[英]Authentication Swagger with JWT Bearer token
我们正在开发具有 JWT 承载身份验证的 .Net Core 2.1 Web API。 应用程序本身将生成并分发要发送到后端的令牌。
当我们一切就绪并运行时,即我们可以从 Angular 发送承载令牌并使用 Postman 对其进行测试,但 Swagger 不会发送承载令牌。 我们添加了 Swagger 配置以使用 SecurityDefinition 如下,我将发布完整的 ConfigureServices 方法:
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMvc();
services.AddCors(options =>
{
options.AddPolicy("AllowAllOrigins",
policy => policy.WithOrigins("*").AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod());
});
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new CorsAuthorizationFilterFactory("AllowAllOrigins"));
});
ServiceInstaller.Install(services, Configuration);
// api user claim policy
services.AddAuthorization(options =>
{
var authorizationPolicy = new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().Build();
options.AddPolicy("Bearer", authorizationPolicy);
});
// add identity
var builder = services.AddIdentityCore<AppUser>(o =>
{
// configure identity options
o.Password.RequireDigit = false;
o.Password.RequireLowercase = false;
o.Password.RequireUppercase = false;
o.Password.RequireNonAlphanumeric = false;
o.Password.RequiredLength = 6;
});
builder = new IdentityBuilder(builder.UserType, typeof(IdentityRole), builder.Services);
builder.AddEntityFrameworkStores<ApplicationDbContext>().AddDefaultTokenProviders();
var keyByteArray = Encoding.ASCII.GetBytes("placekeyhere");
var signingKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(keyByteArray);
services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(
options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
IssuerSigningKey = signingKey,
ValidAudience = "Audience",
ValidIssuer = "Issuer",
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(0)
};
});
// Configure JwtIssuerOptions
services.Configure<JwtIssuerOptions>(options =>
{
options.Issuer = "Issuer";
options.Audience = "Audience";
options.SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
});
// Register the Swagger generator, defining one or more Swagger documents
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info { Title = "AppName", Version = "v1" });
c.OperationFilter<UploadOperation>();
c.AddSecurityDefinition("Authorization", new ApiKeyScheme
{
Description =
"JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = "header",
Type = "apiKey",
});
});
}
这确实将身份验证选项添加到屏幕顶部。 在 configure 方法中,我们告诉应用程序实际使用身份验证:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseAuthentication();
if (env.IsDevelopment())
{
// Enable middleware to serve generated Swagger as a JSON endpoint.
app.UseCors();
app.UseSwagger();
// Enable middleware to serve swagger-ui (HTML, JS, CSS, etc.), specifying the Swagger JSON endpoint.
app.UseSwaggerUI(c => { c.SwaggerEndpoint("/swagger/v1/swagger.json", "AppName"); });
}
app.UseMvc();
}
但是,当我们使用令牌对自己进行身份验证时,该函数的 curl 不会显示 Bearer 令牌。 看起来 Swagger 没有将令牌发送到后端。
我们使用 .Net Core 2.1 和 Swagger 2.3。 任何帮助将不胜感激,谢谢。
更新 - Swagger 规范已更改。 检查下面@nilay 的答案以获得正确的解决方案。
我有同样的问题。
2件事是必须的
你必须像这样放置"bearer <token-here>" 。 只放令牌是行不通的。
要使其在 swagger 2.x 中工作,您需要在您的方案定义中附上相应的要求,以表明该方案适用于您 API 中的所有操作:
c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
{ "Bearer", new string[] { } }
});
完整定义:
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info { Title = "Some API", Version = "v1" });
c.AddSecurityDefinition("Bearer", new ApiKeyScheme()
{
Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = "header",
Type = "apiKey"
});
c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
{ "Bearer", new string[] { } }
});
});
我也面临同样的问题,但我使用的是基于 OpenAPI 的新版本 Swagger。 所以,我必须使用下面的代码片段。
var securityScheme = new OpenApiSecurityScheme()
{
Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.Http,
Scheme = "bearer",
BearerFormat = "JWT"
};
var securityRequirement = new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "bearerAuth"
}
},
new string[] {}
}
};
options.AddSecurityDefinition("bearerAuth", securityScheme);
options.AddSecurityRequirement(securityRequirement);
从 swagger UI 传递 header 中的 Jwt 令牌作为不记名令牌不起作用
[英]Passing Jwt token in header from swagger UI as bearer token not working
用于承载令牌认证的Owin中间件,支持JWT密钥轮换
[英]Owin middleware for Bearer Token Authentication that supports JWT key rotation
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.