Json JWT的用户登录错误(邮递员POST令牌)
我已经创建了一个使用JWT令牌的用户登录系统。我按照指示上了一门课 通过在Postman中输入正确的登录详细信息,可以正确生成令牌。 然后我向随机方法发送一个Get查询(添加授权头“Bearer[token]”)。方法被调用,但没有用户 在该方法运行时,我检查QuickWatch“HttpContext.User”中的声明,它们丢失了(应该有用户名、年龄等) 有人能帮我吗?多谢各位 appsettings.jsonJson JWT的用户登录错误(邮递员POST令牌),json,asp.net-core,jwt,Json,Asp.net Core,Jwt,我已经创建了一个使用JWT令牌的用户登录系统。我按照指示上了一门课 通过在Postman中输入正确的登录详细信息,可以正确生成令牌。 然后我向随机方法发送一个Get查询(添加授权头“Bearer[token]”)。方法被调用,但没有用户 在该方法运行时,我检查QuickWatch“HttpContext.User”中的声明,它们丢失了(应该有用户名、年龄等) 有人能帮我吗?多谢各位 appsettings.json { "jwt": { "JwtKey&
{
"jwt": {
"JwtKey": "JWT_KEYsomethingyouwantwhichissecurewillworkk",
"JwtIssuer": "https://meetupapi.com",
"JwtExpireDays": 15
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*"
}
JwtProvider类
public class JwtProvider : IJwtProvider
{
private readonly JwtOptions _jwtOptions;
public JwtProvider(JwtOptions jwtOptions)
{
this._jwtOptions = jwtOptions;
}
public string GenerateJwtToken(User user)
{
var claims = new List<Claim>()
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(ClaimTypes.Role, user.Role.RoleName),
new Claim(ClaimTypes.Name, user.Email),
new Claim("DateOfBirth", user.DateOfBirth.Value.ToString("dd-MM-yyyy")),
new Claim("Nationality", user.Nationality)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtOptions.JwtKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expires = DateTime.Now.AddDays(_jwtOptions.JwtExpireDays);
var token = new JwtSecurityToken(_jwtOptions.JwtIssuer, _jwtOptions.JwtIssuer, claims, expires: expires, signingCredentials: creds);
var tokenHandler = new JwtSecurityTokenHandler();
return tokenHandler.WriteToken(token);
}
}
公共类JwtProvider:IJwtProvider
{
私有只读JwtOptions\u JwtOptions;
公共JwtProvider(JwtOptions JwtOptions)
{
这._jwtOptions=jwtOptions;
}
公共字符串GenerateJwtToken(用户)
{
var索赔=新列表()
{
新声明(ClaimTypes.NameIdentifier,user.Id.ToString()),
新声明(ClaimTypes.Role、user.Role.RoleName),
新索赔(ClaimTypes.Name、user.Email),
新声明(“DateOfBirth”,user.DateOfBirth.Value.ToString(“dd-MM-yyyy”),
新的索赔(“国籍”,用户国籍)
};
var key=newsymmetricsecuritykey(Encoding.UTF8.GetBytes(_jwtOptions.JwtKey));
var creds=新的签名凭证(key,SecurityAlgorithms.HmacSha256);
var expires=DateTime.Now.AddDays(_jwtOptions.JwtExpireDays);
var token=新的JwtSecurityToken(_jwtOptions.JwtIssuer,_jwtOptions.JwtIssuer,claims,expires:expires,signingCredentials:creds);
var tokenHandler=new JwtSecurityTokenHandler();
返回tokenHandler.WriteToken(令牌);
}
}
以下是我的整个工作演示:
型号:
public class User
{
public int Id { get; set; }
public string Email { get; set; }
public DateTime DateOfBirth { get; set; }
public string Nationality { get; set; }
public Role Role { get; set; }
}
public class Role
{
public string RoleName { get; set; }
}
public class JwtOptions
{
public string JwtKey { get; set; }
public string JwtIssuer { get; set; }
public int JwtExpireDays { get; set; }
}
IJWT提供商:
public interface IJwtProvider
{
string GenerateJwtToken(User user);
}
public class JwtProvider : IJwtProvider
{
private readonly JwtOptions _jwtOptions;
public JwtProvider(JwtOptions jwtOptions)
{
this._jwtOptions = jwtOptions;
}
public string GenerateJwtToken(User user)
{
var claims = new List<Claim>()
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(ClaimTypes.Role, user.Role.RoleName),
new Claim(ClaimTypes.Name, user.Email),
new Claim("DateOfBirth", user.DateOfBirth.ToString("dd-MM-yyyy")),
new Claim("Nationality", user.Nationality)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtOptions.JwtKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expires = DateTime.Now.AddDays(_jwtOptions.JwtExpireDays);
var token = new JwtSecurityToken(_jwtOptions.JwtIssuer, _jwtOptions.JwtIssuer, claims, expires: expires, signingCredentials: creds);
var tokenHandler = new JwtSecurityTokenHandler();
return tokenHandler.WriteToken(token);
}
}
JWT提供商:
public interface IJwtProvider
{
string GenerateJwtToken(User user);
}
public class JwtProvider : IJwtProvider
{
private readonly JwtOptions _jwtOptions;
public JwtProvider(JwtOptions jwtOptions)
{
this._jwtOptions = jwtOptions;
}
public string GenerateJwtToken(User user)
{
var claims = new List<Claim>()
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(ClaimTypes.Role, user.Role.RoleName),
new Claim(ClaimTypes.Name, user.Email),
new Claim("DateOfBirth", user.DateOfBirth.ToString("dd-MM-yyyy")),
new Claim("Nationality", user.Nationality)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtOptions.JwtKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expires = DateTime.Now.AddDays(_jwtOptions.JwtExpireDays);
var token = new JwtSecurityToken(_jwtOptions.JwtIssuer, _jwtOptions.JwtIssuer, claims, expires: expires, signingCredentials: creds);
var tokenHandler = new JwtSecurityTokenHandler();
return tokenHandler.WriteToken(token);
}
}
公共类JwtProvider:IJwtProvider
{
私有只读JwtOptions\u JwtOptions;
公共JwtProvider(JwtOptions JwtOptions)
{
这._jwtOptions=jwtOptions;
}
公共字符串GenerateJwtToken(用户)
{
var索赔=新列表()
{
新声明(ClaimTypes.NameIdentifier,user.Id.ToString()),
新声明(ClaimTypes.Role、user.Role.RoleName),
新索赔(ClaimTypes.Name、user.Email),
新索赔(“出生日期”,user.DateOfBirth.ToString(“dd-MM-yyyy”),
新的索赔(“国籍”,用户国籍)
};
var key=newsymmetricsecuritykey(Encoding.UTF8.GetBytes(_jwtOptions.JwtKey));
var creds=新的签名凭证(key,SecurityAlgorithms.HmacSha256);
var expires=DateTime.Now.AddDays(_jwtOptions.JwtExpireDays);
var token=新的JwtSecurityToken(_jwtOptions.JwtIssuer,_jwtOptions.JwtIssuer,claims,expires:expires,signingCredentials:creds);
var tokenHandler=new JwtSecurityTokenHandler();
返回tokenHandler.WriteToken(令牌);
}
}
Startup.cs:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers()
.AddNewtonsoftJson();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidIssuer = Configuration["Jwt:JwtIssuer"],
ValidAudience = Configuration["Jwt:JwtIssuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:JwtKey"])),
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
RequireSignedTokens = true,
ClockSkew = TimeSpan.FromMinutes(0)
};
});
//services.AddScoped<JwtOptions>();
services.AddScoped<IJwtProvider>(serviceprovider=>
new JwtProvider(new JwtOptions() {
JwtKey= Configuration["Jwt:JwtKey"],
JwtIssuer= Configuration["Jwt:JwtIssuer"],
JwtExpireDays=int.Parse(Configuration["Jwt:JwtExpireDays"])
}));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication(); //be sure add this line...
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
公共类启动
{
公共启动(IConfiguration配置)
{
配置=配置;
}
公共IConfiguration配置{get;}
public void配置服务(IServiceCollection服务)
{
services.AddControllers()
.AddNewtonsoftJson();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(选项=>
{
options.TokenValidationParameters=新的TokenValidationParameters()
{
ValidIssuer=配置[“Jwt:JwtIssuer”],
Validudience=配置[“Jwt:JwtIssuer”],
IssuerSigningKey=new-SymmetricSecurityKey(Encoding.UTF8.GetBytes(配置[“Jwt:JwtKey]”)),
ValidateSuersigningKey=true,
ValidateLifetime=true,
RequiredSignedTokens=真,
ClockSkew=TimeSpan.FromMinutes(0)
};
});
//services.addScope();
services.AddScoped(serviceprovider=>
新JwtProvider(新JwtOptions(){
JwtKey=配置[“Jwt:JwtKey”],
JwtIssuer=配置[“Jwt:JwtIssuer”],
JwtExpireDays=int.Parse(配置[“Jwt:JwtExpireDays”])
}));
}
//此方法由运行时调用。请使用此方法配置HTTP请求管道。
public void配置(IApplicationBuilder应用程序、IWebHostEnvironment环境)
{
if(env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();//确保添加此行。。。
app.UseAuthorization();
app.UseEndpoints(端点=>
{
endpoints.MapControllers();
});
}
}
控制器:
[Authorize]
[Route("api/[Controller]")]
[ApiController]
public class ValuesController : ControllerBase
{
private readonly IJwtProvider _provider;
public ValuesController(IJwtProvider provider)
{
_provider = provider;
}
[HttpGet]
public IEnumerable<string> Get()
{
var claims = HttpContext.User.Claims;
return new string[] { "value1", "value2" };
}
[AllowAnonymous]
[HttpPost]
public string Post([FromBody]User user)
{
var data = _provider.GenerateJwtToken(user);
return data;
}
}
[授权]
[路由(“api/[控制器]”)]
[ApiController]
公共类值控制器:控制器库
{
专用只读IJwtProvider\u提供程序;
公共价值控制人(IJWT提供方)
{
_提供者=提供者;
}
[HttpGet]
公共IEnumerable Get()
{
var claims=HttpContext.User.claims;
返回新字符串[]{“value1”,“value2”};
}
[异名]
[HttpPost]
公共字符串Post([FromBody]用户)
{
var data=_provider.GenerateJwtToken(用户);
返回数据;
}
}
结果:
您的
JwtOptions
是什么?您如何调用JwtProvider
?您如何在Startup.cs中配置jwt身份验证?