.NET JWT 的基本使用

xyy123
110 阅读1分钟

安装依赖

Microsoft.IdentityModel.Token.JWT

image.png

生成Jwt

image.png

using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;

List<Claim> claims = new List<Claim>();

claims.Add(new Claim("Passport", "123"));
claims.Add(new Claim("QQ", "666"));
claims.Add(new Claim("UserId", "888"));
claims.Add(new Claim(ClaimTypes.Name, "zhansan"));
claims.Add(new Claim(ClaimTypes.Role, "admin"));
claims.Add(new Claim(ClaimTypes.Role, "maneger"));


string key = "mykey123#$$(mykey123#$$(mykey123#$$(mykey123#$$(";
DateTime expire = DateTime.Now.AddDays(1);

byte[] bytes = Encoding.UTF8.GetBytes(key);
SymmetricSecurityKey secKey = new SymmetricSecurityKey(bytes);
SigningCredentials credentials = new(secKey, SecurityAlgorithms.HmacSha256Signature);
JwtSecurityToken tokenDescriptor = new JwtSecurityToken(claims: claims, expires: expire, signingCredentials: credentials);
string jwt = new JwtSecurityTokenHandler().WriteToken(tokenDescriptor);

Console.WriteLine(jwt);

取出JWT内容

负载中的内容是以明文形式存储的

不要把不能被客户端知道的信息放到JWT

image.png

using System.Text;

string jwt = "eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNobWFjLXNoYTI1NiIsInR5cCI6IkpXVCJ9.eyJQYXNzcG9ydCI6IjEyMyIsIlFRIjoiNjY2IiwiVXNlcklkIjoiODg4IiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZSI6InpoYW5zYW4iLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOlsiYWRtaW4iLCJtYW5lZ2VyIl0sImV4cCI6MTY5MjAxNjQzN30.N3OV8EvZD7llZokiO7l7E3iID1hBfzY1wN2gFA2Tcig";
string[] strs = jwt.Split('.');

string header = strs[0];
string payload = strs[1];
string sign = strs[2];

Console.WriteLine(JwtDecode(header));
Console.WriteLine(JwtDecode(payload));
Console.WriteLine(JwtDecode(sign));

string JwtDecode(string s)
{
    s = s.Replace("-", "+").Replace("_", "/");
    switch (s.Length % 4)
    {
        case 2:
            s += "==";
            break;
        case 3:
            s += "=";
            break;
    }
    byte[] bytes = Convert.FromBase64String(s);
    return Encoding.UTF8.GetString(bytes);
}

优化

JWT

原JWT:

eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNobWFjLXNoYTI1NiIsInR5cCI6IkpXVCJ9.eyJQYXNzcG9ydCI6IjEyMyIsIlFRIjoiNjY2IiwiVXNlcklkIjoiODg4IiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZSI6InpoYW5zYW4iLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOlsiYWRtaW4iLCJtYW5lZ2VyIl0sImV4cCI6MTY5MjAxOTYwNH0.HZgwDSI-gw2FuHjVpJqYj45wQK04KA46OLNnc9QaOPM

篡改后JWT:

eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNobWFjLXNoYTI1NiIsInR5cCI6IkpXVCJ9.eyJQYXNzcG9ydCI6IjEyMyIsIlFRIjoiNjY2IiwiVXNlcklkIjoiODg4IiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZSI6Imxpc2kiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOlsiYWRtaW4iLCJtYW5lZ2VyIl0sImV4cCI6MTY5MjAxOTYzMX0.1pqp6UoRQpQo3kpErZdba9l9K--JXhWrJQ1bp3tqdVA

校验

原JWT:

image.png

篡改后JWT:

image.png

相关代码

using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;

string jwt = Console.ReadLine();

string secKey = "mykey123#$$(mykey123#$$(mykey123#$$(mykey123#$$(";
JwtSecurityTokenHandler tokenHeader = new();
TokenValidationParameters validParam = new();
var security = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secKey));
validParam.IssuerSigningKey = security;
validParam.ValidateIssuer = false;
validParam.ValidateAudience = false;
ClaimsPrincipal claimsPrincipal = tokenHeader.ValidateToken(jwt, validParam, out SecurityToken securityToken);
foreach(var claim in claimsPrincipal.Claims)
{
    Console.WriteLine(claim.Value);
}
avatar
文章
阅读
粉丝