{"id":19,"date":"2022-07-08T11:43:00","date_gmt":"2022-07-08T03:43:00","guid":{"rendered":"https:\/\/blog.pixris.online\/?p=19"},"modified":"2024-11-08T11:53:39","modified_gmt":"2024-11-08T03:53:39","slug":"net6%e4%b8%ad%e6%80%8e%e4%b9%88%e4%bd%bf%e7%94%a8jwt","status":"publish","type":"post","link":"https:\/\/blog.pixris.online\/index.php\/2022\/07\/08\/19\/","title":{"rendered":".NET6\u4e2d\u600e\u4e48\u4f7f\u7528JWT"},"content":{"rendered":"\n

1.\u521b\u5efa\u751f\u6210\u4e00\u4e2a\u65b0\u7684JWT\u5728\u767b\u5165\u65f6<\/h2>\n\n\n\n
\/\/\/ <summary>\n\/\/\/ \u767b\u5165\u65f6\u751f\u6210Token\n\/\/\/ <\/summary>\n\/\/\/ <param name=\"yuanUser\">\u7528\u6237\u5b9e\u4f53<\/param>\n\/\/\/ <returns><\/returns>\npublic async Task<Result> CreateJWT(int id)\n{\n    \/\/\u9009\u62e9\u7b7e\u540d\u7b97\u6cd5\n    var signingAlogorithm = SecurityAlgorithms.HmacSha256;\n    \/\/\u83b7\u53d6\u8be5\u7528\u6237\u7684\u6743\u9650\u5217\u8868\n    var permissionInfo = await _repository.GetListAsync(x => x.Id == id);\n    \/\/\u51c6\u5907\u5b58\u653e\u7528\u6237\u4fe1\u606f\u7684 Claim \u6570\u7ec4\n    var claims = new List<Claim>{\n        \/\/new Claim(JwtRegisteredClaimNames.Sub, demoEntityUser.Password)\n    };\n    \/\/\u5982\u679c\u8be5\u7528\u6237\u6709\u6743\u9650\uff0c\u5219\u4f9d\u6b21\u52a0\u5165\u5230 claims \u6570\u7ec4\u4e2d\n    var permissionClaims = permissionInfo.Select(p => new Claim(\"permission\",      p.DepartmentId.ToString()));\n    claims.AddRange(permissionClaims);\n    \/\/\u5982\u679c\u8be5\u7528\u6237\u6ca1\u6709\u4efb\u4f55\u6743\u9650\uff0c\u5219\u52a0\u5165 \"NoPermission\" \u6743\u9650\n    if (!permissionClaims.Any())\n    {\n        claims.Add(new Claim(\"permission\", \"NoPermission\"));\n    }\n    \/\/\u751f\u6210\u79c1\u94a5\n    var secretByte = Encoding.UTF8.GetBytes(_configuration[\"Authentication:SecretKey\"]);\n    var signingKey = new SymmetricSecurityKey(secretByte);\n    \/\/\u751f\u6210\u6570\u5b57\u7b7e\u540d\n    var signingCredentials = new SigningCredentials(signingKey, signingAlogorithm);\n    \/\/\u751f\u6210 JWT \u5e76\u8fd4\u56de\n    var token = new JwtSecurityToken(\n        issuer: _configuration[\"Authentication:Issuer\"],\n        audience: _configuration[\"Authentication:Audience\"],\n        claims: claims,\n        notBefore: DateTime.UtcNow,\n        expires: DateTime.UtcNow.AddYears(1),\n        signingCredentials: signingCredentials);\n    var tokenString = new JwtSecurityTokenHandler().WriteToken(token);\n    return Result.Success(tokenString);\n}<\/code><\/pre>\n\n\n\n
2.\u521b\u5efa\u4e00\u4e2a\u9a8c\u8bc1\u7528\u7684\u7c7b<\/h2>\n\n\n\n
public class MyAuthorizeFilter : ActionFilterAttribute\n{\n    public string Permission { get; set; }\n\n    \/\/private static readonly string _missingAuthorizationMessage = \"Authorization\u7f3a\u5931\";\n    private static readonly string _missingTokenMessage = \"token\u7f3a\u5931\";\n    private static readonly string _invalidTokenMessage = \"token\u65e0\u6548\";\n    private static readonly string _expiredTokenMessage = \"token\u8fc7\u671f\";\n    private static readonly string _noPermissionMessage = \"\u8be5\u7528\u6237\u6ca1\u6709\u5f53\u524d\u6743\u9650\";\n    private static readonly string _networkErrorMessage = \"\u7f51\u7edc\u9519\u8bef\";\n\n    public override void OnActionExecuting(ActionExecutingContext context)\n    {\n        try\n        {\n            var token = context.HttpContext.Request.Headers[\"Authorization\"].ToString();\n            if (string.IsNullOrEmpty(token))\n            {\n                context.Result = new JsonResult(new Result(403, _missingTokenMessage, \"No Data\"));\n                return;\n            }\n            var secretKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(\"21232F297A57A5A743894A0E4A801FC3\"));\n            var validationParameters = new TokenValidationParameters()\n            {\n                ValidateAudience = true,\n                ValidAudience = \"Abp_samples\",\n                ValidateIssuer = true,\n                ValidIssuer = \"Abp_samples\",\n                ValidateLifetime = true,\n                IssuerSigningKey = secretKey,\n                ValidateIssuerSigningKey = true\n            };\n            var handler = new JwtSecurityTokenHandler();\n            var principal = handler.ValidateToken(token, validationParameters, out var validatedToken);\n            var claims = principal.Claims;\n            if (claims != null)\n            {\n                var isAuthorized = false;\n                foreach (var claim in claims)\n                {\n                    if (claim.Type.Equals(\"permission\", StringComparison.InvariantCultureIgnoreCase) && claim.Value.Equals(Permission, StringComparison.InvariantCultureIgnoreCase))\n                    {\n                        isAuthorized = true;\n                        break;\n                    }\n                    \/\/if (claim)\n                    \/\/{\n                    \/\/    isAuthorized = true;\n                    \/\/    break;\n                    \/\/}\n                }\n                if (!isAuthorized)\n                {\n                    \/\/\u6ca1\u6709\u6743\u9650\n                    context.Result = new JsonResult(new Result(401, _noPermissionMessage, \"No Data\"));\n                    return;\n                }\n            }\n            else\n            {\n                \/\/\u4e22\u5931\u4ee4\u724c\u4fe1\u606f\n                context.Result = new JsonResult(new Result(403, _missingTokenMessage, \"No Data\"));\n                return;\n            }\n        }\n        catch (SecurityTokenExpiredException)\n        {\n            \/\/\u4ee4\u724c\u8fc7\u671f\n            context.Result = new JsonResult(new Result(403, _expiredTokenMessage, \"No Data\"));\n            return;\n        }\n        catch (SecurityTokenException)\n        {\n            \/\/\u65e0\u6548\u7684\u4ee4\u724c\n            context.Result = new JsonResult(new Result(403, _invalidTokenMessage, \"No Data\"));\n            return;\n        }\n        catch (Exception)\n        {\n            \/\/\u7f51\u7edc\u9519\u8bef\n            context.Result = new JsonResult(new Result(500, _networkErrorMessage, \"No Data\"));\n            return;\n        }\n    }\n}<\/code><\/pre>\n\n\n\n
3.\u5728\u8c03\u7528\u63a5\u53e3\u7684\u65f6\u5019\u6dfb\u52a0\u7b7e\u540d<\/h2>\n\n\n\n
        \/\/\/ <summary>\n        \/\/\/ \u5206\u9875\u83b7\u53d6demo\u5217\u8868\n        \/\/\/ <\/summary>\n        \/\/\/ <param name=\"selectDto\">Dto<\/param>\n        \/\/\/ <returns><\/returns>\n        [HttpPost(\"GetPagingDemoEntityUser\"),MyAuthorizeFilter(Permission=\"1\")]\n        public async Task<Result> GetPagingDemoEntityUser([FromQuery] SelectDemoEntityUserDto selectDto)\n        {\n            return await _demoEntityUserAppService.GetPagingDemoEntityUser(selectDto);\n        }<\/code><\/pre>\n\n\n\n
\u9700\u8981\u6ce8\u610f\uff0c\u6b64\u5904Permission=\"1\"<\/code>\u4e3a\u80fd\u591f\u8bbf\u95ee\u5230\u8be5API\u7684\u7528\u6237\u6743\u9650\u540d\u79f0\uff0c\u4f60\u53ef\u4ee5\u5728\u4f60\u7684\u6570\u636e\u5e93\u4e2d\u81ea\u5b9a\u4e49\uff0c\u5e76\u4e14\u5728\u751f\u6210JWT\u7684\u65f6\u5019\u5c06\u4fe1\u606f\u6dfb\u52a0\u5230JWT\u4e2d\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
1.\u521b\u5efa\u751f\u6210\u4e00\u4e2a\u65b0\u7684JWT\u5728\u767b\u5165\u65f6 2.\u521b\u5efa\u4e00\u4e2a\u9a8c\u8bc1\u7528\u7684\u7c7b 3.\u5728\u8c03\u7528\u63a5\u53e3\u7684\u65f6\u5019\u6dfb\u52a0\u7b7e\u540d \u9700\u8981\u6ce8\u610f\uff0c\u6b64\u5904Per […]<\/p>\n","protected":false},"author":1,"featured_media":20,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17,16,15],"tags":[3,2,11],"class_list":["post-19","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-net","category-c","category-15","tag-net","tag-c","tag-11"],"_links":{"self":[{"href":"https:\/\/blog.pixris.online\/index.php\/wp-json\/wp\/v2\/posts\/19","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.pixris.online\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.pixris.online\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.pixris.online\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.pixris.online\/index.php\/wp-json\/wp\/v2\/comments?post=19"}],"version-history":[{"count":1,"href":"https:\/\/blog.pixris.online\/index.php\/wp-json\/wp\/v2\/posts\/19\/revisions"}],"predecessor-version":[{"id":21,"href":"https:\/\/blog.pixris.online\/index.php\/wp-json\/wp\/v2\/posts\/19\/revisions\/21"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.pixris.online\/index.php\/wp-json\/wp\/v2\/media\/20"}],"wp:attachment":[{"href":"https:\/\/blog.pixris.online\/index.php\/wp-json\/wp\/v2\/media?parent=19"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.pixris.online\/index.php\/wp-json\/wp\/v2\/categories?post=19"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.pixris.online\/index.php\/wp-json\/wp\/v2\/tags?post=19"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}