Authentication 为什么我的授权JWT在发送到Web API时失败?
好吧,我正在努力将JWT发送到Web API,我需要调试方面的帮助。我使用Angular 10客户端和ASP.NET Core 2.2作为服务器。我的身份验证流如下所示:Authentication 为什么我的授权JWT在发送到Web API时失败?,authentication,token,asp.net-core-2.2,jwt-auth,Authentication,Token,Asp.net Core 2.2,Jwt Auth,好吧,我正在努力将JWT发送到Web API,我需要调试方面的帮助。我使用Angular 10客户端和ASP.NET Core 2.2作为服务器。我的身份验证流如下所示: /// <summary> /// POST: api/user/test /// </summary> /// <returns>Status code.</returns> [HttpGet("Test
/// <summary>
/// POST: api/user/test
/// </summary>
/// <returns>Status code.</returns>
[HttpGet("Test")]
[Authorize]
public IActionResult GetTest()
{
return new OkObjectResult(new { Message = "This is secure data!" });
}
向客户端发送服务器中生成的令牌,如下所示:
Claim[] claims = new[] {
new Claim(JwtRegisteredClaimNames.Sub, user.Id),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUnixTimeSeconds().ToString())
// TODO: add additional claims here
};
int tokenExpirationMins = _configuration.GetValue<int>("Auth:JsonWebToken:TokenExpirationInMinutes");
SymmetricSecurityKey issuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Auth:JsonWebToken:Key"]));
JwtSecurityToken token = new JwtSecurityToken(
issuer: _configuration["Auth:JsonWebToken:Issuer"],
audience: _configuration["Auth:JsonWebToken:Audience"], claims: claims, notBefore: now,
expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)), signingCredentials: new SigningCredentials( issuerSigningKey, SecurityAlgorithms.HmacSha256));
string encodedToken = new JwtSecurityTokenHandler().WriteToken(token);
// build & return the response
TokenResponseViewModel response = new TokenResponseViewModel()
{
Token = encodedToken,
Expiration = tokenExpirationMins,
Email = user.Email,
User = user.UserName
};
return Json(response);
我的要求看起来不错。以下是标题和请求数据:
由于请求没有通过API的身份验证,它试图重定向到http://localhost:50962/Account/Login?ReturnUrl=/api/user/test
:
目前我不知道如何解决这个问题。令牌看起来不错,但它被身份框架拒绝。JWT未过期,因为过期时间设置为100分钟
下面也是我的电话请求:
executeCall(): void {
const httpOptions = {
headers: new HttpHeaders({
'Content-Type': 'application/json',
'Authorization': 'bearer ' + this.auth.getAuth()!.token
})
};
console.log('executing call');
var url = 'http://localhost:50962/' + 'api/user/test';
this.http.get<string>(url, httpOptions)
.subscribe(
(val) => {
console.log("POST call successful value returned in body", val);
},
response => {
console.log("POST call in error", response);
//todo: popup
},
() => {
console.log("The POST observable is now completed.");
//todo: popup
});
}
appsettings配置:
"JsonWebToken": {
"Issuer": "http://localhost:50962/",
"Audience": "http://localhost:50962/",
"Key": "0pvUGXcvhg1ZRQZGBGy4",
"TokenExpirationInMinutes": 100
}
问题在于此代码,我必须将
授权
替换为授权(AuthenticationSchemes=“Bearer”)
:
//
///职位:api/用户/测试
///
///状态代码。
[HttpGet(“测试”)]
[授权(AuthenticationSchemes=“持有人”)]
公共IActionResult GetTest()
{
返回新的OkObjectResult(新的{Message=“这是安全数据!”);
}
基于
"JsonWebToken": {
"Issuer": "http://localhost:50962/",
"Audience": "http://localhost:50962/",
"Key": "0pvUGXcvhg1ZRQZGBGy4",
"TokenExpirationInMinutes": 100
}
/// <summary>
/// POST: api/user/test
/// </summary>
/// <returns>Status code.</returns>
[HttpGet("Test")]
[Authorize(AuthenticationSchemes = "Bearer")]
public IActionResult GetTest()
{
return new OkObjectResult(new { Message = "This is secure data!" });
}