Fatal编程技术网
  • asp.net-core-mvc/
  • Asp.net core mvc 使用Asp.net core 2.1的JWT身份验证仅在本地主机上有效

Asp.net core mvc 使用Asp.net core 2.1的JWT身份验证仅在本地主机上有效

asp.net-core-mvc jwt

Asp.net core mvc 使用Asp.net core 2.1的JWT身份验证仅在本地主机上有效,asp.net-core-mvc,jwt,authorization,asp.net-core-2.1,Asp.net Core Mvc,Jwt,Authorization,Asp.net Core 2.1,我将JWT身份验证添加到我现有的aspnet核心mvc web应用程序中,以保护移动应用程序的api 我使用Multi-auth和MultiPolicies对identity和JWT的授权cookie进行了验证,我使用postman和移动应用程序在localhost上对其进行了测试,效果良好。但当我将它部署到远程服务器时,我无法工作。身份验证和令牌生成工作正常,但是当我使用httpget请求访问api时,我会得到一个到mvc登录页面的重定向。 My Startup.cs包含以下内容: servi

我将JWT身份验证添加到我现有的aspnet核心mvc web应用程序中,以保护移动应用程序的api

我使用Multi-auth和MultiPolicies对identity和JWT的授权cookie进行了验证,我使用postman和移动应用程序在localhost上对其进行了测试,效果良好。但当我将它部署到远程服务器时,我无法工作。身份验证和令牌生成工作正常,但是当我使用httpget请求访问api时,我会得到一个到mvc登录页面的重定向。 My Startup.cs包含以下内容:

services.AddAuthentication().AddCookie(options =>
        {
            options.Cookie.HttpOnly = identityDefaultOptions.CookieHttpOnly;
            options.Cookie.Expiration = TimeSpan.FromDays(identityDefaultOptions.CookieExpiration);
            options.LoginPath = identityDefaultOptions.LoginPath; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login
            options.LogoutPath = identityDefaultOptions.LogoutPath; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout
            options.AccessDeniedPath = identityDefaultOptions.AccessDeniedPath; // If the AccessDeniedPath is not set here, ASP.NET Core will default to /Account/AccessDenied
            options.SlidingExpiration = identityDefaultOptions.SlidingExpiration;
        })
        .AddJwtBearer(options =>
        {
            options.TokenValidationParameters = tokenValidationParameters;
            options.Audience = jwtAppSettingsOptions[nameof(JwtIssuerOptions.Audience)];
            options.RequireHttpsMetadata = bool.Parse(jwtAppSettingsOptions[nameof(JwtIssuerOptions.RequireHttpsMetadata)]);
        });
        services.AddMvc(config =>
        {
            var policy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .Build();
            config.Filters.Add(new RequireHttpsAttribute());
            config.Filters.Add(new AuthorizeFilter(policy));

        }).AddJsonOptions(opt =>
                opt.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver())
        .AddJsonOptions(opt => opt.SerializerSettings
            .ReferenceLoopHandling = ReferenceLoopHandling.Ignore).AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix)
            // Add support for localizing strings in data annotations (e.g. validation messages) via the
            // IStringLocalizer abstractions.
            .AddDataAnnotationsLocalization();
        services.AddAuthorization(options => 
        {
            options.AddPolicy("ApiUserPolicy", policy => policy.RequireClaim("JwtRole", "ID"));

            });
这是一个带有邮递员的localhost登录的屏幕截图。 这是使用postman和production env进行的登录。 这是localhost上的请求,它可以工作,我得到了json结果。
在这里,我得到了mvc登录页面的重新定义

我的问题通过在startup上进行一些更改得以解决。cs我从services.AddMVC options definition中删除了策略过滤器,并在授权定义中添加了两个授权策略,如下所示:

services.AddAuthentication().AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
        {
            options.Cookie.HttpOnly = identityDefaultOptions.CookieHttpOnly;
            options.Cookie.Expiration = TimeSpan.FromDays(identityDefaultOptions.CookieExpiration);
            options.LoginPath = identityDefaultOptions.LoginPath; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login
            options.LogoutPath = identityDefaultOptions.LogoutPath; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout
            options.AccessDeniedPath = identityDefaultOptions.AccessDeniedPath; // If the AccessDeniedPath is not set here, ASP.NET Core will default to /Account/AccessDenied
            options.SlidingExpiration = identityDefaultOptions.SlidingExpiration;
        })
        .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
        {
            options.TokenValidationParameters = tokenValidationParameters;
            options.Audience = jwtAppSettingsOptions[nameof(JwtIssuerOptions.Audience)];
            options.RequireHttpsMetadata = bool.Parse(jwtAppSettingsOptions[nameof(JwtIssuerOptions.RequireHttpsMetadata)]);
        });
        services.AddMvc(config =>
        {
            config.Filters.Add(new RequireHttpsAttribute());
        }).AddJsonOptions(opt =>
                opt.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver())
        .AddJsonOptions(opt => opt.SerializerSettings
            .ReferenceLoopHandling = ReferenceLoopHandling.Ignore).AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix)
            // Add support for localizing strings in data annotations (e.g. validation messages) via the
            // IStringLocalizer abstractions.
            .AddDataAnnotationsLocalization();
        services.AddAuthorization(options => 
        {
            options.AddPolicy(CookieAuthenticationDefaults.AuthenticationScheme, new AuthorizationPolicyBuilder()
    .RequireAuthenticatedUser()
    .AddAuthenticationSchemes(CookieAuthenticationDefaults.AuthenticationScheme)
    .Build());

            options.AddPolicy("ApiUserPolicy", new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .RequireClaim("JwtRole", "ID")
                .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
                .Build());
        });
要了解授权是如何实现的,请查看以下内容了解有关策略和授权模式的更多信息