.net core 授权作品,但角色不';t使用JWT在dotnet核心中工作
我像下面这样使用JWT,当只使用Authorize时,它可以正常工作,但当想要使用角色时,它就不工作了 启动:.net core 授权作品,但角色不';t使用JWT在dotnet核心中工作,.net-core,jwt,.net Core,Jwt,我像下面这样使用JWT,当只使用Authorize时,它可以正常工作,但当想要使用角色时,它就不工作了 启动: public void ConfigureServices(IServiceCollection services) { //... AddOAuthProviders(services); //... } public IServiceCollection Ad
public void ConfigureServices(IServiceCollection services)
{
//...
AddOAuthProviders(services);
//...
}
public IServiceCollection AddOAuthProviders(IServiceCollection services)
{
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Events = new JwtBearerEvents
{
OnTokenValidated = context =>
{
return Task.CompletedTask;
},
};
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Security.secretKey)),
ValidateIssuer = false,
ValidateAudience = false
};
});
return services;
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IUnitOfWork uow)
{
//....
app.UseAuthentication();
app.UseAuthorization();
//...
}
//...
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, user.UserId.ToString()),
new Claim(ClaimTypes.Role, userRoles),//Read,Write
};
//...
[HttpPost]
[Authorize(Roles = "Write")]
public ActionResult Insert ...
在身份验证方法中:
public void ConfigureServices(IServiceCollection services)
{
//...
AddOAuthProviders(services);
//...
}
public IServiceCollection AddOAuthProviders(IServiceCollection services)
{
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Events = new JwtBearerEvents
{
OnTokenValidated = context =>
{
return Task.CompletedTask;
},
};
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Security.secretKey)),
ValidateIssuer = false,
ValidateAudience = false
};
});
return services;
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IUnitOfWork uow)
{
//....
app.UseAuthentication();
app.UseAuthorization();
//...
}
//...
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, user.UserId.ToString()),
new Claim(ClaimTypes.Role, userRoles),//Read,Write
};
//...
[HttpPost]
[Authorize(Roles = "Write")]
public ActionResult Insert ...
通过执行以下操作,您似乎在一个声明中添加了多个角色:
new Claim(ClaimTypes.Role, userRoles)
如果您有多个角色,则每个角色都需要是一个单独的声明。像这样:
new Claim(ClaimTypes.Role, "Read")
new Claim(ClaimTypes.Role, "Write")
如果您在逗号分隔的字符串userRoles
中获取角色,您可以使用一些Linq魔术来添加角色:
claims.AddRange(userRoles.Split(',').Select(r => new Claim(ClaimTypes.Role, r)));
你的意思是
userRoles
具有“读、写”的值吗?