[英]HttpContext User claims are empty
I previously have a working project that uses IdentityServer and.Net Core 2.2我以前有一个使用 IdentityServer 和 .Net Core 2.2 的工作项目
I recently did an upgrade on the project's.Net version from Core 2.2 to.Net 5. Also updated every packages into the latest version.我最近将项目的 .Net 版本从 Core 2.2 升级到了 .Net 5。还将每个包更新为最新版本。 Did some tweaks on my code and finally got rid of all the errors.
对我的代码进行了一些调整,最终摆脱了所有错误。 I'm testing my Identity server functionality on my WEB API, and for some reason, the HttpContext.User.Claims return empty.
我正在我的 WEB API 上测试我的身份服务器功能,由于某种原因,HttpContext.User.Claims 返回为空。
Here's my code for it.这是我的代码。
public Guid? CurrentUserId
{
get
{
var claimNameIdentifier = User.Claims.FirstOrDefault(a => a.Type == ClaimTypes.NameIdentifier)?.Value;
return claimNameIdentifier != null ? Guid.Parse(claimNameIdentifier) : (Guid?)null;
}
}
I have this on a base controller to be implemented by my endpoint controllers to get the user id on the JWT accessing my endpoint.我在基础 controller 上有这个,由我的端点控制器实现,以获取访问我的端点的 JWT 上的用户 ID。 Not sure if this is due to the updates as this was working before.
不确定这是否是由于更新,因为这是以前的工作。
Here's my Config for my identity server这是我的身份服务器的配置
public static IEnumerable<IdentityResource> IdentityResources =>
new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
public static IEnumerable<ApiResource> ApiResources =>
new List<ApiResource>
{
new ApiResource
{
Name = "ssi.api",
DisplayName = "Standing Settlement Instructions API"
}
};
public static IEnumerable<ApiScope> ApiScopes =>
new List<ApiScope>
{
new ApiScope
{
Name = "ssi.api",
DisplayName = "Standing Settlement Instructions API"
}
};
public static IEnumerable<Client> Clients =>
new List<Client>
{
new Client
{
ClientId = "ssi.front",
ClientName = "SSI Client",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
// secret for authentication
ClientSecrets =
{
new Secret("my secret".Sha256())
},
// scopes that client has access to
AllowedScopes = {
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"ssi.api",
JwtClaimTypes.Role
},
AccessTokenLifetime = 14400,
AllowOfflineAccess = true,
}
};
Here's how my ConfigureServices look like:这是我的 ConfigureServices 的样子:
// Database
services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer("Server=localhost; Database = SsiDB; Integrated Security = SSPI; MultipleActiveResultSets=true;"));
#region Identity
services.AddIdentity<User, Role>(options =>
{
options.Password.RequiredLength = 8;
options.Password.RequireDigit = false;
options.Password.RequireLowercase = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.User.RequireUniqueEmail = true;
})
.AddRoles<Role>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
var identityBuilder = services.AddIdentityServer()
.AddInMemoryPersistedGrants()
.AddInMemoryClients(IdentityConfig.Clients)
.AddInMemoryApiResources(IdentityConfig.ApiResources)
.AddInMemoryApiScopes(IdentityConfig.ApiScopes)
.AddAspNetIdentity<User>();
identityBuilder.Services.AddTransient<IResourceOwnerPasswordValidator, OwnerPasswordValidator>();
identityBuilder.Services.AddTransient<IProfileService, IdentityProfileService>();
identityBuilder.AddSigningCredential(new X509Certificate2("StandingSettlementInstructionsIdentityAuth.pfx", "", X509KeyStorageFlags.MachineKeySet)); //release
#endregion
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = appSettings.ApiUrl;
options.Audience = "ssi.api";
options.RequireHttpsMetadata = false;
});
And this is my configure这是我的配置
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseHsts();
string appDataPath = Directory.GetCurrentDirectory() + @"\AppData";
if (!Directory.Exists(appDataPath))
Directory.CreateDirectory(appDataPath);
app.UseSwaggerUI(o =>
{
o.DocumentTitle = "Standing Settlement Instructions Api Documentation";
o.RoutePrefix = "api-docs";
o.SwaggerEndpoint("/swagger/v1/swagger.json", "Version 1");
});
app.UseSwagger();
app.UseHttpsRedirection();
app.UseRouting();
app.UseCors("CorsPolicy");
app.UseIdentityServer();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
endpoints.MapHub<NotificationHubService>("/NotificationHubService");
});
app.Run((context =>
{
context.Response.Redirect("api-docs");
return Task.CompletedTask;
}));
}
Things I tried:我尝试过的事情:
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
and use it on my base controller.Some observation.一些观察。 Accessing localhost/.well-known/openid-configuration displays empty supported claims, when I added claims on either API Resource or API Scopes, it does appear in there but still getting the same issue when extracting claims.
访问 localhost/.well-known/openid-configuration 会显示支持的空声明,当我在 API 资源或 API 范围上添加声明时,它确实出现在那里,但在提取声明时仍然遇到相同的问题。 Still empty.
还是空的。
Any help will be highly appreciated.任何帮助将不胜感激。 Been pulling my hair out on this.
一直在拉我的头发。 Thanks!
谢谢!
The first step to debug claims issues is to actually look at what does the access token actually contain?调试声明问题的第一步是实际查看访问令牌实际包含什么? Use a tool like https://jwt.io/ to do that.
使用https://jwt.io/ 之类的工具来执行此操作。
Then Microsoft and IdentityServer have different opinion on what the name of the claims should be, so you need to point out, which claim is the name claim, by using:那么微软和 IdentityServer 对声明的名称应该是什么有不同的看法,所以你需要指出,哪个声明是名称声明,通过使用:
.AddJwtBearer(opt =>
{
opt.TokenValidationParameters.RoleClaimType = "roles";
opt.TokenValidationParameters.NameClaimType = "name";
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.