[英].Net Core 2.1 CORS and Authorization with Firebase JWT
I'm following this blog post on authenticating with firebase with .net Core 2 https://blog.markvincze.com/secure-an-asp-net-core-api-with-firebase/ 我正在关注此博客文章,内容涉及使用.net Core 2通过Firebase进行身份验证https://blog.markvincze.com/secure-an-asp-net-core-api-with-firebase/
(I realise i'm using .net core 2.1 but thinking it must be similar) (我意识到我正在使用.net core 2.1,但认为它必须相似)
I'm using a React Frontend with a .net core 2.1 WebApi Backend. 我正在使用带有.net核心2.1 WebApi后端的React前端。
I am able to hit the controller no problem, however once I try to add the authentication to startup.cs I then get a: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at localhost:4000 (Reason: CORS request did not succeed) 我可以打控制器,没问题,但是一旦我尝试将身份验证添加到startup.cs,我就会得到:跨域请求被阻止:同源策略禁止在localhost:4000读取远程资源(原因:CORS请求未成功)
Works totally fine up until that point 到那时为止一切正常
My request is coming from http://localhost:3000 我的请求来自http:// localhost:3000
UPDATES------------------------------------------------------------------ 更新 - - - - - - - - - - - - - - - - - - - - - - - - - -----------------
As a side note, this works when using POSTMAN. 附带说明,这在使用POSTMAN时有效。 I can authenticate with Firebase AND hit the controller without a problem 我可以使用Firebase进行身份验证,并且可以正常操作控制器
Also works in chrome. 也适用于Chrome。 Seems to be an issue with the firefox browser 似乎是Firefox浏览器的问题
My Implementation (After Successful Firebase Login Frontend) 我的实施(在成功登录Firebase前端之后)
Axios Request Axios请求
axois
.get("https://localhost:4000/v1/picture", {
headers: {
accept: "application/json",
"Accept-Language": "en-US,en;q=0.8",
"Content-Type": `multipart/form-data;`,
Authorization: "Bearer " + localStorage.getItem("token")
//Is the above the correct way to pass a jwt to be authenticated backend? This is the full jwt returned by Firebase
}
})
Startup.cs 启动文件
services.AddCors(options =>
{
options.AddPolicy("AllowSpecificOrigin",
builder => builder.WithOrigins("http://localhost:3000")
.AllowAnyMethod()
.AllowAnyHeader());
}
);
//https://blog.markvincze.com/secure-an-asp-net-core-api-with-firebase/
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = "https://securetoken.google.com/mafirebaseapp";
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = "https://securetoken.google.com/mafirebaseapp",
ValidateAudience = true,
ValidAudience = "mafirebaseapp",
ValidateLifetime = true
};
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
...
...
app.UseCors("AllowSpecificOrigin");
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc();
}
PictureController.cs PictureController.cs
[Route("v1/picture")]
public class PictureController : Controller
{
[Authorize]
[HttpGet]
public IActionResult GetPicture()
{
return Ok("Hi");
}
}
I looked at another post which pointed out that the ordering of the methods made a difference so i don't think that's a problem. 我看了另一篇文章,指出方法的顺序有所不同,所以我认为这不是问题。
Any help will be much appreciated! 任何帮助都感激不尽!
Thanks! 谢谢!
您可以尝试为特定操作使用指定的CORS策略,只需将[EnableCors("AllowSpecificOrigin")]
到您的操作中即可。
You can use this NuGet package to make it easy (Support AspNetCore >= 2.0) 您可以使用此NuGet软件包使其变得容易(支持AspNetCore> = 2.0)
Install-Package AspNetCore.Firebase.Authentication 安装包AspNetCore.Firebase.Authentication
In Startup.cs file 在Startup.cs文件中
public void ConfigureServices(IServiceCollection services)
{
services.AddFirebaseAuthentication(Configuration["FirebaseAuthentication:Issuer"], Configuration["FirebaseAuthentication:Audience"]);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseAuthentication();
}
Just have to use [Authorize] attribute on your controllers to enforce authorization 只需在控制器上使用[Authorize]属性即可执行授权
Source: https://bitbucket.org/RAPHAEL_BICKEL/aspnetcore.firebase.authentication/src/master/ 资料来源: https : //bitbucket.org/RAPHAEL_BICKEL/aspnetcore.firebase.authentication/src/master/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.