C# 如何在第一次登录后将JWT发送给客户端,以及如何在客户端再次访问ASP.NET网站时从客户端检索JWT
我根据本教程编写了用于生成和验证JWT的类的代码: 我还没有找到的是:C# 如何在第一次登录后将JWT发送给客户端,以及如何在客户端再次访问ASP.NET网站时从客户端检索JWT,c#,asp.net,security,jwt,C#,Asp.net,Security,Jwt,我根据本教程编写了用于生成和验证JWT的类的代码: 我还没有找到的是: 如何在JWT令牌第一次登录并输入凭据时从服务器端生成后将其发送到客户端。我需要添加一些代码行还是自动发送 如何测试客户端是否已经有JWT令牌,并将其用于服务器端验证,以便用户自动登录 任何代码样本,链接或评论感谢!(注意:该应用程序是用简单的ASP.NET编写的,而不是核心版)这是否回答了您的问题? using Microsoft.IdentityModel.Tokens; using System; using Syste
任何代码样本,链接或评论感谢!(注意:该应用程序是用简单的ASP.NET编写的,而不是核心版)这是否回答了您的问题?
using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Text;
using System.Web;
using System.Web.Configuration;
namespace Cinema_Reservation
{
public class JWTAuth
{
public string GenerateToken(int userId)
{
var mySecret = WebConfigurationManager.AppSettings["SecretKey"];
var mySecurityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(mySecret));
var myIssuer = "site.com";
var myAudience = "site.com";
var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.NameIdentifier, userId.ToString()),
}),
Expires = DateTime.UtcNow.AddDays(1),
Issuer = myIssuer,
Audience = myAudience,
SigningCredentials = new SigningCredentials(mySecurityKey, SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return tokenHandler.WriteToken(token);
}
public bool ValidateCurrentToken(string token)
{
var mySecret = WebConfigurationManager.AppSettings["SecretKey"];
var mySecurityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(mySecret));
var myIssuer = "site.com";
var myAudience = "site.com";
var tokenHandler = new JwtSecurityTokenHandler();
try
{
tokenHandler.ValidateToken(token, new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
ValidateAudience = true,
ValidIssuer = myIssuer,
ValidAudience = myAudience,
IssuerSigningKey = mySecurityKey
}, out SecurityToken validatedToken);
}
catch
{
return false;
}
return true;
}
}
}