diff --git a/CoreCms.Net.Auth/TokenHelper.cs b/CoreCms.Net.Auth/TokenHelper.cs
index 65381f82..b8c03ed9 100644
--- a/CoreCms.Net.Auth/TokenHelper.cs
+++ b/CoreCms.Net.Auth/TokenHelper.cs
@@ -17,6 +17,7 @@ using System.Text;
 using System.Threading.Tasks;
 using CoreCms.Net.Configuration;
 using Microsoft.IdentityModel.Tokens;
+using NETCore.Encrypt;
 
 namespace CoreCms.Net.Auth
 {
@@ -92,10 +93,13 @@ namespace CoreCms.Net.Auth
             var issuer = AppSettingsConstVars.JwtConfigIssuer;
             var audience = AppSettingsConstVars.JwtConfigAudience;
 
+
             try
             {
+                var aesDecryptToken = EncryptProvider.AESDecrypt(token, AppSettingsConstVars.JwtConfigSecretKey);
+
                 var tokenHandler = new JwtSecurityTokenHandler(); // 创建一个JwtSecurityTokenHandler类，用来后续操作
-                var jwtToken = tokenHandler.ReadToken(token) as JwtSecurityToken; // 将字符串token解码成token对象
+                var jwtToken = tokenHandler.ReadToken(aesDecryptToken) as JwtSecurityToken; // 将字符串token解码成token对象
                 if (jwtToken == null)
                     return 0;
                 var validationParameters = new TokenValidationParameters() // 生成验证token的参数
@@ -111,7 +115,7 @@ namespace CoreCms.Net.Auth
                     RequireExpirationTime = true,
                 };
                 SecurityToken securityToken; // 接受解码后的token对象
-                var principal = tokenHandler.ValidateToken(token, validationParameters, out securityToken);
+                var principal = tokenHandler.ValidateToken(aesDecryptToken, validationParameters, out securityToken);
 
                 if (securityToken == null || string.IsNullOrEmpty(securityToken.Id))
                 {