C# AspNet WebApi核心JWT令牌未进行身份验证
我正在构建api,无法获得工作授权 我已删除Authorize属性并验证端点是否正常工作 我的ConfigureServices方法C# AspNet WebApi核心JWT令牌未进行身份验证,c#,asp.net-core,asp.net-identity,C#,Asp.net Core,Asp.net Identity,我正在构建api,无法获得工作授权 我已删除Authorize属性并验证端点是否正常工作 我的ConfigureServices方法 public void ConfigureServices(IServiceCollection services) { services.AddControllers(); services.AddDbContext<SomeContext>(options => {
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddDbContext<SomeContext>(options =>
{
var connectionString = Configuration.GetConnectionString("default");
Console.WriteLine(connectionString);
options.UseSqlServer(connectionString);
});
services.AddDefaultIdentity<IdentityUser>()
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<SomeContext>()
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
options.Password.RequireDigit = true;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Password.RequiredLength = 6;
options.User.RequireUniqueEmail = false;
});
services.AddAuthorization(options =>
{
options.AddPolicy(Roles.Manager, policy=> policy.RequireClaim(Roles.Manager));
options.AddPolicy(Roles.Admin, policy=> policy.RequireClaim(Roles.Admin));
});
// add other services here
}
My Configure method:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseAuthentication();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
现在我的问题是,当我在邮递员的邮件头中发送类似于承载我的令牌的承载令牌时
什么检查承载令牌,为什么我在向控制器添加[Authorize]
属性时找不到404
更新
我更改了以下代码:(从404改为401)
您似乎没有向授权流添加任何JWT处理中间件。这适用于我,使用Azure广告:
var azureAd = Configuration.GetSection("AzureAd");
services.AddAuthorization(options =>
{
options.DefaultPolicy =
new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build();
});
services.AddAuthentication(AzureADDefaults.JwtBearerAuthenticationScheme)
.AddJwtBearer(x =>
{
x.Audience = azureAd.GetValue<string>("ClientId");
x.Authority = $"{azureAd.GetValue<string>("Instance")}/{azureAd.GetValue<string>("TenantId")}/v2.0";
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
AudienceValidator = null,
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
ValidateActor = true,
ValidateLifetime = true,
ValidateTokenReplay = true,
ValidateAudience = true
};
});
var azureAd=Configuration.GetSection(“azureAd”);
services.AddAuthorization(选项=>
{
options.DefaultPolicy=
新授权PolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()文件
.Build();
});
services.AddAuthentication(AzureADDefaults.JwtBearerAuthenticationScheme)
.AddJwtBearer(x=>
{
x、 受众=azureAd.GetValue(“ClientId”);
x、 Authority=$“{azureAd.GetValue(“实例”)}/{azureAd.GetValue(“租户”)}/v2.0”;
x、 RequireHttpsMetadata=false;
x、 SaveToken=true;
x、 TokenValidationParameters=新的TokenValidationParameters
{
AudienceValidator=null,
ValidateSuersigningKey=true,
validateisuer=true,
ValidateActor=true,
ValidateLifetime=true,
ValidateTokenReplay=true,
ValidateAudience=true
};
});
对于其他有此问题的人,我找到了解决方案
他在他的博客上看到了
最终结果是:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
var securityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Constants.ConstantsToAddToSecrets.Seceret));
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = securityKey,
ValidateIssuer = false,
ValidateAudience = false
};
});
以及在创建令牌以使用tokenHandler
公共异步任务AuthenticateTasync(LoginModel LoginModel)
{
var signedInUser=等待符号同步(loginModel);
if(signedInUser==null)返回null
var claims = (await _userManager.GetClaimsAsync(signedInUser)).ToList();
var userRoles = await GetRolesAsync(signedInUser);
claims.AddRange(userRoles);
var tokenHandler = new JwtSecurityTokenHandler();
var securityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Constants.ConstantsToAddToSecrets.Seceret));
var tokenDescriptor = new SecurityTokenDescriptor()
{
Subject = new ClaimsIdentity(claims.ToArray()),
Expires = DateTime.Now.AddDays(1),
SigningCredentials = new SigningCredentials(
securityKey,
SecurityAlgorithms.HmacSha256Signature
),
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return tokenHandler.WriteToken(token);
}
我想这让我离得更近了,但是,我已经从404变成了401。我会更新上面的内容。我没有使用azure。我正在与数据库用户进行日志记录。虽然此链接可能会回答问题,但最好在此处包含答案的基本部分,并提供链接供参考。只有链接的答案才能成为无效答案d如果链接页面发生更改-
var azureAd = Configuration.GetSection("AzureAd");
services.AddAuthorization(options =>
{
options.DefaultPolicy =
new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build();
});
services.AddAuthentication(AzureADDefaults.JwtBearerAuthenticationScheme)
.AddJwtBearer(x =>
{
x.Audience = azureAd.GetValue<string>("ClientId");
x.Authority = $"{azureAd.GetValue<string>("Instance")}/{azureAd.GetValue<string>("TenantId")}/v2.0";
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
AudienceValidator = null,
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
ValidateActor = true,
ValidateLifetime = true,
ValidateTokenReplay = true,
ValidateAudience = true
};
});
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
var securityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Constants.ConstantsToAddToSecrets.Seceret));
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = securityKey,
ValidateIssuer = false,
ValidateAudience = false
};
});
var claims = (await _userManager.GetClaimsAsync(signedInUser)).ToList();
var userRoles = await GetRolesAsync(signedInUser);
claims.AddRange(userRoles);
var tokenHandler = new JwtSecurityTokenHandler();
var securityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Constants.ConstantsToAddToSecrets.Seceret));
var tokenDescriptor = new SecurityTokenDescriptor()
{
Subject = new ClaimsIdentity(claims.ToArray()),
Expires = DateTime.Now.AddDays(1),
SigningCredentials = new SigningCredentials(
securityKey,
SecurityAlgorithms.HmacSha256Signature
),
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return tokenHandler.WriteToken(token);
}