Asp.net web api UseJWTBeareAuthentication需要哪些TokenValidationParameters
我打算在我的.netAsp.net web api UseJWTBeareAuthentication需要哪些TokenValidationParameters,asp.net-web-api,token,owin,jwt,okta,Asp.net Web Api,Token,Owin,Jwt,Okta,我打算在我的.netWebAPI上进行JwtBearerAuthentication,但它不起作用。Authorize属性始终声明isAuthorized=false 我与Okta合作担任SSO。我正在客户端进行身份验证,并获得访问令牌和id令牌。在webapi get请求中,我在authorize标头中提供了访问令牌(我也尝试了id令牌),并且我能够在webapi actioncontext中看到带有令牌的authorize标头 在我的startup.cs中,我有以下内容 var client
WebAPI
上进行JwtBearerAuthentication
,但它不起作用。Authorize
属性始终声明isAuthorized=false
我与Okta合作担任SSO。我正在客户端进行身份验证,并获得访问令牌和id令牌。在webapi get请求中,我在authorize标头中提供了访问令牌(我也尝试了id令牌),并且我能够在webapi actioncontext中看到带有令牌的authorize标头
在我的startup.cs中,我有以下内容
var clientID = WebConfigurationManager.AppSettings["okta:ClientId"];
var oidcIssuer = WebConfigurationManager.AppSettings["okta:OIDC_Issuer"];
TokenValidationParameters tvps = new TokenValidationParameters
{
ValidAudience = clientID,
ValidateAudience = true,
ValidIssuer = oidcIssuer,
ValidateIssuer = true
};
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
TokenValidationParameters = tvps,
IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
{
new OpenIdConnectCachingSecurityTokenProvider(oidcIssuer + "/.well-known/openid-configuration")
}
});
我是否缺少一些需要的TokenValidationParameters?我的问题不在于选项。 这是100%的需要移动
app.UseWebApi(config);
下面是所有owin设置内容。当我键入此内容时,我看到twaldron能够理解它 我还意识到他问的是WebAPI,而不是MVC。但是,下面是我使用ASP.NET Core MVC获得以下内容所需的代码,特别感兴趣的可能是这一行,这是访问JWT中其他声明所必需的:
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
下面是这个代码示例在命令行中的工作方式,$ID\u TOKEN
变量包含一个有效的JWT:
$ curl -H "Authorization: Bearer ${ID_TOKEN}" http://localhost:3000/test/test
sub: 01a23b4cd5eFgHI6j7k8 email:test@example.com
Setup.cs:
using System;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
namespace WebApplication
{
public class Startup
{
readonly string clientId = string.Empty;
readonly string issuer = string.Empty;
readonly string audience = string.Empty;
public Startup(IHostingEnvironment env)
{
clientId = "A0b1CDef2GHIj3k4lm5n";
issuer = "https://example.okta.com";
audience = "A0b1CDef2GHIj3k4lm5n";
}
public IConfigurationRoot Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddDebug();
// https://github.com/aspnet/Security/issues/1043#issuecomment-261937401
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
TokenValidationParameters tvps = new TokenValidationParameters
{
ValidateAudience = true,
ValidAudience = audience,
ValidateIssuer = true,
ValidIssuer = issuer,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(5)
};
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
MetadataAddress = issuer + "/.well-known/openid-configuration",
TokenValidationParameters = tvps
});
app.UseStaticFiles();
// Add external authentication middleware below. To configure them please see https://go.microsoft.com/fwlink/?LinkID=532715
app.UseMvc(routes =>
{
routes.MapRoute(
name: "test-controller",
template: "test/{action}",
defaults: new { controller = "Test", action = "Index" }
);
routes.MapRoute(
name: "default",
template: "{controller=Test}/{action=Index}/{id?}");
});
}
}
}
[Authorize]
public IActionResult Test()
{
var contextUser = User.Identity as ClaimsIdentity;
Dictionary<string, string> claim = contextUser.Claims.ToDictionary(x => x.Type, x => x.Value);
var output = "sub: " + claim["sub"] + " email:" + claim["email"];
return Content(output);
}
在控制器/Test.cs中:
using System;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
namespace WebApplication
{
public class Startup
{
readonly string clientId = string.Empty;
readonly string issuer = string.Empty;
readonly string audience = string.Empty;
public Startup(IHostingEnvironment env)
{
clientId = "A0b1CDef2GHIj3k4lm5n";
issuer = "https://example.okta.com";
audience = "A0b1CDef2GHIj3k4lm5n";
}
public IConfigurationRoot Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddDebug();
// https://github.com/aspnet/Security/issues/1043#issuecomment-261937401
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
TokenValidationParameters tvps = new TokenValidationParameters
{
ValidateAudience = true,
ValidAudience = audience,
ValidateIssuer = true,
ValidIssuer = issuer,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(5)
};
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
MetadataAddress = issuer + "/.well-known/openid-configuration",
TokenValidationParameters = tvps
});
app.UseStaticFiles();
// Add external authentication middleware below. To configure them please see https://go.microsoft.com/fwlink/?LinkID=532715
app.UseMvc(routes =>
{
routes.MapRoute(
name: "test-controller",
template: "test/{action}",
defaults: new { controller = "Test", action = "Index" }
);
routes.MapRoute(
name: "default",
template: "{controller=Test}/{action=Index}/{id?}");
});
}
}
}
[Authorize]
public IActionResult Test()
{
var contextUser = User.Identity as ClaimsIdentity;
Dictionary<string, string> claim = contextUser.Claims.ToDictionary(x => x.Type, x => x.Value);
var output = "sub: " + claim["sub"] + " email:" + claim["email"];
return Content(output);
}
[授权]
公共IActionResult测试()
{
var contextUser=User.Identity作为ClaimsIdentity;
Dictionary claim=contextUser.Claims.ToDictionary(x=>x.Type,x=>x.Value);
var output=“sub:”+claim[“sub”]+“email:”+claim[“email”];
返回内容(输出);
}
很高兴你能解决这个问题!我在下面添加了一些代码,只是因为我在获取索赔时遇到问题,并且认为这可能对您有所帮助?(您应该将此标记为“已回答”?)感谢您提供有关团体索赔的提示。这就是我现在正在努力解决的问题。我不明白。JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();实际上我没有那个确切的方法,我只能找到InboundClaimTypeMap.Clear();我使用“Microsoft.NETCore.App”:“1.1.0”上的“Microsoft.AspNetCore.Mvc”:“1.0.1”实现了这段代码。我必须将这些添加到project.json文件中才能正常工作:Microsoft.AspNetCore.Authentication.OAuth、Microsoft.AspNetCore.Authentication.JwtBearer、Microsoft.AspNetCore.Identity-我记不起是哪一个定义了JwtSecurityTokenHandler。如果你发现了,请告诉我!