Teams/shgx_tz_mes_backend_sync
3
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

更换jwtToken 为Bearer

Browse Source
This commit is contained in:
不做码农
2021-12-03 17:42:44 +08:00
parent c6a523834c
commit 42dc24b6b8
13 changed files with 216 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ZR.Admin.WebApi/Controllers/System/SysLoginController.cs
View File

@@ -79,7 +79,7 @@ namespace ZR.Admin.WebApi.Controllers.System
#endregion
LoginUser loginUser = new LoginUser(user.UserId, user.UserName, roles, permissions);
return SUCCESS(JwtUtil.GenerateJwtToken(HttpContext.WriteCookies(loginUser)));
return SUCCESS(JwtUtil.GenerateJwtToken(HttpContext.AddClaims(loginUser)));
}
/// <summary>
@@ -90,11 +90,11 @@ namespace ZR.Admin.WebApi.Controllers.System
[HttpPost("logout")]
public IActionResult LogOut()
{
Task.Run(async () =>
{
//注销登录的用户相当于ASP.NET中的FormsAuthentication.SignOut
await HttpContext.SignOutAsync();
}).Wait();
//Task.Run(async () =>
//{
// //注销登录的用户相当于ASP.NET中的FormsAuthentication.SignOut
// await HttpContext.SignOutAsync();
//}).Wait();
return SUCCESS(1);
}

36
ZR.Admin.WebApi/Extensions/HttpContextExtension.cs
View File

@@ -1,6 +1,7 @@
using Infrastructure;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Http;
using Newtonsoft.Json;
using System;
@@ -67,7 +68,7 @@ namespace ZR.Admin.WebApi.Extensions
{
var uid = context.User.FindFirstValue(ClaimTypes.PrimarySid);
return !string.IsNullOrEmpty(uid) ? long.Parse(uid) : 0 ;
return !string.IsNullOrEmpty(uid) ? long.Parse(uid) : 0;
}
public static string GetName(this HttpContext context)
{
@@ -75,6 +76,16 @@ namespace ZR.Admin.WebApi.Extensions
return uid;
}
/// <summary>
/// ClaimsIdentity
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public static IEnumerable<ClaimsIdentity> GetClaims(this HttpContext context)
{
return context.User?.Identities;
}
//public static int GetRole(this HttpContext context)
//{
// var roleid = context.User.FindFirstValue(ClaimTypes.Role) ?? "0";
@@ -84,9 +95,7 @@ namespace ZR.Admin.WebApi.Extensions
public static string GetUserAgent(this HttpContext context)
{
var str = context.Request.Headers["User-Agent"];
return str;
return context.Request.Headers["User-Agent"];
}
/// <summary>
@@ -96,9 +105,7 @@ namespace ZR.Admin.WebApi.Extensions
/// <returns></returns>
public static string GetToken(this HttpContext context)
{
var str = context.Request.Headers["Token"];
return str;
return context.Request.Headers["Authorization"];
}
public static ClientInfo GetClientInfo(this HttpContext context)
@@ -116,12 +123,12 @@ namespace ZR.Admin.WebApi.Extensions
}
/// <summary>
/// 登录cookie写入
///组装Claims
/// </summary>
/// <param name="context"></param>
/// <param name="user"></param>
/// <returns></returns>
public static List<Claim> WriteCookies(this HttpContext context, LoginUser user)
public static List<Claim> AddClaims(this HttpContext context, LoginUser user)
{
//1、创建Cookie保存用户信息使用claim
var claims = new List<Claim>()
@@ -138,13 +145,21 @@ namespace ZR.Admin.WebApi.Extensions
{
claims.Add(new Claim("perm", string.Join(",", user.Permissions)));
}
//写入Cookie
//WhiteCookie(context, claims);
return claims;
}
private static void WhiteCookie(HttpContext context, List<Claim> claims)
{
//2.创建声明主题 指定认证方式 这里使用cookie
var claimsIdentity = new ClaimsIdentity(claims, "Login");
Task.Run(async () =>
{
await context.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,//这里要注意的是HttpContext.SignInAsync(AuthenticationType,…) 所设置的Scheme一定要与前面的配置一样这样对应的登录授权才会生效。
JwtBearerDefaults.AuthenticationScheme,//这里要注意的是HttpContext.SignInAsync(AuthenticationType,…) 所设置的Scheme一定要与前面的配置一样这样对应的登录授权才会生效。
new ClaimsPrincipal(claimsIdentity),
new AuthenticationProperties()
{
@@ -153,7 +168,6 @@ namespace ZR.Admin.WebApi.Extensions
ExpiresUtc = DateTimeOffset.Now.AddDays(1),//有效时间
});
}).Wait();
return claims;
}
}

7
ZR.Admin.WebApi/Filters/VerifyAttribute.cs
View File

@@ -10,6 +10,7 @@ using NLog;
using System;
using System.Linq;
using ZR.Admin.WebApi.Extensions;
using ZR.Admin.WebApi.Framework;
using ZR.Model.System;
namespace ZR.Admin.WebApi.Filters
@@ -44,12 +45,10 @@ namespace ZR.Admin.WebApi.Filters
string ip = HttpContextExtension.GetClientUserIp(context.HttpContext);
string url = context.HttpContext.Request.Path;
var isAuthed = context.HttpContext.User.Identity.IsAuthenticated;
// 检查登陆 - 在SignIn中判断用户合法性将登陆信息保存在Cookie中在SignOut中移除登陆信息
var userName = context.HttpContext.User.Identity.Name;
//使用jwt token校验2020-11-21
//string token = context.HttpContext.Request.Headers["Token"];
LoginUser info = Framework.JwtUtil.GetLoginUser(context.HttpContext);
LoginUser info = JwtUtil.GetLoginUser(context.HttpContext);
if (info != null && info.UserId > 0)
{
@@ -58,7 +57,7 @@ namespace ZR.Admin.WebApi.Filters
else
{
string msg = $"请求访问:{url}授权认证失败,无法访问系统资源";
logger.Info(msg);
logger.Info($"用户{userName}{msg}");
context.Result = new JsonResult(new ApiResult((int)ResultCode.DENY, msg));
}

60
ZR.Admin.WebApi/Framework/JwtUtil.cs
View File

@@ -18,8 +18,6 @@ namespace ZR.Admin.WebApi.Framework
/// </summary>
public class JwtUtil
{
public static readonly string KEY = "asdfghjklzxcvbnm";
/// <summary>
/// 获取用户身份信息
/// </summary>
@@ -28,6 +26,7 @@ namespace ZR.Admin.WebApi.Framework
public static LoginUser GetLoginUser(HttpContext httpContext)
{
string token = HttpContextExtension.GetToken(httpContext);
if (!string.IsNullOrEmpty(token))
{
return ValidateJwtToken(ParseToken(token));
@@ -42,21 +41,52 @@ namespace ZR.Admin.WebApi.Framework
/// <returns></returns>
public static string GenerateJwtToken(List<Claim> claims)
{
JwtSettings jwtSettings = new();
ConfigUtils.Instance.Bind("JwtSettings", jwtSettings);
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(KEY);
var expires = ConfigUtils.Instance.GetAppConfig("sysConfig:tokenExpire", 10);
var key = Encoding.ASCII.GetBytes(jwtSettings.SecretKey);
claims.Add(new Claim("Audience", jwtSettings.Audience));
claims.Add(new Claim("Issuer", jwtSettings.Issuer));
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
//Issuer = "",
//Audience = "",
Expires = DateTime.Now.AddMinutes(expires),
Issuer = jwtSettings.Issuer,
Audience = jwtSettings.Audience,
IssuedAt = DateTime.Now,//token生成时间
Expires = DateTime.Now.AddMinutes(jwtSettings.Expire),
TokenType = "Bearer",
//对称秘钥,签名证书
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return tokenHandler.WriteToken(token);
}
/// <summary>
/// 验证Token
/// </summary>
/// <returns></returns>
public static TokenValidationParameters ValidParameters()
{
JwtSettings jwtSettings = new();
ConfigUtils.Instance.Bind("JwtSettings", jwtSettings);
var key = Encoding.ASCII.GetBytes(jwtSettings.SecretKey);
var tokenDescriptor = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
ValidateAudience = true,
ValidIssuer = jwtSettings.Issuer,
ValidAudience = jwtSettings.Audience,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateLifetime = true,//是否验证Token有效期使用当前时间与Token的Claims中的NotBefore和Expires对比
RequireExpirationTime = true,//过期时间
};
return tokenDescriptor;
}
/// <summary>
/// 从令牌中获取数据声明
/// </summary>
@@ -65,21 +95,13 @@ namespace ZR.Admin.WebApi.Framework
public static IEnumerable<Claim> ParseToken(string token)
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(KEY);
var validateParameter = ValidParameters();
token = token.Replace("Bearer ", "");
try
{
tokenHandler.ValidateToken(token, new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false,
// set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later)
ClockSkew = TimeSpan.Zero
}, out SecurityToken validatedToken);
tokenHandler.ValidateToken(token, validateParameter, out SecurityToken validatedToken);
//{{"alg":"HS256","typ":"JWT"}.{"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid":"2","unique_name":"ry","nameid":"2","given_name":"若依","nbf":1606654010,"exp":1606740410,"iat":1606654010}}
var jwtToken = (JwtSecurityToken)validatedToken;
var jwtToken = tokenHandler.ReadJwtToken(token);
return jwtToken.Claims;
}
catch (Exception ex)

33
ZR.Admin.WebApi/Startup.cs
View File

@@ -2,6 +2,7 @@ using Hei.Captcha;
using Infrastructure;
using Infrastructure.Extensions;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Hosting;
@@ -55,11 +56,23 @@ namespace ZR.Admin.WebApi
services.AddSession();
services.AddHttpContextAccessor();
//Cookie <20><>֤
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie();
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Model<65><6C>
services.Configure<OptionsSetting>(Configuration);
services.Configure<JwtSettings>(Configuration);
var jwtSettings = new JwtSettings();
Configuration.Bind("JwtSettings", jwtSettings);
//Cookie <20><>֤
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddCookie()
.AddJwtBearer(o =>
{
o.TokenValidationParameters = JwtUtil.ValidParameters();
});
InjectRepositories(services);
@@ -78,11 +91,11 @@ namespace ZR.Admin.WebApi
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "ZrAdmin", Version = "v1" });
if (CurrentEnvironment.IsDevelopment())
{
//<2F><><EFBFBD><EFBFBD><EFBFBD>ĵ<EFBFBD>ע<EFBFBD><D7A2>
c.IncludeXmlComments("ZRAdmin.xml", true);
}
//if (CurrentEnvironment.IsDevelopment())
//{
//<2F><><EFBFBD><EFBFBD><EFBFBD>ĵ<EFBFBD>ע<EFBFBD><D7A2>
c.IncludeXmlComments(Path.Combine(CurrentEnvironment.ContentRootPath, "ZRAdmin.xml"), true);
//}
});
}
@@ -112,7 +125,9 @@ namespace ZR.Admin.WebApi
//app.UseAuthentication<6F><6E><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Authentication<6F>м<EFBFBD><D0BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD><D0BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݵ<EFBFBD>ǰHttp<74><70><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>Cookie<69><65>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>HttpContext.User<65><72><EFBFBD>ԣ<EFBFBD><D4A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><EFBFBD><EFBFBD>
//<2F><><EFBFBD><EFBFBD>ֻ<EFBFBD><D6BB><EFBFBD><EFBFBD>app.UseAuthentication<6F><6E><EFBFBD><EFBFBD>֮<EFBFBD><D6AE>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD><D0BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܹ<EFBFBD><DCB9><EFBFBD>HttpContext.User<65>ж<EFBFBD>ȡ<EFBFBD><C8A1>ֵ<EFBFBD><D6B5>
//<2F><>Ҳ<EFBFBD><D2B2>Ϊʲô<CAB2><C3B4><EFBFBD><EFBFBD>ǿ<EFBFBD><C7BF>app.UseAuthentication<6F><6E><EFBFBD><EFBFBD>һ<EFBFBD><D2BB>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>app.UseMvc<76><63><EFBFBD><EFBFBD>ǰ<EFBFBD><EFBFBD><E6A3AC>Ϊֻ<CEAA><D6BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ASP.NET Core<72><65>MVC<56>м<EFBFBD><D0BC><EFBFBD><EFBFBD>в<EFBFBD><D0B2>ܶ<EFBFBD>ȡ<EFBFBD><C8A1>HttpContext.User<65><72>ֵ<EFBFBD><D6B5>
//1.<2E>ȿ<EFBFBD><C8BF><EFBFBD><EFBFBD><EFBFBD>֤
app.UseAuthentication();
//2.<2E>ٿ<EFBFBD><D9BF><EFBFBD><EFBFBD><EFBFBD>Ȩ
app.UseAuthorization();
app.UseSession();
app.UseResponseCaching();
@@ -149,12 +164,12 @@ namespace ZR.Admin.WebApi
SugarIocServices.AddSqlSugar(new List<IocConfig>() {
new IocConfig() {
ConfigId = "0",
ConfigId = "0",
ConnectionString = connStr,
DbType = (IocDbType)dbType,
IsAutoCloseConnection = true//<2F>Զ<EFBFBD><D4B6>ͷ<EFBFBD>
}, new IocConfig() {
ConfigId = "1",
ConfigId = "1",
ConnectionString = connStrBus,
DbType = (IocDbType)dbType_bus,
IsAutoCloseConnection = true//<2F>Զ<EFBFBD><D4B6>ͷ<EFBFBD>

9
ZR.Admin.WebApi/appsettings.json
View File

@@ -15,9 +15,14 @@
"urls": "http://localhost:8888", //<2F><>Ŀ<EFBFBD><C4BF><EFBFBD><EFBFBD>url
"sysConfig": {
"DBCommandTimeout": 10,
"tokenExpire": 1440, //Jwt token<65><6E>ʱʱ<CAB1><EFBFBD>֣<EFBFBD>
"cors": "http://localhost:8887" //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>","<22><><EFBFBD><EFBFBD>
},
"JwtSettings": {
"Issuer": "https://localhost:8888",
"Audience": "https://localhost:8888",
"SecretKey": "Hello-key-ZRADMIN.NET-20210101",
"Expire": 5
},
"DemoMode": false, //<2F>Ƿ<EFBFBD><C7B7><EFBFBD>ʾģʽ
"DbKey": "", //<2F><><EFBFBD>ݿ<EFBFBD><DDBF><EFBFBD><EFBFBD><EFBFBD>key
"Upload": {
@@ -30,7 +35,7 @@
"KEY": "XX",
"SECRET": "XX",
"bucketName": "bucketName",
"domainUrl": "http://xxx.xxx.com"//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ<EFBFBD><D4B4><EFBFBD><EFBFBD>
"domainUrl": "http://xxx.xxx.com" //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ<EFBFBD><D4B4><EFBFBD><EFBFBD>
},
"gen": {
"conn": "server=LAPTOP-STKF2M8H\\SQLEXPRESS;user=zr;pwd=abc;database=ZrAdmin;Trusted_Connection=SSPI",