然后再startup类的ConfigureServices方法中增加读取配置信息
public void ConfigureServices(IServiceCollection services) { services.AddControllers(); services.Configure<TokenManagement>(Configuration.GetSection("tokenManagement")); var token = Configuration.GetSection("tokenManagement").Get<TokenManagement>(); }
到目前为止,我们完成了一些基础工作,下面再webapi中注入jwt的验证服务,并在中间件管道中启用authentication中间件。
startup类中要引用jwt验证服务的命名空间
using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.IdentityModel.Tokens;
然后在 ConfigureServices
方法中添加如下逻辑
services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(x => { x.RequireHttpsMetadata = false; x.SaveToken = true; x.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(token.Secret)), ValidIssuer = token.Issuer, ValidAudience = token.Audience, ValidateIssuer = false, ValidateAudience = false }; });
再 Configure
方法中启用验证
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseHttpsRedirection(); app.UseAuthentication(); app.UseRouting(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); }
上面完成了JWT验证的功能,下面就需要增加签发token的逻辑。我们需要增加一个专门用来用户认证和签发token的控制器,命名成 AuthenticationController
,同时增加一个请求的DTO类
public class LoginRequestDTO { [Required] [JsonProperty("username")] public string Username { get; set; } [Required] [JsonProperty("password")] public string Password { get; set; } }
[Route("api/[controller]")] [ApiController] public class AuthenticationController : ControllerBase { [AllowAnonymous] [HttpPost, Route("requestToken")] public ActionResult RequestToken([FromBody] LoginRequestDTO request) { if (!ModelState.IsValid) { return BadRequest("Invalid Request"); } return Ok(); } }
目前上面的控制器只实现了基本的逻辑,下面我们要创建签发token的服务,去完成具体的业务。第一步我们先创建对应的服务接口,命名为 IAuthenticateService
public interface IAuthenticateService { bool IsAuthenticated(LoginRequestDTO request, out string token); }