這里記錄一下WebAPI 項目中實現 Token 驗證,通常使用基于 JWT (JSON Web Token) 的身份驗證。以下是完整的實現步驟:1. 安裝必要的 NuGet 包
首先,安裝所需的 NuGet 包:
Install-Package System.IdentityModel.Tokens.Jwt -Version 5.2.2Install-Package Microsoft.Owin.Security.Jwt -Version 4.0.1Install-Package Microsoft.Owin.Host.SystemWeb -Version 4.0.1
2. 配置 OWIN Startup 類
添加一個 OWIN Startup 類來配置 JWT 認證:
using Microsoft.IdentityModel.Tokens;using Microsoft.Owin;using Microsoft.Owin.Security.Jwt;using Owin;using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Web;using System.Web.Configuration;
[assembly: OwinStartup(typeof(WebApi.Startup))]namespace WebApi{ public class Startup { public void Configuration(IAppBuilder app) { var issuer = WebConfigurationManager.AppSettings["JwtIssuer"]; var audience = WebConfigurationManager.AppSettings["JwtAudience"]; var secret = WebConfigurationManager.AppSettings["JwtSecret"];
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret));
app.UseJwtBearerAuthentication( new JwtBearerAuthenticationOptions { AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active, TokenValidationParameters = new TokenValidationParameters() { ValidateIssuer = true, ValidateAudience = true, ValidateIssuerSigningKey = true, ValidIssuer = issuer, ValidAudience = audience, IssuerSigningKey = key, ClockSkew = TimeSpan.Zero } }); } }}
3. 添加配置到 Web.config
在 Web.config 的 <appSettings> 部分添加以下配置:
<add key="JwtIssuer" value="TestApiServer"/> <add key="JwtAudience" value="TestWebApp"/> <add key="JwtSecret" value="bXlfdGVzdF9zZWNyZXRfa2V5XzEyMzQ1Njc4OTA"/> <add key="JwtExpireMinutes" value="30"/>
4. 創建 Token 生成服務
創建一個服務類來生成 JWT 令牌:
using Microsoft.IdentityModel.Tokens;using System;using System.Collections.Generic;using System.IdentityModel.Tokens.Jwt;using System.Linq;using System.Security.Claims;using System.Text;using System.Web;using System.Web.Configuration;
namespace WebApi.Tools{ public class TokenService { public static string GenerateToken(string username) { var issuer = WebConfigurationManager.AppSettings["JwtIssuer"]; var audience = WebConfigurationManager.AppSettings["JwtAudience"]; var secret = WebConfigurationManager.AppSettings["JwtSecret"]; var expireMinutes = Convert.ToInt32(WebConfigurationManager.AppSettings["JwtExpireMinutes"]);
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret)); var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, username), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(ClaimTypes.Name, username) };
var token = new JwtSecurityToken( issuer: issuer, audience: audience, claims: claims, expires: DateTime.Now.AddMinutes(expireMinutes), signingCredentials: credentials );
return new JwtSecurityTokenHandler().WriteToken(token); } }}
5. 創建登錄 API 控制器
創建一個控制器來處理用戶登錄并返回 Token:
using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.Http;using WebApi.Tools;
namespace WebApi.Controllers{ public class AccountController : ApiController { [HttpPost] [Route("api/account/login")] public IHttpActionResult Login(LoginModel model) { if (model.Username == "admin" && model.Password == "password") { var token = TokenService.GenerateToken(model.Username); return Ok(new { Token = token }); }
return Unauthorized(); } }
public class LoginModel { public string Username { get; set; } public string Password { get; set; } }}
6. 保護需要認證的 API
在需要認證的控制器或方法上添加 [Authorize] 屬性:
7. 測試 API
3.然后使用返回的 Token 訪問受保護的 API:Headers: Authorization: Bearer your_token_here
閱讀原文:https://mp.weixin.qq.com/s/wV-42HN7nugHLxXFLfEtJQ
該文章在 2025/7/8 16:26:44 編輯過
400 186 1886
