[英]Use both windows authentication and bearer tokens in one web api
I am trying to build a web api in .NET core 3.1 which first tries to get a bearer token through windows authentication and then uses this token to autenticate further requests. I am trying to build a web api in .NET core 3.1 which first tries to get a bearer token through windows authentication and then uses this token to autenticate further requests.
It seems that it is not allowed to use both windows authentication and bearer in a single web api.似乎不允许在单个 web api 中同时使用 windows 身份验证和承载。 I want to have to controllers for which one uses windows authentication and another uses bearer authentication.
我想拥有一个使用 windows 身份验证和另一个使用承载身份验证的控制器。 This is my controller method:
这是我的 controller 方法:
[HttpGet]
[Route("api/token")]
[Authorize(AuthenticationSchemes = "Windows")]
public async Task<IActionResult> AuthorizeAsync(CancellationToken cancellationToken)
{
// Do something
}
this is for my bearer auth-scheme:这是我的不记名身份验证方案:
_services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuerSigningKey = !string.IsNullOrWhiteSpace(tokenProviderOptions.SigningKey),
IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(tokenProviderOptions.SigningKey)),
ValidateIssuer = !string.IsNullOrWhiteSpace(tokenProviderOptions.Issuer),
ValidIssuer = tokenProviderOptions.Issuer,
ValidateAudience = !string.IsNullOrWhiteSpace(tokenProviderOptions.Audience),
ValidAudience = tokenProviderOptions.Audience,
RequireExpirationTime = true,
ValidateLifetime = !string.IsNullOrWhiteSpace(tokenProviderOptions.TokenLifeTime),
ClockSkew = TimeSpan.FromSeconds(0),
};
});
and in my startup I add windows auth:在我的启动中,我添加了 windows 身份验证:
services.AddAuthentication("Windows").AddNegotiate();
I have read answers that you cannot call AddAuthentication
twice since the second call will override the configuration of the first call, but no solution provided in these question.我已经阅读了您不能两次调用
AddAuthentication
的答案,因为第二次调用将覆盖第一次调用的配置,但这些问题中没有提供解决方案。
So how to mix windows authentication and bearer tokens in one web api?那么如何在一个 web api 中混合 windows 身份验证和不记名令牌?
You can add multiple AuthenticationSchemes as it is a comma delimited string property.您可以添加多个 AuthenticationSchemes,因为它是一个逗号分隔的字符串属性。
[Authorize(AuthenticationSchemes = "Windows,Bearer")]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.