Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/asp.net-core/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Asp.net core JWT身份验证检查和验证_Asp.net Core_Jwt Auth - Fatal编程技术网
Fatal编程技术网

Asp.net core JWT身份验证检查和验证

asp.net-core

Asp.net core JWT身份验证检查和验证,asp.net-core,jwt-auth,Asp.net Core,Jwt Auth,我已经在我的项目中实现了jwtauth。JWT是通过使用下面的代码(从用户处获取用户名和密码并从数据库中查找)生成的 public AuthenticateResponse Authenticate(AuthenticateRequest模型) { var userres=新用户{Username=model.Username,Password=model.Password}; var user=GetById(userres); //如果未找到用户,则返回null if(user==null)

我已经在我的项目中实现了jwtauth。JWT是通过使用下面的代码(从用户处获取用户名和密码并从数据库中查找)生成的

public AuthenticateResponse Authenticate(AuthenticateRequest模型)
{
var userres=新用户{Username=model.Username,Password=model.Password};
var user=GetById(userres);
//如果未找到用户,则返回null
if(user==null)返回null;
//身份验证成功,因此生成jwt令牌
var token=generateJwtToken(用户);
返回新的AuthenticateResponse(用户、令牌);
}
专用字符串generateJwtToken(用户)
{
//生成有效期为30天的令牌
var tokenHandler=new JwtSecurityTokenHandler();
var key=Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor=新的SecurityTokenDescriptor
{
Subject=newclaimsidentity(new[]{newclaim(“Username”,user.Username.ToString())}),
Expires=DateTime.UtcNow.AddDays(30),
SigningCredentials=新的SigningCredentials(新的SymmetricSecurityKey,SecurityAlgorithms.HmacSha256Signature)
};
var token=tokenHandler.CreateToken(tokenDescriptor);
返回tokenHandler.WriteToken(令牌);
}
接下来,我很困惑,每次用户发送我访问API时,我如何对生成的JWT令牌进行身份验证。如何实现这一点以及它是如何工作的?我找到了许多解决方案,但我不知道它们是如何验证此密钥的?

您可以将授权标头添加到客户端的请求标头,然后您可以解析令牌以获得所需的内容(id、用户名等).

您可以将授权标头添加到客户端的请求标头,然后您可以解析令牌以获得所需的内容(id、用户名等)。

我使用此代码验证令牌

var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_tokenManagement.Secret));

var tokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false, //you might want to validate the audience and issuer depending on your use case
ValidateIssuer = false,
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
ValidateLifetime = false //here we are saying that we don't care about the token's expiration date
};

var tokenHandler = new JwtSecurityTokenHandler();
SecurityToken securityToken;
var principal = tokenHandler.ValidateToken(token, tokenValidationParameters, out securityToken);

var jwtSecurityToken = securityToken as JwtSecurityToken;

if (jwtSecurityToken == null || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256Signature, StringComparison.InvariantCultureIgnoreCase))
throw new SecurityTokenException("Invalid token");

return principal;
我使用此代码验证令牌

var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_tokenManagement.Secret));

var tokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false, //you might want to validate the audience and issuer depending on your use case
ValidateIssuer = false,
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
ValidateLifetime = false //here we are saying that we don't care about the token's expiration date
};

var tokenHandler = new JwtSecurityTokenHandler();
SecurityToken securityToken;
var principal = tokenHandler.ValidateToken(token, tokenValidationParameters, out securityToken);

var jwtSecurityToken = securityToken as JwtSecurityToken;

if (jwtSecurityToken == null || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256Signature, StringComparison.InvariantCultureIgnoreCase))
throw new SecurityTokenException("Invalid token");

return principal;
不,当用户在登录后从客户端向我发送令牌时,我想验证令牌。如何验证从web api生成的令牌。否我想验证令牌,当用户在登录后从客户端向我发送令牌时。如何验证从web api生成的令牌。