Authentication 为什么我的授权JWT在发送到Web API时失败？

好吧，我正在努力将JWT发送到Web API，我需要调试方面的帮助。我使用Angular 10客户端和ASP.NET Core 2.2作为服务器。我的身份验证流如下所示：

/// <summary>
        /// POST: api/user/test
        /// </summary>
        /// <returns>Status code.</returns>
        [HttpGet("Test")]
        [Authorize]
        public IActionResult GetTest()
        {
            return new OkObjectResult(new { Message = "This is secure data!" });
        }

向客户端发送服务器中生成的令牌，如下所示：

Claim[] claims = new[] {
                    new Claim(JwtRegisteredClaimNames.Sub, user.Id),
                    new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
                    new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUnixTimeSeconds().ToString())
                    // TODO: add additional claims here
                    };

                int tokenExpirationMins = _configuration.GetValue<int>("Auth:JsonWebToken:TokenExpirationInMinutes");
                SymmetricSecurityKey issuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Auth:JsonWebToken:Key"]));

                JwtSecurityToken token = new JwtSecurityToken(
                    issuer: _configuration["Auth:JsonWebToken:Issuer"],
                    audience: _configuration["Auth:JsonWebToken:Audience"], claims: claims, notBefore: now,
                    expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)), signingCredentials: new SigningCredentials( issuerSigningKey, SecurityAlgorithms.HmacSha256));
                string encodedToken = new JwtSecurityTokenHandler().WriteToken(token);

                // build & return the response
                TokenResponseViewModel response = new TokenResponseViewModel()
                {
                    Token = encodedToken,
                    Expiration = tokenExpirationMins,
                    Email = user.Email,
                    User = user.UserName
                };
                return Json(response);

我的要求看起来不错。以下是标题和请求数据：

由于请求没有通过API的身份验证，它试图重定向到

http://localhost:50962/Account/Login?ReturnUrl=/api/user/test

：

目前我不知道如何解决这个问题。令牌看起来不错，但它被身份框架拒绝。JWT未过期，因为过期时间设置为100分钟

下面也是我的电话请求：

executeCall(): void {
    const httpOptions = {
      headers: new HttpHeaders({
        'Content-Type': 'application/json',
        'Authorization': 'bearer ' + this.auth.getAuth()!.token
      })
    };

    console.log('executing call');
    var url = 'http://localhost:50962/' + 'api/user/test';
    this.http.get<string>(url, httpOptions)
      .subscribe(
        (val) => {
          console.log("POST call successful value returned in body", val);
        },
        response => {
          console.log("POST call in error", response);
          //todo: popup
        },
        () => {
          console.log("The POST observable is now completed.");
          //todo: popup
        });
  }

appsettings配置：

"JsonWebToken": {
      "Issuer": "http://localhost:50962/",
      "Audience": "http://localhost:50962/",
      "Key": "0pvUGXcvhg1ZRQZGBGy4",
      "TokenExpirationInMinutes": 100
    }

---

问题在于此代码，我必须将

授权

替换为

授权（AuthenticationSchemes=“Bearer”）

：

//
///职位：api/用户/测试
/// 
///状态代码。
[HttpGet（“测试”）]
[授权（AuthenticationSchemes=“持有人”）]
公共IActionResult GetTest（）
{
返回新的OkObjectResult（新的{Message=“这是安全数据！”）；
}

基于

"JsonWebToken": {
      "Issuer": "http://localhost:50962/",
      "Audience": "http://localhost:50962/",
      "Key": "0pvUGXcvhg1ZRQZGBGy4",
      "TokenExpirationInMinutes": 100
    }

/// <summary>
        /// POST: api/user/test
        /// </summary>
        /// <returns>Status code.</returns>
        [HttpGet("Test")]
        [Authorize(AuthenticationSchemes = "Bearer")]
        public IActionResult GetTest()
        {
            return new OkObjectResult(new { Message = "This is secure data!" });
        }