C# 如何在.net core上配置AddAuthorization以允许多个令牌提供程序的角色?
我正在构建一个API,该API需要使用OpenIddict或ADFS生成的自己的令牌以及控制器上的includer角色进行身份验证C# 如何在.net core上配置AddAuthorization以允许多个令牌提供程序的角色?,c#,.net,jwt,authorization,adfs,C#,.net,Jwt,Authorization,Adfs,我正在构建一个API,该API需要使用OpenIddict或ADFS生成的自己的令牌以及控制器上的includer角色进行身份验证[Authorize(roles=“A1,A2”)]。但是,如果添加任何非默认选项,则角色不起作用: My startup.csConfigureServices方法 services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => {
[Authorize(roles=“A1,A2”)]services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = authenticationOptions.Issuer;
options.Audience = authenticationOptions.Audience;
options.RequireHttpsMetadata = !hostingEnvironment.IsDevelopment();
options.IncludeErrorDetails = true;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateLifetime = true,
ValidateIssuer = true,
ValidIssuer = authenticationOptions.Issuer,
ValidateAudience = true,
ValidAudience = authenticationOptions.Audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new X509SecurityKey(LoadCertificate(services))
};
})
.AddJwtBearer("ADFS", options =>
{
options.Authority = appSettings.AdfsAuthority;
options.Audience = appSettings.AdfsAudience;
options.IncludeErrorDetails = true;
options.MetadataAddress = appSettings.AdfsMetadataAddress;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateLifetime = true,
ValidateIssuer = true,
ValidIssuer = appSettings.AdfsIssuer,
ValidateAudience = true,
ValidAudience = appSettings.AdfsAudience,
ValidateIssuerSigningKey = true
};
});
services.AddAuthorization(options =>
{
options.AddPolicy("A2", policy => policy.RequireRole("A2"));
//options.AddPolicy("A1", policy => policy.RequireRole("A1"));
var policies = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme, "ADFS")
.RequireAuthenticatedUser()
.RequireRole("A1")
.Build();
options.DefaultPolicy = policies;
});
AddJwtBearerservices.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = authenticationOptions.Issuer;
options.Audience = authenticationOptions.Audience;
options.RequireHttpsMetadata = !hostingEnvironment.IsDevelopment();
options.IncludeErrorDetails = true;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateLifetime = true,
ValidateIssuer = true,
ValidIssuer = authenticationOptions.Issuer,
ValidateAudience = true,
ValidAudience = authenticationOptions.Audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new X509SecurityKey(LoadCertificate(services))
};
});
services.AddAuthorization(options =>
{
options.AddPolicy("A2", policy => policy.RequireRole("A2"));
});
有人能帮忙吗?我猜问题出在
AddAuthorizationRequireRole[authorization(authorizationschemes=“ADFS,Bearer”,Roles=“A1,A2”)]AddAuthorizationservices.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("ADFS", JwtBearerDefaults.AuthenticationScheme)
.Build();
});
顺便问一下:当您使用自定义策略A1和A2时,不应该是
[授权(Policy=“A1”)][授权(Policy=“A2”)][授权(Roles=“A1,A2”)][授权(Policy=“A1,A2”)][Authorize(Authorize(authorizationSchemes=“ADFS,Bearer”,Roles=“A1,A2”)]services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("ADFS", JwtBearerDefaults.AuthenticationScheme)
.Build();
});