C# 带JWT的aspcore多策略
我有两个适当的政策:ApiUser和CompanyBased。当我使用基于公司的策略时([Authorize(policy=“companybase”)] )应用程序无法验证JWT令牌。当我使用[Authorize]时,它工作正常,令牌已验证 版本:Core2.2 Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2] 授权失败。 Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3] 在筛选器“Microsoft.AspNetCore.Mvc.Authorization.authorizationFilter”处对请求的授权失败。 Microsoft.AspNetCore.Mvc.result[1] 使用身份验证方案()执行结果。 Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[13] 身份验证方案:禁止持证人C# 带JWT的aspcore多策略,c#,asp.net-core,C#,Asp.net Core,我有两个适当的政策:ApiUser和CompanyBased。当我使用基于公司的策略时([Authorize(policy=“companybase”)] )应用程序无法验证JWT令牌。当我使用[Authorize]时,它工作正常,令牌已验证 版本:Core2.2 Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2] 授权失败。 Microsoft.AspNetCore.Mvc.Internal.ControllerA
// api user claim policy
services.AddAuthorization(options =>
{
options.AddPolicy("ApiUser", policy => policy.RequireClaim(Constants.Strings.JwtClaimIdentifiers.Rol, Constants.Strings.JwtClaims.ApiAccess));
options.AddPolicy("CompanyBased", policy =>
{
policy.RequireClaim(Constants.Strings.JwtClaimIdentifiers.Rol, Constants.Strings.JwtClaims.ApiAccess);
policy.AddRequirements(new CompanyBasedRequirement());
});
});
这是公司的BasedHandler
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CompanyBasedRequirement requirement)
{
#region Validate Company id
Guid? companyId = _httpContextAccessor.HttpContext.Request.Headers.GetCompanyId();
string nameIdentifier = context.User.FindFirstValue(ClaimTypes.NameIdentifier);
if (companyId is null)
{
_logger.LogInformation($"No company suppied for {nameIdentifier}");
context.Fail();
}
else
{
if (!_clientRepository.IsClientValid(companyId.Value, nameIdentifier))
{
_logger.LogInformation($"{companyId} does not belong to {nameIdentifier}");
context.Fail();
}
else
{
context.Succeed(requirement);
}
}
#endregion Validate Company id
return Task.CompletedTask;
}
确保在启动类的依赖项注入容器中正确注册了自定义授权处理程序。应将其注册为单身人士:
services.AddSingleton()代码>
通过将方法签名更改为async Task
,然后在方法末尾不返回已完成的任务,可以使HandleRequirementAsync
异步/等待,例如:
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, CompanyBasedRequirement requirement)
{
#region Validate Company id
Guid? companyId = _httpContextAccessor.HttpContext.Request.Headers.GetCompanyId();
string nameIdentifier = context.User.FindFirstValue(ClaimTypes.NameIdentifier);
if (companyId is null)
{
_logger.LogInformation($"No company suppied for {nameIdentifier}");
context.Fail();
}
else
{
if (!_clientRepository.IsClientValid(companyId.Value, nameIdentifier))
{
_logger.LogInformation($"{companyId} does not belong to {nameIdentifier}");
context.Fail();
}
else
{
context.Succeed(requirement);
}
}
#endregion Validate Company id
}
请注意,您没有在该方法中执行任何异步操作,这意味着它将同步运行,因此不需要使该方法异步
我缺少令牌中的常量.Strings.jwtclaimintifiers.Rol 即使使用DI,我也会遇到同样的问题。另外,根据您的意见,在HandleRequirementAsync上创建一个异步会更明智吗?您有app.UseAuthentication()吗;在Startup类中注册?不,返回Task.CompletedTask在您的情况下非常好。是的,我有app.useAuthentication您可以显示authZ要求和处理程序的类签名吗?它是一个空类:public class CompanyBasedRequest:IAAuthorizationRequirement{}