Yi.Admin/Yi.Doc.Md/02.框架功能模块教程/12.Jwt鉴权.md

## 简介
> 鉴权是用于解析用户的令牌，知道用户是否携带令牌，并且知道用户信息是谁

改鉴权使用的是微软Asp.NetCore扩鉴权扩展方式
程序模块已内置 
``` cs
context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ClockSkew = TimeSpan.Zero,
            ValidateIssuer = true,
            ValidateAudience = true,
            ValidateLifetime = true,
            ValidateIssuerSigningKey = true,
            ValidIssuer = jwtOptions.Issuer,
            ValidAudience = jwtOptions.Audience,
            RequireExpirationTime = true,
            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtOptions.SecurityKey))
        };
        options.Events = new JwtBearerEvents
        {
            OnMessageReceived = context =>
            {
                var accessToken = context.Request.Query["access_token"];
                if (!string.IsNullOrEmpty(accessToken))
                {
                    context.Token = accessToken;
                }
                return Task.CompletedTask;
            }
        };
    });
```
## 如何使用
默认已经集成，所以在使用方面，可要求客户端添加标准的jwtbear头即可

swagger 接口文档中，已集成，直接输入jwttoken即可
![Alt text](../image/swaggerIndex.png)

我们采用的是HSA对称加密方式，只需要具备密钥
对应的配置文件
``` json
  //鉴权
  "JwtOptions": {
    "Issuer": "https://ccnetcore.com",
    "Audience": "https://ccnetcore.com",
    "SecurityKey": "zqxwcevrbtnymu312412ihe9rfwhe78rh23djoi32hrui3ryf9e8wfh34iuj54y0934uti4h97fgw7hf97wyh8yy69520",
    "ExpiresMinuteTime": 86400
  }
```
## Token如何来
那肯定是登录啊，登录接口会返回Token

那如何制作Token？直接上代码，下面这个也是登录的创建token的方式

``` cs
        /// <summary>
        /// 创建令牌
        /// </summary>
        /// <param name="dic"></param>
        /// <returns></returns>
        private string CreateToken(Dictionary<string, object> dic)
        {
            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtOptions.SecurityKey));
            var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
            var claims = dic.Select(x => new Claim(x.Key, x.Value.ToString())).ToList();
            var token = new JwtSecurityToken(
               issuer: _jwtOptions.Issuer,
               audience: _jwtOptions.Audience,
               claims: claims,
               expires: DateTime.Now.AddSeconds(_jwtOptions.ExpiresMinuteTime),
               notBefore: DateTime.Now,
               signingCredentials: creds);
            string returnToken = new JwtSecurityTokenHandler().WriteToken(token);

            return returnToken;
        }
```