Asp.Net Core基于JWT认证的数据接口网关实例代码

using System;using System.Collections.Generic;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Mvc.Filters;namespace Jwt.Gateway.Controllers{ public enum ApiActionFilterAttributeOption { OR,AND } public class ApiActionFilterAttribute : Microsoft.AspNetCore.Mvc.Filters.ActionFilterAttribute { List<string> Permissions = new List<string>(); ApiActionFilterAttributeOption Option = ApiActionFilterAttributeOption.AND; public ApiActionFilterAttribute(string permission) { Permissions.Add(permission); } public ApiActionFilterAttribute(string[] permissions, ApiActionFilterAttributeOption option) { foreach(var permission in permissions) { if (Permissions.Contains(permission)) {  continue; } Permissions.Add(permission); } Option = option; } public override void OnActionExecuting(ActionExecutingContext context) { var key = GetAppKey(context); List<string> keyPermissions = GetAppKeyPermissions(key); var isAnd = Option == ApiActionFilterAttributeOption.AND; var permissionsCount = Permissions.Count; var keyPermissionsCount = keyPermissions.Count; for (var i = 0; i < permissionsCount; i++) { bool flag = false; for (var j = 0; j < keyPermissions.Count; j++) {  if (flag = string.Equals(Permissions[i], keyPermissions[j], StringComparison.OrdinalIgnoreCase))  {  break;  } } if (flag) {  continue; } if (isAnd) {  throw new Exception("应用“" + key + "”缺少“" + Permissions[i] + "”的权限"); } } context.HttpContext.Items.Add("Permissions", Permissions); base.OnActionExecuting(context); } private string GetAppKey(ActionExecutingContext context) { var claims = context.HttpContext.User.Claims; if (claims == null) { throw new Exception("未能获取到应用标识"); } var claimKey = claims.ToList().Find(o => string.Equals(o.Type, "AppKey", StringComparison.OrdinalIgnoreCase)); if (claimKey == null) { throw new Exception("未能获取到应用标识"); } return claimKey.Value; } private List<string> GetAppKeyPermissions(string appKey) { List<string> li = new List<string> { "用户明细","用户列表","用户录入","用户修改","用户删除" }; return li; } }}ApiActionAuthorizeAttribute.cs

using System;using System.Collections.Generic;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Http;using Microsoft.AspNetCore.Mvc;using Microsoft.AspNetCore.Mvc.Filters;namespace Jwt.Gateway.Controllers{ [Microsoft.AspNetCore.Authorization.Authorize] public class ApiBase : Microsoft.AspNetCore.Mvc.Controller { private string _CurrentAppKey = ""; public string CurrentAppKey { get { return _CurrentAppKey; } } public override void OnActionExecuting(ActionExecutingContext context) {  var claims = context.HttpContext.User.Claims.ToList();  var claim = claims.Find(o => o.Type == "appKey");  if (claim == null)  {  throw new Exception("未通过认证");  }  var appKey = claim.Value;  if (string.IsNullOrEmpty(appKey))  {  throw new Exception("appKey不合法");  }  _CurrentAppKey = appKey;  base.OnActionExecuting(context); } }}ApiBase.cs

using System;using System.Collections.Generic;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Http;using Microsoft.AspNetCore.Mvc;namespace Jwt.Gateway.Controllers{ [Route("api/[controller]/[action]")] public class TokenController : Controller { private readonly Microsoft.Extensions.Configuration.IConfiguration _configuration; public TokenController(Microsoft.Extensions.Configuration.IConfiguration configuration) {  _configuration = configuration; } // /api/token/get public IActionResult Get(string appKey, string appPassword) {  try  {  if (string.IsNullOrEmpty(appKey))  {   throw new Exception("缺少appKey");  }  if (string.IsNullOrEmpty(appKey))  {   throw new Exception("缺少appPassword");  }  if (appKey != "myKey" && appPassword != "myPassword")//固定的appKey及appPassword，实际项目中应该来自数据库或配置文件  {   throw new Exception("配置不存在");  }  var key = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(_configuration["JwtSecurityKey"]));  var creds = new Microsoft.IdentityModel.Tokens.SigningCredentials(key, Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256);  var claims = new List<System.Security.Claims.Claim>();  claims.Add(new System.Security.Claims.Claim("appKey", appKey));//仅在Token中记录appKey  var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(   issuer: _configuration["JwtTokenIssuer"],   audience: _configuration["JwtTokenAudience"],   claims: claims,   expires: DateTime.Now.AddMinutes(30),   signingCredentials: creds);  return Ok(new Models.ApiResponse { status = 1, message = "OK", data = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler().WriteToken(token) });  }  catch(Exception ex)  {  return Ok(new Models.ApiResponse { status = 0, message = ex.Message, data = "" });  } }  // /api/token/delete public IActionResult Delete(string token) {  //code: 加入黑名单，使其无效  return Ok(new Models.ApiResponse { status = 1, message = "OK", data = "" }); } }}TokenController.cs

using System;using System.Collections.Generic;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Mvc;namespace Jwt.Gateway.Controllers{ [Produces("application/json")] [Route("api/[controller]/[action]")] public class UsersController : ApiBase { /*   * 1.要访问访问该控制器提供的接口请先通过"/api/token/get"获取token  * 2.访问该控制器提供的接口http请求头必须具有值为"Bearer+空格+token"的Authorization键，格式参考：  * "Authorization"="Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQXBwIiwiYXBwS2V5IjoibXlLZXkiLCJleHAiOjE1NTE3ODc2MDMsImlzcyI6IkdhdGV3YXkiLCJhdWQiOiJhdWRpZW5jZSJ9.gQ9_Q7HUT31oFyfl533T-bNO5IWD2drl0NmD1JwQkMI" */ /// <summary> /// 临时用户测试数据，实际项目中应该来自数据库等媒介 /// </summary> static List<Models.User> _Users = null; static object _Lock = new object(); public UsersController() {  if (_Users == null)  {  lock (_Lock)  {   if (_Users == null)   {   _Users = new List<Models.User>();   var now = DateTime.Now;   for(var i = 0; i < 10; i++)   {    var num = i + 1;    _Users.Add(new Models.User { UserId = num, UserName = "name"+num, UserPassword = "pwd"+num, UserJoinTime = now });   }   }  }  } } // /api/users/detail [ApiActionFilter("用户明细")] public IActionResult Detail(long userId) {  /*  //获取appKey(在ApiBase中写入)  var appKey = CurrentAppKey;  //获取使用的权限(在ApiActionAuthorizeAttribute中写入)  var permissions = HttpContext.Items["Permissions"];  */  var user = _Users.Find(o => o.UserId == userId);  if (user == null)  {  throw new Exception("用户不存在");  }  return Ok(new Models.ApiResponse { data = user, status = 1, message = "OK" }); } // /api/users/list [ApiActionFilter("用户列表")] public IActionResult List(int page, int size) {  page = page < 1 ? 1 : page;  size = size < 1 ? 1 : size;  var total = _Users.Count();  var pages = total % size == 0 ? total / size : ((long)Math.Floor((double)total / size + 1));  if (page > pages)  {  return Ok(new Models.ApiResponse { data = new List<Models.User>(), status = 1, message = "OK", total = total });  }  var li = new List<Models.User>();  var startIndex = page * size - size;  var endIndex = startIndex + size - 1;  if (endIndex > total - 1)  {  endIndex = total - 1;  }  for(; startIndex <= endIndex; startIndex++)  {  li.Add(_Users[startIndex]);  }  return Ok(new Models.ApiResponse { data = li, status = 1, message = "OK", total = total }); } // /api/users/add [ApiActionFilter("用户录入")] public IActionResult Add() {  return Ok(new Models.ApiResponse { status = 1, message = "OK" }); } // /api/users/update [ApiActionFilter(new string[] { "用户修改", "用户录入", "用户删除" },ApiActionFilterAttributeOption.AND)] public IActionResult Update() {  return Ok(new Models.ApiResponse { status = 1, message = "OK" }); } // /api/users/delete [ApiActionFilter("用户删除")] public IActionResult Delete() {  return Ok(new Models.ApiResponse { status = 1, message = "OK" }); } }}UsersController.cs

using System;using System.Collections.Generic;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Http;using Microsoft.AspNetCore.Builder;using Microsoft.Extensions.DependencyInjection;namespace Jwt.Gateway.MiddleWares{ //参考： https://www.cnblogs.com/ShenNan/p/10197231.html public enum ApiCustomExceptionHandleType { JsonHandle = 0, PageHandle = 1, Both = 2 } public class ApiCustomExceptionMiddleWareOption { public ApiCustomExceptionMiddleWareOption(  ApiCustomExceptionHandleType handleType = ApiCustomExceptionHandleType.JsonHandle,  IList<PathString> jsonHandleUrlKeys = null,  string errorHandingPath = "") {  HandleType = handleType;  JsonHandleUrlKeys = jsonHandleUrlKeys;  ErrorHandingPath = errorHandingPath; } public ApiCustomExceptionHandleType HandleType { get; set; } public IList<PathString> JsonHandleUrlKeys { get; set; } public PathString ErrorHandingPath { get; set; } } public class ApiCustomExceptionMiddleWare { private RequestDelegate _next; private ApiCustomExceptionMiddleWareOption _option; private IDictionary<int, string> _exceptionStatusCodeDic; public ApiCustomExceptionMiddleWare(RequestDelegate next, ApiCustomExceptionMiddleWareOption option) {  _next = next;  _option = option;  _exceptionStatusCodeDic = new Dictionary<int, string>  {  { 401, "未授权的请求" },  { 404, "找不到该页面" },  { 403, "访问被拒绝" },  { 500, "服务器发生意外的错误" }  //其余状态自行扩展  }; } public async Task Invoke(HttpContext context) {  Exception exception = null;  try  {  await _next(context);  }  catch (Exception ex)  {  context.Response.Clear();  context.Response.StatusCode = 200;//手动设置状态码(总是成功)  exception = ex;  }  finally  {  if (_exceptionStatusCodeDic.ContainsKey(context.Response.StatusCode) &&   !context.Items.ContainsKey("ExceptionHandled"))  {   var errorMsg = string.Empty;   if (context.Response.StatusCode == 500 && exception != null)   {   errorMsg = $"{_exceptionStatusCodeDic[context.Response.StatusCode]}{(exception.InnerException != null ? exception.InnerException.Message : exception.Message)}";   }   else   {   errorMsg = _exceptionStatusCodeDic[context.Response.StatusCode];   }   exception = new Exception(errorMsg);  }  if (exception != null)  {   var handleType = _option.HandleType;   if (handleType == ApiCustomExceptionHandleType.Both)   {   var requestPath = context.Request.Path;   handleType = _option.JsonHandleUrlKeys != null && _option.JsonHandleUrlKeys.Count(    k => requestPath.StartsWithSegments(k, StringComparison.CurrentCultureIgnoreCase)) > 0 ?    ApiCustomExceptionHandleType.JsonHandle :    ApiCustomExceptionHandleType.PageHandle;   }   if (handleType == ApiCustomExceptionHandleType.JsonHandle)   await JsonHandle(context, exception);   else   await PageHandle(context, exception, _option.ErrorHandingPath);  }  } } private Jwt.Gateway.Models.ApiResponse GetApiResponse(Exception ex) {  return new Jwt.Gateway.Models.ApiResponse() { status = 0, message = ex.Message }; } private async Task JsonHandle(HttpContext context, Exception ex) {  var apiResponse = GetApiResponse(ex);  var serialzeStr = Newtonsoft.Json.JsonConvert.SerializeObject(apiResponse);  context.Response.ContentType = "application/json";  await context.Response.WriteAsync(serialzeStr, System.Text.Encoding.UTF8); } private async Task PageHandle(HttpContext context, Exception ex, PathString path) {  context.Items.Add("Exception", ex);  var originPath = context.Request.Path;  context.Request.Path = path;  try  {  await _next(context);  }  catch { }  finally  {  context.Request.Path = originPath;  } } } public static class ApiCustomExceptionMiddleWareExtensions { public static IApplicationBuilder UseApiCustomException(this IApplicationBuilder app, ApiCustomExceptionMiddleWareOption option) {  return app.UseMiddleware<ApiCustomExceptionMiddleWare>(option); } }}ApiCustomException.cs

{ "Urls": "http://localhost:60000", "AllowedHosts": "*", "JwtSecurityKey": "areyouokhhhhhhhhhhhhhhhhhhhhhhhhhhh", "JwtTokenIssuer": "Jwt.Gateway", "JwtTokenAudience": "App"}appsettings.json

using System;using System.Collections.Generic;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore.Builder;using Microsoft.AspNetCore.Hosting;using Microsoft.AspNetCore.Http;using Jwt.Gateway.MiddleWares;using Microsoft.Extensions.DependencyInjection;namespace Jwt.Gateway{ public class Startup {  private readonly Microsoft.Extensions.Configuration.IConfiguration _configuration;  public Startup(Microsoft.Extensions.Configuration.IConfiguration configuration)  {   _configuration = configuration;  }    public void ConfigureServices(IServiceCollection services)  {   services.AddAuthentication(Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerDefaults.AuthenticationScheme)    .AddJwtBearer(options => {     options.Events = new Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerEvents     {      /*OnMessageReceived = context =>      {       context.Token = context.Request.Query["access_token"];       return Task.CompletedTask;      },*/      OnTokenValidated = context =>      {       var token = ((System.IdentityModel.Tokens.Jwt.JwtSecurityToken)context.SecurityToken).RawData;       if (InBlacklist(token))       {        context.Fail("token in blacklist");       }       return Task.CompletedTask;      }     };     options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters     {      ValidateIssuer = true,      ValidateAudience = true,      ValidateLifetime = true,      ValidateIssuerSigningKey = true,      ValidAudience = _configuration["JwtTokenAudience"],      ValidIssuer = _configuration["JwtTokenIssuer"],      IssuerSigningKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(_configuration["JwtSecurityKey"]))     };    });   services.AddMvc().AddJsonOptions(option=> {    option.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss.fff";   });  }  public void Configure(IApplicationBuilder app, IHostingEnvironment env)  {   if (env.IsDevelopment())   {    app.UseDeveloperExceptionPage();   }   app.UseApiCustomException(new ApiCustomExceptionMiddleWareOption(      handleType: ApiCustomExceptionHandleType.Both,      jsonHandleUrlKeys: new PathString[] { "/api" },      errorHandingPath: "/home/error"));   app.UseAuthentication();   app.UseMvc();  }  bool InBlacklist(string token)  {   //code: 实际项目中应该查询数据库或配置文件进行比对   return false;  } }}Startup.cs

using System;using System.Collections.Generic;using System.IO;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore;using Microsoft.AspNetCore.Hosting;using Microsoft.Extensions.Configuration;using Microsoft.Extensions.Logging;namespace Jwt.Gateway{ public class Program {  public static void Main(string[] args)  {   BuildWebHost(args).Run();  }  public static IWebHost BuildWebHost(string[] args)  {   var config = new ConfigurationBuilder()    .SetBasePath(Directory.GetCurrentDirectory())    .AddJsonFile("appsettings.json", optional: true)    .Build();   return WebHost.CreateDefaultBuilder(args)    .UseKestrel()    .UseConfiguration(config)    .UseStartup<Startup>()    .Build();  } }}Program.cs