C# 403.net core MVC应用程序中的Auth0返回禁止 问题陈述
当我向健康端点发送GET请求时,本地部署的dotnet core MVC应用程序返回403禁止,指示用户已通过身份验证,但无权使用该资源 问题C# 403.net core MVC应用程序中的Auth0返回禁止 问题陈述,c#,.net-core,auth0,C#,.net Core,Auth0,当我向健康端点发送GET请求时,本地部署的dotnet core MVC应用程序返回403禁止,指示用户已通过身份验证,但无权使用该资源 问题 我是否需要在Auth0中设置用户和角色才能使其工作 基于dotnet核心策略的授权是否需要比我在下面提供的代码更多的代码 既然ScopeHandler异步处理需求,那么我的控制器操作是否需要异步 迄今为止使用的资源 相关代码 Startup.cs ScopeHandler.cs 台阶 从[Authorize]注释中删除范围/权限。结果:按预期返回20
[Authorize]
注释中删除范围/权限。结果:按预期返回200 OKcontext.success(要求)代码>和返回任务。已完成的任务
到HandlerRequestEntAsync
方法的顶部。结果200正常响应按预期返回
结果表明所有代码都是正确的,但Auth0租户中存在错误配置。在Dashboard>API>Machine to Machine Applications>Your Client App>Scopes下,作用域应用于特定客户端
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
string domain = $"https://{Configuration["Auth0:domain"]}/";
services.AddAuthentication(opts => {
opts.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
opts.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(opts => {
opts.Authority = domain;
opts.Audience = Configuration["Auth0:Identifier"];
opts.RequireHttpsMetadata = false;
});
services.AddAuthorization(options =>
{
options.AddPolicy("check:health", policy => policy.Requirements.Add(new HasScopeRequirement("check:health", domain)));
});
services.AddSingleton<IAuthorizationHandler, ScopeHandler>();
services.AddDbContext<PathosContext>(
options => options.UseSqlite(Configuration["PathosConnectionString"])
);
}
public class HasScopeRequirement : IAuthorizationRequirement
{
public string Issuer { get; }
public string Scope { get; }
public HasScopeRequirement(string scope, string issuer)
{
Scope = scope ?? throw new ArgumentNullException(nameof(scope));
Issuer = issuer ?? throw new ArgumentNullException(nameof(issuer));
}
}
public class ScopeHandler : AuthorizationHandler<HasScopeRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, HasScopeRequirement requirement)
{
if (!context.User.HasClaim(c => c.Type == "scope" && c.Issuer == requirement.Issuer))
return Task.CompletedTask;
var scopes = context.User.FindFirst(c => c.Type == "scope" && c.Issuer == requirement.Issuer).Value.Split(' ');
if (scopes.Any(s => s == requirement.Scope))
context.Succeed(requirement);
return Task.CompletedTask;
}
}
public class HealthController: Controller
{
[Authorize("check:health")]
[HttpGet]
public IActionResult Index() {
return Ok("healthy");
}
}