本文源码下载地址：http://www.80cxy.com/Blog/ResourceView?arId=202403191532545995NAAqJh

系列教程地址：http://www.80cxy.com/Blog/ArticleView?arId=202403191517574161ay3s5V

本文实现访问接口时对前端传过来的token进行校验配置，也可以说是项目权限校验。首页配置项目启用JWT校验，然后通过Filter进行校验。

一、配置JWT校验

SignUp.Common项目WebApplicationBuilderExtensions类的ConfigureExtraServices方法增加如下配置代码：

JWTOptions jwtOpt = configuration.GetSection("JWT").Get<JWTOptions>();
services.AddJWTAuthentication(jwtOpt);

AddJWTAuthentication开展方法代码如下：

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Tokens;
using System.Text;

namespace SignUp.Common.JWT
{
    public static class AuthenticationExtensions
    {
        /// <summary>
        /// 对JWT进行配置
        /// </summary>
        /// <param name="services"></param>
        /// <param name="jwtOpt"></param>
        /// <returns></returns>
        public static AuthenticationBuilder AddJWTAuthentication(this IServiceCollection services, JWTOptions jwtOpt)
        {
            return services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(x =>
            {
                x.TokenValidationParameters = new()
                {
                    ValidateIssuer = true,
                    ValidateAudience = true,
                    ValidateLifetime = true,
                    ValidateIssuerSigningKey = true,
                    ValidIssuer = jwtOpt.Issuer,
                    ValidAudience = jwtOpt.Audience,
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtOpt.SecKey))
                };
            });
        }
    }
}

在Program.cs文件app.MapControllers();代码上面增加如下配置：

app.UseForwardedHeaders();
app.UseAuthentication();
app.UseAuthorization();

二、实现IAuthorizationFilter过滤器

SignUp.Common项目Filter文件夹创建ApiAuthorizeFilter类，代码如下：

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using SignUp.Common.Commons;
using SignUp.Common.Enum;
using SignUp.Common.Extensions;
using System.IdentityModel.Tokens.Jwt;

namespace SignUp.Common.Filter
{
    /// <summary>
    /// 权限过滤
    /// </summary>
    public class ApiAuthorizeFilter : IAuthorizationFilter
    {
        private static readonly string replaceTokenPath = "/api/AdminLogin/ReplaceToken";
        public void OnAuthorization(AuthorizationFilterContext context)
        {
            //控制器标记AllowAnonymous属性直接跳过
            if (context.ActionDescriptor.EndpointMetadata.Any(c => c.GetType().Equals(typeof(AllowAnonymousAttribute))))
            {
                return;
            }
            // 获取当前用户的信息
            var user = context.HttpContext.User;
            // 如果用户未登录返回无权访问
            if (user == null || !user.Identity.IsAuthenticated)
            {
                context.Result = new JsonResult(new ResponseContent().Error(ResponseType.LoginExpiration));
                return;
            }
            //获取token过期时间
            DateTime expDate = context.HttpContext.User.Claims.Where(x => x.Type == JwtRegisteredClaimNames.Exp)
                .Select(x => x.Value).FirstOrDefault().GetTimeSpmpToDate();
            //判断jwt是否过期
            if ((expDate - DateTime.Now).TotalMinutes < 0)
            {
                context.Result = new JsonResult(new ResponseContent().Error(ResponseType.TokenExpiration));
                return;
            }
            //前端刷新token标识，离过期5分钟时开始刷新
            if ((expDate - DateTime.Now).TotalMinutes < 5 && context.HttpContext.Request.Path != replaceTokenPath)
            {
                context.HttpContext.Response.Headers.Add("vol_exp", "1");
            }
            return;
        }
    }
}

三、接口增加校验规则

在需要JWT进行校验的接口上增加ApiAuthorizeFilter特性，代码如下：

/// <summary>
        /// 获取用户信息
        /// </summary>
        /// <returns></returns>
        [HttpPost]
        [TypeFilter(typeof(ApiAuthorizeFilter))]
        public async Task<ActionResult<ResponseContent>> GetUserInfo()
        {
            ResponseContent response = new ResponseContent();
            string userId = this.User.FindFirstValue(ClaimTypes.NameIdentifier);
            var user = await _systemDomainService.FindOneUserById(userId);
            if (user == null)//可能用户注销了
            {
                return new JsonResult(response.Error(ResponseType.LoginExpiration));
            }
            //出于安全考虑，不要机密信息传递到客户端
            //除非确认没问题，否则尽量不要直接把实体类对象返回给前端
            return new JsonResult(response.Ok(
                new
                {
                    userId = user.Id,
                    userName = user.UserName,
                    avatar = "",
                    routes = new string[] { "Audit", "Preliminary", "Recheck", "System", "User", "Menu", "Role", "IndexAuth" },
                    roles = new string[] { "Matt", "Joanne", "Robert" },
                    buttons = new string[] { "Matt", "Joanne", "Robert" }
                }));
        }

附笔者学习 .net core开发时参考相关项目实例源码：asp.net core webapi项目实例源代码锦集下载（72个）