堆栈内存溢出
  简体   繁体   English

WebAPI 不尊重 Jwt 令牌的授权属性

[英]WebAPI does not respect Jwt token for authorize attribute

 原文  2015-10-09 17:04:39       c#/ asp.net/ angularjs/ asp.net-web-api/ jwt

问题描述

I have implemented all the steps here and other tutorials at that site to issue and consume Jwt in my application using AngularJS and WebAPI.我已经实现了此处的所有步骤以及该站点上的其他教程,以使用 AngularJS 和 WebAPI 在我的应用程序中发布和使用 Jwt。 In my Startup.cs I am calling the following function to tell the app to consumer Jwt tokens when AuthorizeAttribute is present:在我的 Startup.cs 中,当AuthorizeAttribute存在时,我调用以下函数来告诉应用程序消费者 Jwt 令牌:

    private void ConfigureOAuthTokenConsumption(IAppBuilder app)
    {

        string issuer = MyIssuer;
        string audienceId = MyAudienceID;
        X509Certificate2 cert = GetMyCertificate();

        // Api controllers with an [Authorize] attribute will be validated with JWT
        app.UseJwtBearerAuthentication(
            new JwtBearerAuthenticationOptions
            {
                AuthenticationMode = AuthenticationMode.Active,
                AllowedAudiences = new[] { audienceId },
                IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
                {
                    new X509CertificateSecurityTokenProvider(issuer, cert)
                }
            });
    }

When I run the application I can login just fine, generate the Jwt tokens just fine, consume them in angular and add them to the API requests, but I still get a 404. I must be missing something in the Jwt configuration so that it is not being validated, but I'm not getting any errors.当我运行应用程序时,我可以正常登录,生成 Jwt 令牌就好了,以角度使用它们并将它们添加到 API 请求中,但我仍然得到 404。我必须在 Jwt 配置中丢失一些东西,所以它是没有得到验证,但我没有收到任何错误。

Just for the heck of it I tried implementing a customer AuthorizeAttribute , and put a breakpoint in the IsAuthorized method.只是为了它,我尝试实现一个客户AuthorizeAttribute ,并在IsAuthorized方法中放置一个断点。 You can see that the request contains the Bearer token, but IsAuthorized returns false, and the Principal is not set.可以看到请求中包含了 Bearer 令牌,但是IsAuthorized返回了 false,并且没有设置 Principal。

Does anyone have an idea what I might be missing?有谁知道我可能会错过什么? I'm so close here.我离这里很近。

1 个解决方案

解决方案1
 1 已采纳  2015-10-13 19:56:34

I probably didn't have enough info in here to answer this properly, but it ended up being that I didn't submit my OWIN config statements in the right order.我可能没有足够的信息来正确回答这个问题,但最终我没有以正确的顺序提交我的 OWIN 配置语句。 In Startup.cs I put app.UseWebApi(config);在 Startup.cs 我把app.UseWebApi(config); before the code that configured my authorization modules.在配置我的授权模块的代码之前。 Putting app.UseWebApi(config);app.UseWebApi(config); at the end of the configuration code made it start working.在配置代码的末尾使它开始工作。

I posed this question better at the ASP.NET forums: http://forums.asp.net/p/2070482/5976299.aspx?p=True&t=635803483826595456我在 ASP.NET 论坛上更好地提出了这个问题: http : //forums.asp.net/p/2070482/5976299.aspx?p=True&t=635803483826595456

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WebApi自定义授权属性 - WebApi Custom Authorize attribute 如何使用JWT令牌进行授权 - How to Authorize Using JWT token WebApi自定义授权属性不起作用 - WebApi Custom Authorize Attribute not working 使用 Jwt 的基于令牌的身份验证无法授权 - Token based authentication with Jwt fails to authorize WebAPI [Authorize]属性。 这是怎么回事 - WebAPI [Authorize] attribute. What is happening here? 授权属性不起作用 - Authorize attribute does not work ASP.NET Core 2授权属性jwt - ASP.NET Core 2 Authorize attribute jwt JWT 身份验证,在 Authorize 属性中定义的角色被忽略 - JWT Authentication, roles defined in Authorize attribute are ignored JWT Auth与Authorize Attribute一起使用,但不适用于[Authorize(Policy =“ Administrator”)] - JWT Auth works with Authorize Attribute but not with [Authorize (Policy = “Administrator”)] WebApi核心2.2 JWT令牌未获得授权 - WebApi core 2.2 JWT Token not been Authorized
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM