【优化】JWT加密模式进行优化，SecretKey值增加机器码、计算机名、网址组合md5加密，防止出现大家不修改默认值导致JwtToken权限过宽的问题；Issuer增加为空使用计算机名替换，appsetting.json去除JwtConfig的默认值，要求输入设置。

2025-12-06 18:23:25 +08:00 · 2023-07-31 02:14:55 +08:00
parent 226cfea520
commit ef6e5a9057
4 changed files with 108 additions and 8 deletions
--- a/CoreCms.Net.Web.WebApi/appsettings.json
+++ b/CoreCms.Net.Web.WebApi/appsettings.json
@@ -29,9 +29,9 @@
  },
  //jwt授权认证的一些设置
  "JwtConfig": {
-    "SecretKey": "8kh2luzmp0oq9wfbdeasygj647vr531n",
-    "Issuer": "CoreShopProfessional",
-    "Audience": "CoreCms"
+    "SecretKey": "", //请自主填写一段英文数字等作为token令牌，16位+
+    "Issuer": "", //颁发者身份标识，如CoreShop.Professional
+    "Audience": "coreshop" //期望的接收人，如core，cms等
  },
  //跨域设置
  "Cors": {