0

问题陈述:我想使用 ping 身份 OAuth 2.0 保护 API。我正在关注这个博客,但我得到了 401。

我已经在邮递员工具中配置了 OAuth2.0,详细信息由 ping 身份团队提供,我能够生成令牌,但当我复制粘贴并将其作为承载发送时,我在 API 中得到 401。

我怀疑我是否提供了错误的回调 URL。如果我的 API URL 是http://web.abc.com/_api/home/userinfo那么我的回调 URL 应该是什么?

注意:我没有在浏览器中使用此解决方案,而是直接尝试保护 API。可能是我的做法本身不正确。让我知道是否有更好的解决方案。

编辑 :

Startup.cs看起来像这样:

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {

        string x509PublicCert = @"XXXXXXXXXXX";

        var byteCert = Convert.FromBase64String(x509PublicCert);
        var x509Cert = new X509Certificate2(byteCert);
        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options =>
            {
                options.Audience = "http://localhost:65180/";//Configuration["Audience"]; //"http://localhost:9000/";
                options.Authority = "https://myloginqa.xyz.com:8080/"; //Configuration["Authority"]; // "https://idp.yourcompany.com:5000/";
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    // Validate the JWT Audience
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = new X509SecurityKey(x509Cert),
                    ValidateIssuer = true,
                    ValidIssuer = "myloginqa.xyz.com",//Configuration["Issuer"], //idp.yourcompany.com
                    ValidateAudience = false,
                    ValidateLifetime = true,
                    // If you want to allow a certain amount of clock drift, set that here:
                    ClockSkew = TimeSpan.Zero
                };
            });

        services.AddControllersWithViews();

        // In production, the React files will be served from this directory
        services.AddSpaStaticFiles(configuration =>
        {
            configuration.RootPath = "ClientApp/build";
        });
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Error");
        }

        app.UseStaticFiles();
        app.UseSpaStaticFiles();
        
        
        app.UseRouting();
        
        app.UseCookiePolicy();
        app.UseAuthentication();
        app.UseAuthorization();
        app.UseCors("CorsApi");
        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller}/{action=Index}/{id?}");

          
        });

        app.UseSpa(spa =>
        {
            spa.Options.SourcePath = "ClientApp";

            if (env.IsDevelopment())
            {
                spa.UseReactDevelopmentServer(npmScript: "start");
            }
        });
    }
}

Controller看起来像这样:

    [EnableCors("CorsApi")]
//[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[Authorize]
[ApiController]
[Route("[controller]")]

public class WeatherForecastController : ControllerBase

在此处输入图像描述

4

0 回答 0