C# 通过MongoDB授权不使用ASP.NET Core 3.1标识的角色
更新:不只是管理员角色不起作用-似乎任何需要授权的路线都会返回401。 我想创建一个管理员角色来控制对AdminController的访问。对于API/Angular 9前端,我的堆栈是MongoDb/.NET内核(3.1) 我用角色为我的数据库种子C# 通过MongoDB授权不使用ASP.NET Core 3.1标识的角色,c#,mongodb,asp.net-identity,mongodb-.net-driver,C#,Mongodb,Asp.net Identity,Mongodb .net Driver,更新:不只是管理员角色不起作用-似乎任何需要授权的路线都会返回401。 我想创建一个管理员角色来控制对AdminController的访问。对于API/Angular 9前端,我的堆栈是MongoDb/.NET内核(3.1) 我用角色为我的数据库种子 private static void SeedRoles(RoleManager<MongoRole> roleManager) { if (!roleManager.RoleE
private static void SeedRoles(RoleManager<MongoRole> roleManager)
{
if (!roleManager.RoleExistsAsync("User").Result)
{
MongoRole role = new MongoRole();
role.Name = "User";
IdentityResult roleResult = roleManager.
CreateAsync(role).Result;
}
if (!roleManager.RoleExistsAsync("Admin").Result)
{
MongoRole role = new MongoRole();
role.Name = "Admin";
IdentityResult roleResult = roleManager.
CreateAsync(role).Result;
}
}
services.AddIdentityMongoDbProvider<AspNetCore.Identity.Mongo.Model.MongoUser, AspNetCore.Identity.Mongo.Model.MongoRole>(identityOptions =>
{
identityOptions.Password.RequiredLength = 6;
identityOptions.Password.RequireLowercase = false;
identityOptions.Password.RequireUppercase = false;
identityOptions.Password.RequireNonAlphanumeric = false;
identityOptions.Password.RequireDigit = false;
}, mongoIdentityOptions => {
mongoIdentityOptions.ConnectionString = **REMOVED CONN STR FROM HERE**;
});
事实证明,造成这个错误的只是愚蠢。我硬编码了Register/Login端点的issuer和JWT密钥变量,但写得不正确 因为它们与startup.cs文件(见下文)中的issuer/jwt密钥不匹配
这意味着JWT密钥被视为无效而拒绝。很抱歉,如果有人在这方面浪费时间。客户端到服务器的连接正在使用TLS进行身份验证。默认TLS版本必须为1.2/1.3。今年6月之前的旧代码被允许使用1.0/1.1。关于设置TLS1.2,请参见以下内容:这是我需要在客户端(角度)代码上更改的设置吗?因为当我使用邮递员的时候,我会进入401账户——将客户从流程中排除,但我不能100%确定邮递员的设置在哪里。我怀疑是您的浏览器设置造成的。TLS的版本在浏览器设置中。尝试将设置更改为禁用1.0/1.1(和SSL)并仅使用1.2/1.3。我已经尝试过了,但仍然获得了401-而且我意识到,我不仅获得了管理策略的401,还获得了任何需要授权的路由在错误发生前多久?如果是30秒,您可能正在查找代理,30秒表示代理超时。您可以将代理设置为null(client.proxy=null)。您的URL使用HTTP还是HTTPS?两种都试试。在尝试使用c#之前让邮递员工作。
services.AddIdentityMongoDbProvider<AspNetCore.Identity.Mongo.Model.MongoUser, AspNetCore.Identity.Mongo.Model.MongoRole>(identityOptions =>
{
identityOptions.Password.RequiredLength = 6;
identityOptions.Password.RequireLowercase = false;
identityOptions.Password.RequireUppercase = false;
identityOptions.Password.RequireNonAlphanumeric = false;
identityOptions.Password.RequireDigit = false;
}, mongoIdentityOptions => {
mongoIdentityOptions.ConnectionString = **REMOVED CONN STR FROM HERE**;
});
// POST api/user/login
[HttpPost]
[AllowAnonymous]
public async Task<ActionResult> Login([FromBody]LoginEntity model)
{
if (ModelState.IsValid)
{
var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, false, false);
if (result.Succeeded)
{
string key = model.UserName + "ezgig321";
var appUser = _userManager.Users.SingleOrDefault(r => r.UserName == model.UserName);
var issuer = "ezgig";
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var roles = await _userManager.GetRolesAsync(appUser);
var claimList = new List<Claim>();
foreach (var role in roles)
{
var roleClaim = new Claim(ClaimTypes.Role, role);
claimList.Add(roleClaim);
}
claimList.Add(new Claim("username", model.UserName));
//var token = AuthenticationHelper.GenerateJwtToken(model.Email, appUser, _configuration);
var token = new JwtSecurityToken(issuer, //Issure
issuer, //Audience
claimList,
expires: DateTime.Now.AddDays(1),
signingCredentials: credentials);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(token);
var rootData = new LoginResponse(encodedJwt, appUser.UserName);
return Ok(rootData);
}
return StatusCode((int)HttpStatusCode.Unauthorized, "Bad Credentials");
}
string errorMessage = string.Join(", ", ModelState.Values.SelectMany(x => x.Errors).Select(x => x.ErrorMessage));
return BadRequest(errorMessage ?? "Bad Request");
}
[Authorize(Roles ="Admin")]
[Route("api/[controller]/[action]")]
public class AdminController : Controller
{
// GET api/admin/admintest
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[HttpGet]
public ActionResult AdminTest()
{
return Ok("you seem to have admin authorisation");
}
services.AddAuthentication(options =>
{
//Set default Authentication Schema as Bearer
options.DefaultAuthenticateScheme =
JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme =
JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme =
JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(cfg =>
{
cfg.RequireHttpsMetadata = false;
cfg.SaveToken = true;
cfg.TokenValidationParameters =
new TokenValidationParameters
{
ValidIssuer = Configuration["JwtIssuer"],
ValidAudience = Configuration["JwtIssuer"],
IssuerSigningKey =
new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtKey"])),
ClockSkew = TimeSpan.Zero // remove delay of token when expire
};
});