Asp.net core mvc 使用Asp.net core 2.1的JWT身份验证仅在本地主机上有效
我将JWT身份验证添加到我现有的aspnet核心mvc web应用程序中,以保护移动应用程序的api 我使用Multi-auth和MultiPolicies对identity和JWT的授权cookie进行了验证,我使用postman和移动应用程序在localhost上对其进行了测试,效果良好。但当我将它部署到远程服务器时,我无法工作。身份验证和令牌生成工作正常,但是当我使用httpget请求访问api时,我会得到一个到mvc登录页面的重定向。 My Startup.cs包含以下内容:Asp.net core mvc 使用Asp.net core 2.1的JWT身份验证仅在本地主机上有效,asp.net-core-mvc,jwt,authorization,asp.net-core-2.1,Asp.net Core Mvc,Jwt,Authorization,Asp.net Core 2.1,我将JWT身份验证添加到我现有的aspnet核心mvc web应用程序中,以保护移动应用程序的api 我使用Multi-auth和MultiPolicies对identity和JWT的授权cookie进行了验证,我使用postman和移动应用程序在localhost上对其进行了测试,效果良好。但当我将它部署到远程服务器时,我无法工作。身份验证和令牌生成工作正常,但是当我使用httpget请求访问api时,我会得到一个到mvc登录页面的重定向。 My Startup.cs包含以下内容: servi
services.AddAuthentication().AddCookie(options =>
{
options.Cookie.HttpOnly = identityDefaultOptions.CookieHttpOnly;
options.Cookie.Expiration = TimeSpan.FromDays(identityDefaultOptions.CookieExpiration);
options.LoginPath = identityDefaultOptions.LoginPath; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login
options.LogoutPath = identityDefaultOptions.LogoutPath; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout
options.AccessDeniedPath = identityDefaultOptions.AccessDeniedPath; // If the AccessDeniedPath is not set here, ASP.NET Core will default to /Account/AccessDenied
options.SlidingExpiration = identityDefaultOptions.SlidingExpiration;
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = tokenValidationParameters;
options.Audience = jwtAppSettingsOptions[nameof(JwtIssuerOptions.Audience)];
options.RequireHttpsMetadata = bool.Parse(jwtAppSettingsOptions[nameof(JwtIssuerOptions.RequireHttpsMetadata)]);
});
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new RequireHttpsAttribute());
config.Filters.Add(new AuthorizeFilter(policy));
}).AddJsonOptions(opt =>
opt.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver())
.AddJsonOptions(opt => opt.SerializerSettings
.ReferenceLoopHandling = ReferenceLoopHandling.Ignore).AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix)
// Add support for localizing strings in data annotations (e.g. validation messages) via the
// IStringLocalizer abstractions.
.AddDataAnnotationsLocalization();
services.AddAuthorization(options =>
{
options.AddPolicy("ApiUserPolicy", policy => policy.RequireClaim("JwtRole", "ID"));
});
这是一个带有邮递员的localhost登录的屏幕截图。
这是使用postman和production env进行的登录。
这是localhost上的请求,它可以工作,我得到了json结果。
在这里,我得到了mvc登录页面的重新定义 我的问题通过在startup上进行一些更改得以解决。cs我从services.AddMVC options definition中删除了策略过滤器,并在授权定义中添加了两个授权策略,如下所示:
services.AddAuthentication().AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.Cookie.HttpOnly = identityDefaultOptions.CookieHttpOnly;
options.Cookie.Expiration = TimeSpan.FromDays(identityDefaultOptions.CookieExpiration);
options.LoginPath = identityDefaultOptions.LoginPath; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login
options.LogoutPath = identityDefaultOptions.LogoutPath; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout
options.AccessDeniedPath = identityDefaultOptions.AccessDeniedPath; // If the AccessDeniedPath is not set here, ASP.NET Core will default to /Account/AccessDenied
options.SlidingExpiration = identityDefaultOptions.SlidingExpiration;
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{
options.TokenValidationParameters = tokenValidationParameters;
options.Audience = jwtAppSettingsOptions[nameof(JwtIssuerOptions.Audience)];
options.RequireHttpsMetadata = bool.Parse(jwtAppSettingsOptions[nameof(JwtIssuerOptions.RequireHttpsMetadata)]);
});
services.AddMvc(config =>
{
config.Filters.Add(new RequireHttpsAttribute());
}).AddJsonOptions(opt =>
opt.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver())
.AddJsonOptions(opt => opt.SerializerSettings
.ReferenceLoopHandling = ReferenceLoopHandling.Ignore).AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix)
// Add support for localizing strings in data annotations (e.g. validation messages) via the
// IStringLocalizer abstractions.
.AddDataAnnotationsLocalization();
services.AddAuthorization(options =>
{
options.AddPolicy(CookieAuthenticationDefaults.AuthenticationScheme, new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes(CookieAuthenticationDefaults.AuthenticationScheme)
.Build());
options.AddPolicy("ApiUserPolicy", new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireClaim("JwtRole", "ID")
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.Build());
});
要了解授权是如何实现的,请查看以下内容了解有关策略和授权模式的更多信息