEpoch+1000 }, // 1000 秒过期时间,必须⼤于签发时间 {"jti","luozhipeng" } }; ine(secondsSinceEpoch); IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJsonSerializer serializer = new JsonNetSerializer(); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder); var token = (payload, secret); return token; }5,那么下次访问服务端的时候,获取到了token之后验证⼀下 //解密token

public string DecodeToken() { try { IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm); var json = ("密钥", secret, verify: true);//token为之前⽣成的字符串 } catch (TokenExpiredException) { ine("Token has expired"); //过期 } catch (SignatureVerificationException) { ine("Token has invalid signature"); //签名没有验证 } return "value"; // 根据你的json ⾥⾯解析出数据,然后去验证⼀下数据(当然这⼀步放到了验证中) }6,最后别忘记了加上验证public class TokenAuthAttribute : AuthorizeAttribute { //重写基类的验证⽅式,加⼊我们⾃定义的Ticket验证 public override void OnAuthorization(tionContext actionContext) { //url获取token var content = ties["MS_HttpContext"] as HttpContextBase; var token = s["Token"]; //⾃⼰加⼊在头部的名称 if (!OrEmpty(token)) { //解密⽤户ticket,并校验⽤户名密码是否匹配 if (ValidateTicket(token)) { orized(actionContext); } else { HandleUnauthorizedRequest(actionContext); } } //如果取不到⾝份验证信息,并且不允许匿名访问,则返回未验证401 else { var attributes = tomAttributes().OfType(); bool isAnonymous = (a => a is AllowAnonymousAttribute); if (isAnonymous) orization(actionContext); else HandleUnauthorizedRequest(actionContext); } } //校验票据(数据库数据匹配) private bool ValidateTicket(string encryptToken) { //正常这⾥是⽤的token 来验证的 bool flag = false; try { //获取数据库Token if ("jiaxiel" == encryptToken) //存在 { //未超时 flag = true; } } catch (Exception ex) { } return flag; } } 到此基本的验证授权都给上了,还需要优化!