这里记录一下WebAPI 项目中实现 Token 验证,通常使用基于 JWT (JSON Web Token) 的身份验证。以下是完整的实现步骤:1. 安装必要的 NuGet 包
首先,安装所需的 NuGet 包:
Install-Package System.IdentityModel.Tokens.Jwt -Version 5.2.2Install-Package Microsoft.Owin.Security.Jwt -Version 4.0.1Install-Package Microsoft.Owin.Host.SystemWeb -Version 4.0.1
2. 配置 OWIN Startup 类
添加一个 OWIN Startup 类来配置 JWT 认证:
using Microsoft.IdentityModel.Tokens;using Microsoft.Owin;using Microsoft.Owin.Security.Jwt;using Owin;using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Web;using System.Web.Configuration;
[assembly: OwinStartup(typeof(WebApi.Startup))]namespace WebApi{ public class Startup { public void Configuration(IAppBuilder app) { var issuer = WebConfigurationManager.AppSettings["JwtIssuer"]; var audience = WebConfigurationManager.AppSettings["JwtAudience"]; var secret = WebConfigurationManager.AppSettings["JwtSecret"];
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret));
app.UseJwtBearerAuthentication( new JwtBearerAuthenticationOptions { AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active, TokenValidationParameters = new TokenValidationParameters() { ValidateIssuer = true, ValidateAudience = true, ValidateIssuerSigningKey = true, ValidIssuer = issuer, ValidAudience = audience, IssuerSigningKey = key, ClockSkew = TimeSpan.Zero } }); } }}
3. 添加配置到 Web.config
在 Web.config 的 <appSettings> 部分添加以下配置:
<add key="JwtIssuer" value="TestApiServer"/> <add key="JwtAudience" value="TestWebApp"/> <add key="JwtSecret" value="bXlfdGVzdF9zZWNyZXRfa2V5XzEyMzQ1Njc4OTA"/> <add key="JwtExpireMinutes" value="30"/>
4. 创建 Token 生成服务
创建一个服务类来生成 JWT 令牌:
using Microsoft.IdentityModel.Tokens;using System;using System.Collections.Generic;using System.IdentityModel.Tokens.Jwt;using System.Linq;using System.Security.Claims;using System.Text;using System.Web;using System.Web.Configuration;
namespace WebApi.Tools{ public class TokenService { public static string GenerateToken(string username) { var issuer = WebConfigurationManager.AppSettings["JwtIssuer"]; var audience = WebConfigurationManager.AppSettings["JwtAudience"]; var secret = WebConfigurationManager.AppSettings["JwtSecret"]; var expireMinutes = Convert.ToInt32(WebConfigurationManager.AppSettings["JwtExpireMinutes"]);
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret)); var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, username), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(ClaimTypes.Name, username) };
var token = new JwtSecurityToken( issuer: issuer, audience: audience, claims: claims, expires: DateTime.Now.AddMinutes(expireMinutes), signingCredentials: credentials );
return new JwtSecurityTokenHandler().WriteToken(token); } }}
5. 创建登录 API 控制器
创建一个控制器来处理用户登录并返回 Token:
using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.Http;using WebApi.Tools;
namespace WebApi.Controllers{ public class AccountController : ApiController { [HttpPost] [Route("api/account/login")] public IHttpActionResult Login(LoginModel model) { if (model.Username == "admin" && model.Password == "password") { var token = TokenService.GenerateToken(model.Username); return Ok(new { Token = token }); }
return Unauthorized(); } }
public class LoginModel { public string Username { get; set; } public string Password { get; set; } }}
6. 保护需要认证的 API
在需要认证的控制器或方法上添加 [Authorize] 属性:
7. 测试 API
3.然后使用返回的 Token 访问受保护的 API:Headers: Authorization: Bearer your_token_here
阅读原文:https://mp.weixin.qq.com/s/wV-42HN7nugHLxXFLfEtJQ
该文章在 2025/7/8 16:26:44 编辑过
400 186 1886
