在ASP.NET中使用JWT（JSON Web Token）进行身份验证时，令牌的存储和管理是一个重要的环节。以下是一些常见的令牌存储方法：

这是最简单的方法，但也是最不安全的，因为令牌会存储在内存中，如果应用程序重启，令牌将丢失。

public class InMemoryTokenStore : ITokenStore{private readonly Dictionary<string, string> _tokens = new Dictionary<string, string>();public void SaveToken(string username, string token){_tokens[username] = token;}public string GetToken(string username){return _tokens.TryGetValue(username, out var token) ? token : null;}public void RemoveToken(string username){_tokens.Remove(username);}}

将令牌存储在数据库中可以提供更持久性和安全性，但需要额外的配置和代码来管理数据库连接和操作。

public class DatabaseTokenStore : ITokenStore{private readonly ApplicationDbContext _context;public DatabaseTokenStore(ApplicationDbContext context){_context = context;}public async Task SaveTokenAsync(string username, string token){var user = await _context.Users.FirstOrDefaultAsync(u => u.Username == username);if (user != null){user.JwtToken = token;await _context.SaveChangesAsync();}}public async Task<string> GetTokenAsync(string username){var user = await _context.Users.FirstOrDefaultAsync(u => u.Username == username);return user?.JwtToken;}public async Task RemoveTokenAsync(string username){var user = await _context.Users.FirstOrDefaultAsync(u => u.Username == username);if (user != null){user.JwtToken = null;await _context.SaveChangesAsync();}}}

使用分布式缓存（如Redis）可以提供更高效的令牌存储和管理，特别是在微服务架构中。

public class RedisTokenStore : ITokenStore{private readonly IDistributedCache _cache;public RedisTokenStore(IDistributedCache cache){_cache = cache;}public async Task SaveTokenAsync(string username, string token){var options = new DistributedCacheEntryOptions{AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(30)};await _cache.SetStringAsync(username, token, options);}public async Task<string> GetTokenAsync(string username){return await _cache.GetStringAsync(username);}public async Task RemoveTokenAsync(string username){await _cache.RemoveAsync(username);}}

将JWT令牌存储在HttpOnly Cookie中可以防止客户端JavaScript访问令牌，从而提高安全性。

public class JwtCookieTokenStore : ITokenStore{private readonly IHttpContextAccessor _contextAccessor;public JwtCookieTokenStore(IHttpContextAccessor contextAccessor){_contextAccessor = contextAccessor;}public void SaveToken(string username, string token){var context = _contextAccessor.HttpContext;var cookieOptions = new CookieOptions{HttpOnly = true,IsEssential = true,SameSite = SameSiteMode.Strict,Expires = DateTimeOffset.UtcNow.AddMinutes(30)};context.Response.Cookies.Append("jwt", token, cookieOptions);}public string GetToken(){var context = _contextAccessor.HttpContext;return context.Request.Cookies["jwt"];}public void RemoveToken(){var context = _contextAccessor.HttpContext;context.Response.Cookies.Delete("jwt");}}

选择哪种存储方法取决于你的具体需求和环境。内存存储最简单但最不安全；数据库存储提供了持久性和安全性但需要额外的配置；分布式缓存存储在微服务架构中表现优异；HttpOnly Cookie存储可以提高安全性但需要处理Cookie相关的问题。