RsCode

Appearance

RsCode.AspNetCore提供JwtHelper工具类,可帮助生成jwt token,有两种加密方式的实现:对称加密和非对称加密
对称加密使用RS256,非对称加密使用HS256

密钥生成

使用非对称加密时,SecurityKey最少需要32位以上,随意填写内容

对称加密密钥生成方式:

通过第三方生成

打开网站https://mkjwk.org/ 生成
示例:
jwk
手动生成

bash
# 生成私钥
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
# 从私钥导出公钥
openssl rsa -pubout -in private_key.pem -out public_key.pem

jwt认证

1.在appsettings.json文件中配置jwt

json
{
"Jwt": {
    "Issuer": "https://rscode.cn",
    "Audience": "rscode.cn",
    "SecurityKey": "12343543DFSSDAFDFI2xxxxxxxxxx",
	"PublicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiGUwIDAQAB\n-----END PUBLIC KEY-----\n", //公钥
	"PublicKeyPath": "", //公钥文件路径
	"PrivateKey": "-----BEGIN PRIVATE KEY-----JVw==\n-----END PRIVATE KEY-----\n", //私钥
	"PrivateKeyPath":"",//private pem文件路径
    //accesstoken过期时间,单位(分钟)
    "Expire": 15
  }
}

2.认证服务器

非对称加密的jwt
设置 SecurityKey 32位以上
appsettings.json文件中配置key SecurityKey

csharp
 List<Claim> claims = new List<Claim>();
 claims.Add(new Claim("UserId", "1ef62d58d8ce485c96724f71bdd817d6"));
 claims.Add(new Claim("UserName", "215996632064"));
 claims.Add(new Claim("Role", "1"));
//创建token
 var token=JwtHelper.CreateToken(claims, 60);

对称加密的jwt
使用PrivateKey创建JWT Token
appsettings.json文件中配置好私钥 PrivateKeyPrivateKeyPath

csharp
 List<Claim> claims = new List<Claim>();
 claims.Add(new Claim("UserId", "1ef62d58d8ce485c96724f71bdd817d6"));
 claims.Add(new Claim("UserName", "215996632064"));
 claims.Add(new Claim("Role", "1"));

 var token=JwtHelper.CreateJwtToken(claims, 60);

3.业务服务器使用公钥验证 appsettings.json文件中配置公钥或SecurityKey

csharp
public static void CustomJwt(this IServiceCollection services, string Url = "/UserAuthHub")
{
	//使用对称加密的 jwt服务
    RsCode.AspNetCore.JwtExtensions.AddJwtBearer(services);
	//使用非对称加密的jwt服务
	//RsCode.AspNetCore.JwtExtensions.AddJwt(services);
	
	//其它
    services.AddAuthorization(options =>
    {
        options.AddPolicy("admin", policy => policy.Requirements.Add(new AdminRequirement("admin")));
        options.AddPolicy("vip", policy => policy.Requirements.Add(new AdminRequirement("vip")));
    });


    services.AddSingleton<IAuthorizationHandler, AdminRequirementHandler>();
    services.TryAddSingleton<IHttpContextAccessor, HttpContextAccessor>();
}

自定义授权请求类

csharp
 public class SellerRequirement : IAuthorizationRequirement
    { }
    public class SellerRequirementHandler : AuthorizationHandler<SellerRequirement>
    {
        protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, SellerRequirement requirement)
        {
            if (context.User.Claims.Count() > 0)
            {
                var shopId = context.User.Claims.FirstOrDefault(c => c.Type == "ShopId")?.Value;
                if (string.IsNullOrWhiteSpace(shopId))
                {
                    context.Fail();
                }
                else
                { 
                   context.Succeed(requirement);
                }
            }
        }
    }

调用

需要授权的地方,添加[Authorize][Authorize("admin")]