您好,登錄后才能下訂單哦!
小編給大家分享一下JWT.net操作的示例分析,相信大部分人都還不怎么了解,因此分享這篇文章給大家參考一下,希望大家閱讀完這篇文章后大有收獲,下面讓我們一起去了解一下吧!
1.JWT定義
JWT(Json Web Token)是一種用于雙方之間傳遞安全信息的簡(jiǎn)潔的、URL安全的表述性聲明規(guī)范。JWT作為一個(gè)開(kāi)放的標(biāo)準(zhǔn)( RFC 7519 ),定義了一種簡(jiǎn)潔的,自包含的方法用于通信雙方之間以Json對(duì)象的形式安全的傳遞信息。因?yàn)閿?shù)字簽名的存在,這些信息是可信的,JWT可以使用HMAC算法或者是RSA的公私秘鑰對(duì)進(jìn)行簽名。
2.JWT的組成部分
(1)JWT一般由三段構(gòu)成,用.號(hào)分隔開(kāi),第一段是header,第二段是payload,第三段是signature,
例如:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
3.Jwt.Net 使用
首先,需要先引入Jwt.Net,可通過(guò)nuget的方式添加:Install-Package JWT -Version 2.4.2(自己選擇合適的版本)
(1)創(chuàng)建token,此處,我們只需要自定義payload和secrect密鑰即可,可生成三段格式的字符串
var payload = new Dictionary<string, object> { { "claim1", 0 }, { "claim2", "claim2-value" } }; var secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk"; IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJsonSerializer serializer = new JsonNetSerializer(); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder); var token = encoder.Encode(payload, secret); Console.WriteLine(token);
(2)token解密,可看到輸出為{ "claim1": 0, "claim2": "claim2-value" },可以用json["claim1"],json["claim2"]的方式獲取各個(gè)值,此處json為IDictionary<string,object>類型token解密,可看到輸出為{ "claim1": 0, "claim2": "claim2-value" },可以用json["claim1"],json["claim2"]的方式獲取各個(gè)值,此處json為IDictionary<string,object>類型
var token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjbGFpbTEiOjAsImNsYWltMiI6ImNsYWltMi12YWx1ZSJ9.8pwBI_HtXqI3UgQHQ_rDRnSQRxFL1SR8fbQoS-5kM5s"; var secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk"; try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); var json = decoder.Decode(token, secret, verify: true); Console.WriteLine(json); } catch (TokenExpiredException) { Console.WriteLine("Token has expired"); } catch (SignatureVerificationException) { Console.WriteLine("Token has invalid signature"); }
(3)添加過(guò)期時(shí)間,過(guò)期時(shí)間即這個(gè)時(shí)間之后JWT不接受處理,時(shí)間的有效值為某一時(shí)刻和1970/1/1 00:00:00 相差的秒數(shù)
下面的例子是當(dāng)前時(shí)間到1970/1/1 00:00:00 的秒數(shù),即過(guò)期時(shí)間為當(dāng)前時(shí)間。如果設(shè)置為當(dāng)前時(shí)間+10秒,可添加secondsSinceEpoch=secondsSinceEpoch+10
IDateTimeProvider provider = new UtcDateTimeProvider(); var now = provider.GetNow(); var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); // or use JwtValidator.UnixEpoch var secondsSinceEpoch = Math.Round((now - unixEpoch).TotalSeconds); var payload = new Dictionary<string, object> { { "exp", secondsSinceEpoch } }; var secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk"; var token = encoder.Encode(payload, secret); var json = decoder.Decode(token, secret); // TokenExpiredException
(4)也可自定義json解析器,只要繼承IJsonSerializer接口
public class CustomJsonSerializer : IJsonSerializer { public string Serialize(object obj) { // Implement using favorite JSON Serializer } public T Deserialize<T>(string json) { // Implement using favorite JSON Serializer } }
使用該解析器
IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJsonSerializer serializer = new CustomJsonSerializer(); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
以上是“JWT.net操作的示例分析”這篇文章的所有內(nèi)容,感謝各位的閱讀!相信大家都有了一定的了解,希望分享的內(nèi)容對(duì)大家有所幫助,如果還想學(xué)習(xí)更多知識(shí),歡迎關(guān)注億速云行業(yè)資訊頻道!
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。