2

我正在尝试在 Asp core 2.0 中使用 JwtBearerAuthentication,但遇到了两个主要问题。

启动的Configure方法是这样的:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseWebpackDevMiddleware(new WebpackDevMiddlewareOptions
            {
                HotModuleReplacement = true
            });
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
        }

        app.UseTestSensitiveConfiguration(null);

        app.UseStaticFiles();

        app.UseAuthentication();

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=Index}/{id?}");

            routes.MapSpaFallbackRoute(
                name: "spa-fallback",
                defaults: new { controller = "Home", action = "Index" });
        });
    }

和如下所示的 ConfigureServices:

public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc()
            .AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver())
            .AddJsonOptions(options => options.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore);

        services.AddDbContext<FGWAContext>(options => options.UseSqlServer(connection));

        services.AddIdentity<User, Role>()
            .AddEntityFrameworkStores<FGWAContext>()
            .AddDefaultTokenProviders();

        services.Configure<IdentityOptions>(options =>
        {
            // Password settings
            options.Password.RequireDigit = false;
            options.Password.RequiredLength = 4;
            options.Password.RequireNonAlphanumeric = false;
            options.Password.RequireUppercase = false;
            options.Password.RequireLowercase = false;

            // Lockout settings
            options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
            options.Lockout.MaxFailedAccessAttempts = 10;

            // User settings
            options.User.RequireUniqueEmail = true;
        });



        //// If you want to tweak Identity cookies, they're no longer part of IdentityOptions.
        //services.ConfigureApplicationCookie(options => options.LoginPath = "/Account/LogIn");
        //services.AddAuthentication();
        //// If you don't want the cookie to be automatically authenticated and assigned to HttpContext.User, 
        //// remove the CookieAuthenticationDefaults.AuthenticationScheme parameter passed to AddAuthentication.
        //services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        //    .AddCookie(options =>
        //    {
        //        options.LoginPath = "/Account/LogIn";
        //        options.LogoutPath = "/Account/LogOff";
        //    });
        //services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        //    .AddJwtBearer(jwtBearerOptions =>
        //    {
        //        //jwtBearerOptions.Events.OnChallenge = context =>
        //        //{
        //        //    context.Response.Headers["Location"] = context.Request.Path.Value;
        //        //    context.Response.StatusCode = 401;
        //        //    return Task.CompletedTask;
        //        //};
        //        jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters
        //        {
        //            ValidateIssuerSigningKey = true,
        //            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("your secret goes here")),

        //            ValidateIssuer = true,
        //            ValidIssuer = "The name of the issuer",

        //            ValidateAudience = true,
        //            ValidAudience = "The name of the audience",

        //            ValidateLifetime = true, //validate the expiration and not before values in the token

        //            ClockSkew = TimeSpan.FromMinutes(5) //5 minute tolerance for the expiration date
        //        };
        //    });

        // Enable Dual Authentication 
        services.AddAuthentication()
          .AddCookie(cfg => cfg.SlidingExpiration = true)
          .AddJwtBearer(cfg =>
          {
              cfg.RequireHttpsMetadata = false;
              cfg.SaveToken = true;

              cfg.TokenValidationParameters = new TokenValidationParameters()
              {
                  ValidIssuer = Configuration["Tokens:Issuer"],
                  ValidAudience = Configuration["Tokens:Issuer"],
                  IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Tokens:Key"]))
              };

          });

        services.AddTransient<IModelsService, ModelsService>();
        services.AddTransient<IRestaurantService, RestaurantService>();
    }

和两个主要问题:

1-它不起作用!我调用生成令牌http://localhost:59699/api/accountapi/login的方法,答案是这样的:

{"access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJmb29kdGVzdGdldHVzckBnbWFpbC5jb20iLCJqdGkiOiIyZGQ0MDhkNy02NDE4LTQ2MGItYTUxYi1hNTYzN2Q0YWYyYzgiLCJpYXQiOiIxMC8xMi8yMDE3IDM6NDA6MDYgQU0iLCJuYmYiOjE1MDc3Nzk2MDYsImV4cCI6MTUwNzc3OTkwNiwiaXNzIjoiRXhhbXBsZUlzc3VlciIsImF1ZCI6IkV4YW1wbGVBdWRpZW5jZSJ9.of-kTEIG8bOoPfyCQjuP7s6Zm32yFFPlW_T61OT8Hqs","expires_in":300}

然后我以这种方式调用受保护的资源:

发送配置

但受保护的资源不可访问。

2- 验证失败后,将请求重定向到登录页面。如何禁用此自动质询行为?

在你开始回答之前,我必须告诉你,我已经尝试过https://wildermuth.com/2017/08/19/Two-AuthorizationSchemes-in-ASP-NET-Core-2来创建身份验证和这个https:// docs.microsoft.com/en-us/aspnet/core/migration/1x-to-2x/identity-2x;还有这个ASP.NET Core 2.0 禁用自动质询以禁用自动质询,但它们都不起作用。

更新

所需的配置是在 webapi 调用上使用 jwtbearerauthentication,而其他配置使用 cookie。然后,在使用前者时,我想对未经授权的请求返回未经授权的 (401) 响应,而对于后者,我想要重定向。

4

1 回答 1

2

我看到至少一个错误。您的授权标头应该是“Bearer TOKEN”,而不是“bearer”。所以大写 Bearer。

然后进行api调用的重定向。将 Authorize 属性与 JwtBearer 模式放在 api 操作上:

[Route("api/method")]
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[HttpGet]
public IActionResult MyApiCall()
{
 .....
}
于 2017-11-30T20:17:10.453 回答