1.理解
jwt只是一个加密解密工具
类似一个base64一样加密解密
只是jwt解密出来格式相对固定
jwt内容区域需要单独进行加密处理
2.网站:JSON Web Tokens - jwt.io
3.使用
引用
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
var tokenHandle = new JwtSecurityTokenHandler(); // 实例化一个 JwtSecurityTokenHandler 对象
var dsf= tokenHandle.CanReadToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJJZCI6IkRFOUVDRUQ0MDg5MjRDRUYiLCJTZXJpYWxObyI6IjU0MTBlZjcwMjc2ODBhZGUxOWQ3Yjk0ZDFlMTU4MWY3MDIwNzkyNTE2NDkzNDFiNjI1NjM3NGM5MDdmOTk1Y2VjNGYxOWU1OTcyNmI0ZTVkIiwiUGhvbmUiOiIzM0RDOTBCNjc4NDYxOTNBQUYzNDVFOTFDMTY5MDQzRSIsImV4cCI6MTY1MzIwODgxMywiaXNzIjoiTGluZ2x1Lk1pY3JvLlNlcnZlciIsImF1ZCI6IkxpbmdsdS5BcHAifQ.qzgg5tWuvnYOT8zftqZl9JcsChHj5B0AajzvvZigvwc");
var tokenKey = Encoding.ASCII.GetBytes("1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890");
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name,"123456")
}),//设置内容
Expires = DateTime.UtcNow.AddHours(1),//设置有效期
SigningCredentials = new SigningCredentials(
new SymmetricSecurityKey(tokenKey),
SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandle.CreateToken(tokenDescriptor);
var dddds = tokenHandle.WriteToken(token);//加密
var dsfd= tokenHandle.ReadToken(dddds);//解密
var dsddfd = tokenHandle.ReadJwtToken(dddds);
5.如果网站是api可以通过请求头进行拦截然后判断有效期(未实现)