【新增】jwt授权认证方式，增加AES加密解密处理，防止前端进行渗透解密伪造Token可能存在。

2025-12-06 17:43:26 +08:00 · 2024-05-08 22:20:04 +08:00
parent 5be1f7789b
commit d517d0d064
10 changed files with 151 additions and 48 deletions
--- a/CoreCms.Net.Web.Admin/Controllers/Com/LoginController.cs
+++ b/CoreCms.Net.Web.Admin/Controllers/Com/LoginController.cs
@@ -31,6 +31,7 @@ using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Net.Http.Headers;
+using NETCore.Encrypt;

 namespace CoreCms.Net.Web.Admin.Controllers
 {
@@ -124,13 +125,16 @@ namespace CoreCms.Net.Web.Admin.Controllers
                var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
                identity.AddClaims(claims);

-                var token = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
+                //返回处理结果集
+                var auth = JwtToken.BuildJwtToken(claims.ToArray(), _permissionRequirement);
+                //对token进行非对称加密
+                auth.token = EncryptProvider.AESEncrypt(auth.token, AppSettingsConstVars.JwtConfigSecretKey);

                jm.code = 0;
                jm.msg = "认证成功";
                jm.data = new
                {
-                    token,
+                    token = auth,
                    loginUrl = "Panel.html"
                };