快捷導(dǎo)航

ASP.NET中 Swagger添加JWT驗(yàn)證的流程

更新時(shí)間：2024年04月01日 11:23:01 作者：以明志、

主服務(wù)系統(tǒng)收到請求后會從headers中獲取“令牌”,并從“令牌”中解析出該用戶的身份權(quán)限,然后做出相應(yīng)的處理,這一系列操作都是JWT解析,下面小編給大家詳細(xì)介紹ASP.NET中 Swagger添加JWT驗(yàn)證的方法,感興趣的朋友一起看看吧

JWT

1、解析

1）客戶端向授權(quán)服務(wù)系統(tǒng)發(fā)起請求，申請獲取“令牌”。

2）授權(quán)服務(wù)根據(jù)用戶身份，生成一張專屬“令牌”，并將該“令牌”以JWT規(guī)范返回給客戶端

3）客戶端將獲取到的“令牌”放到http請求的headers中后，向主服務(wù)系統(tǒng)發(fā)起請求。主服務(wù)系統(tǒng)收到請求后會從headers中獲取“令牌”，并從“令牌”中解析出該用戶的身份權(quán)限，然后做出相應(yīng)的處理（同意或拒絕返回資源）

2、配置JWT

1、添加NuGet包Microsoft.AspNetCore.Authentication.JwtBearer

2、在appsettings.json中添加JWT配置節(jié)點(diǎn)

   "JWT": {
    "SecKey": "Jamin1127!#@$%@%^^&*(~Czmjklneafguvioszb%yuv&*6WVDf5dw#5dfw6f5w6faW%FW^f5wa65f^AWf56", //密鑰
    "Issuer": "Jamin",  //發(fā)行者
    "ExpireSeconds": 7200 //過期時(shí)間
  }

3、在Program類里進(jìn)行服務(wù)注冊

#region JWT服務(wù)
// 注冊JWT服務(wù)
builder.Services.AddSingleton(new JwtHelper(builder.Configuration));
builder.Services.AddAuthentication( JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
{
    options.TokenValidationParameters = new TokenValidationParameters()
    {
        ValidateIssuer = true, //是否驗(yàn)證Issuer
        ValidIssuer = builder.Configuration["Jwt:Issuer"], //發(fā)行人Issuer
        ValidateAudience = false, //是否驗(yàn)證Audience      
        ValidateIssuerSigningKey = true, //是否驗(yàn)證SecurityKey
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:SecKey"])), //SecurityKey
        ValidateLifetime = true, //是否驗(yàn)證失效時(shí)間
        ClockSkew = TimeSpan.FromSeconds(30), //過期時(shí)間容錯(cuò)值，解決服務(wù)器端時(shí)間不同步問題（秒）
        RequireExpirationTime = true,
    };
}
);
#endregion
//swagger里添加JWT授權(quán)
    builder.Services.AddSwaggerGen(c=> {
    c.SwaggerDoc("v1", new OpenApiInfo { Title = "Web API", Version = "v1" });
    //開啟注釋
    var xmlFile = $"{Assembly.GetEntryAssembly().GetName().Name}.xml";
    var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
    c.IncludeXmlComments(xmlPath, true);
    // 配置 JWT Bearer 授權(quán)
    c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
    {
        Description = "JWT Authorization header using the Bearer scheme",
        Name = "Authorization",
        In = ParameterLocation.Header,
        Type = SecuritySchemeType.Http,
        Scheme = "bearer"
    });
    var securityScheme = new OpenApiSecurityScheme
    {
        Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "Bearer" }
    };
    var securityRequirement = new OpenApiSecurityRequirement { { securityScheme, new string[] { } } };
    c.AddSecurityRequirement(securityRequirement);
});
//啟用驗(yàn)證中間件
app.UseAuthentication();
app.UseAuthorization();

4、創(chuàng)建JWT類進(jìn)行Token配置

using Microsoft.IdentityModel.Tokens;
using System.Diagnostics;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
namespace Blog.core.Common.Auth
{
    /// <summary>
    /// 授權(quán)JWT類
    /// </summary>
    public class JwtHelper
    {
        private readonly IConfiguration _configuration;
        /// <summary>
        /// Token配置
        /// </summary>
        /// <param name="configuration"></param>
        public JwtHelper(IConfiguration configuration)
        {
            _configuration = configuration;
        }
        /// <summary>
        /// 創(chuàng)建Token 這里面可以保存自己想要的信息
        /// </summary>
        /// <param name="username"></param>
        /// <param name="mobile"></param>
        /// <returns></returns>
        public string CreateToken(string username, string mobile)
        {
            try
            {
                // 1. 定義需要使用到的Claims
                var claims = new[]
                {
                    new Claim("username", username),
                    new Claim("mobile", mobile),
                    /* 可以保存自己想要信息，傳參進(jìn)來即可
                    new Claim("sex", "sex"),
                    new Claim("limit", "limit"),
                    new Claim("head_url", "xxxxx")
                    */
                };
                // 2. 從 appsettings.json 中讀取SecretKey
                var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Jwt:SecKey"]));
                // 3. 選擇加密算法
                var algorithm = SecurityAlgorithms.HmacSha256;
                // 4. 生成Credentials
                var signingCredentials = new SigningCredentials(secretKey, algorithm);
                // 5. 根據(jù)以上，生成token
                var jwtSecurityToken = new JwtSecurityToken(
                    _configuration["Jwt:Issuer"],    //Issuer
                    _configuration["Jwt:ExpireSeconds"],  //ExpireSeconds
                    claims,                          //Claims,
                    DateTime.Now,                    //notBefore
                    DateTime.Now.AddSeconds(30),     //expires
                    signingCredentials               //Credentials
                );
                // 6. 將token變?yōu)閟tring
                var token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
                return token;
            }
            catch (Exception)
            {
                throw;
            }
        }
        /// <summary>
        /// 獲取信息
        /// </summary>
        /// <param name="jwt"></param>
        /// <returns></returns>
        public static string ReaderToken(string jwt)
        {
            var str = string.Empty;
            try
            {
                //獲取Token的三種方式
                //第一種直接用JwtSecurityTokenHandler提供的read方法
                var jwtHander = new JwtSecurityTokenHandler();
                JwtSecurityToken jwtSecurityToken = jwtHander.ReadJwtToken(jwt);
                str = jwtSecurityToken.ToString();
            }
            catch (Exception ex)
            {
                Debug.WriteLine(ex.Message);
            }
            return str;
        }
        /// <summary>
        /// 解密jwt
        /// </summary>
        /// <param name="jwt"></param>
        /// <returns></returns>
        public string JwtDecrypt(string jwt)
        {
            StringBuilder sb = new StringBuilder();
            try
            {
                JwtSecurityTokenHandler tokenHandler = new();
                TokenValidationParameters valParam = new();
                var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Jwt:SecKey"]));
                valParam.IssuerSigningKey = securityKey;
                valParam.ValidateIssuer = false;
                valParam.ValidateAudience = false;
                //解密
                ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(jwt,
                        valParam, out SecurityToken secToken);
                foreach (var claim in claimsPrincipal.Claims)
                {
                    sb.Append($"{claim.Type}={claim.Value}");
                }
            }
            catch (Exception ex)
            {
                Debug.WriteLine(ex.Message);
            }
            return sb.ToString();
        }
    }
}

5、創(chuàng)建用戶實(shí)體，進(jìn)行用戶密碼的接收

using System.ComponentModel.DataAnnotations;
namespace Blog.core.Models
{
    public class UserInfo
    {
        /// <summary>
        /// 其中 [Required] 表示非空判斷,其他自己研究百度
        /// </summary>
        [Required]
        public string UserName { get; set; }
        [Required]
        public string Password { get; set; }
        [Required]
        public string PhoneNumber { get; set; }
}
}

6、創(chuàng)建控制器，進(jìn)行JWT的APi調(diào)用

using Blog.core.Common.Auth;
using Blog.core.Models;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace Blog.core.Controllers
{
        [Route("[controller]/[action]")]
        [ApiController]
        public class UserController : ControllerBase
        {
            private readonly JwtHelper _jwt;
            /// <summary>
            /// 初始化
            /// </summary>
            /// <param name="jwtHelper"></param>
            public UserController(JwtHelper jwtHelper)
            {
                _jwt = jwtHelper;
            }
            /// <summary>
            /// 獲取Token
            /// </summary>
            /// <returns></returns>
            [HttpPost]
            public IActionResult GetToken(UserInfo user)
            {
                //參數(shù)驗(yàn)證等等....
                if (string.IsNullOrEmpty(user.UserName))
                {
                    return Ok("參數(shù)異常！");
                }
                //這里可以連接mysql數(shù)據(jù)庫做賬號密碼驗(yàn)證
                //這里可以做Redis緩存驗(yàn)證等等
                //這里獲取Token，當(dāng)然，這里也可以選擇傳結(jié)構(gòu)體過去
                var token = _jwt.CreateToken(user.UserName, user.PhoneNumber);
                  //解密后的Token
                  var PWToken = _jwt.JwtDecrypt( token);
                  return Ok(token+"解密后："+PWToken);
            }
            /// <summary>
            /// 獲取自己的詳細(xì)信息，其中 [Authorize] 就表示要帶Token才行
            /// </summary>
            /// <returns></returns>
            [HttpPost]
            [Authorize]
            public IActionResult GetSelfInfo()
            {
                //執(zhí)行到這里，就表示已經(jīng)驗(yàn)證授權(quán)通過了
                /*
                 * 這里返回個(gè)人信息有兩種方式
                 * 第一種：從Header中的Token信息反向解析出用戶賬號，再從數(shù)據(jù)庫中查找返回
                 * 第二種：從Header中的Token信息反向解析出用戶賬號信息直接返回，當(dāng)然，在前面創(chuàng)建        Token時(shí)，要保存進(jìn)使用到的Claims中。
                */
                return Ok("授權(quán)通過了！");
            }
        }  
}

在這里插入圖片描述