1

我有一个案例,我想要使用 Bearer 令牌进行身份验证和 Basic 身份验证,但是每次使用 Basic 时我都会收到 403 Forbidden ([Authorize(AuthenticationSchemes = "BasicAuthentication")])。

. 这是我的startup.cs:

services
    .AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

    })
    .AddJwtBearer(cfg =>
    {
        cfg.RequireHttpsMetadata = false;
        cfg.SaveToken = true;
        cfg.TokenValidationParameters = new TokenValidationParameters
        {
            ...
        };
    })
    .AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);

services.AddAuthorization(options =>
{

    options.AddPolicy("BasicAuthentication",
        authBuilder =>
        {
            authBuilder.AddAuthenticationSchemes("BasicAuthentication");
            authBuilder.RequireClaim("NameIdentifier");

        });
});

我为 Basic 添加了一个处理程序:

public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        if (!Request.Headers.ContainsKey("Authorization"))
            return AuthenticateResult.Fail("Missing Authorization Header");

        ...

        var claims = new[] {
            new Claim(ClaimTypes.NameIdentifier, username),
            new Claim(ClaimTypes.Role, "User"),
            new Claim(ClaimTypes.Name, username)
        };

        var identity = new ClaimsIdentity(claims, Scheme.Name);

        var principal = new ClaimsPrincipal(identity);
        var ticket = new AuthenticationTicket(principal, Scheme.Name);

        return AuthenticateResult.Success(ticket);
    }
}

处理程序在正确的情况下返回 Success,但仍返回 403。

4

2 回答 2

2

那是因为您authenticationType在构造身份时错过了参数:

    var 声明 = 新 [] {
        新声明(ClaimTypes.NameIdentifier,用户名),
        新声明(ClaimTypes.Role,“用户”),
        新声明(ClaimTypes.Name,用户名)
    };
    var identity = new ClaimsIdentity(claims);
    var identity = new ClaimsIdentity(claims,Scheme.Name);
于 2019-02-08T01:51:33.843 回答
0

我可以通过更改设置来解决它:我创建了一个扩展方法来添加我的策略和身份验证处理程序:

    public static class BasicAuthExtensions
{
    public static IServiceCollection AddBasicAuthorization(this IServiceCollection serviceCollection)
    {
        serviceCollection
        .AddAuthorization(options =>
        {
            options.AddBasicPolicy();
        })
        .AddAuthentication("BasicAuthentication")
        .AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);

        return serviceCollection;
    }

    public static AuthorizationOptions AddBasicPolicy(this AuthorizationOptions options)
    {
        var policy = new AuthorizationPolicyBuilder()
            .AddAuthenticationSchemes("BasicAuthentication")
            .RequireAuthenticatedUser()
            .Build();

        options.AddPolicy("BasicPolicy", policy);
        return options;
    }
}

然后我在startup.cs中添加了它:

            services
            .AddBasicAuthorization()
            .AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

            })
            .AddJwtBearer(cfg =>
            {
                cfg.RequireHttpsMetadata = false;
                cfg.SaveToken = true;
                cfg.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidIssuer = Configuration["JwtIssuer"],
                    ValidAudience = "Audience",
                    ValidateLifetime = true,
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtKey"])),
                    ValidateIssuerSigningKey = true,
                    ClockSkew = TimeSpan.Zero // remove delay of token when expire
                };
            });
于 2019-02-08T11:14:41.690 回答