堆栈内存溢出
  繁体   English   中英

为什么User.Identity.IsAuthenticated false?

[英]Why User.Identity.IsAuthenticated false?

 原文  2019-05-15 12:20:54       c#/ identity/ jwt-auth

问题描述

我需要在没有授权属性的情况下创建动作,但我需要在User.Identity.IsAuthenticated中获取值。

启动: 

services.AddAuthentication(options =>
  {
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
  }).AddJwtBearer(options =>
  {
    options.RequireHttpsMetadata = false;
    options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
    {
      ValidateIssuer = true,
      ValidIssuer = AuthOptions.ISSUER,

      ValidateAudience = true,
      ValidAudience = AuthOptions.AUDIENCE,
      ValidateLifetime = true,

      IssuerSigningKey = AuthOptions.GetSymmetricSecurityKey(),
      ValidateIssuerSigningKey = true,
    };
  });


app.UseAuthentication();

令牌: 

[HttpPost("/token")]
public async Task Token([FromBody] User user)
{
  var username = user.Login;
  var password = user.Password;
  var identity = await GetIdentityAsync(username, password);
  if (identity == null)
  {
    Response.StatusCode = 400;
    await Response.WriteAsync("Invalid username or password.");
    return;
  }
  var now = DateTime.UtcNow;
  var jwt = new JwtSecurityToken(
          issuer: AuthOptions.ISSUER,
          audience: AuthOptions.AUDIENCE,
          notBefore: now,
          claims: identity.Claims,
          expires: now.Add(TimeSpan.FromMinutes(AuthOptions.LIFETIME)),
          signingCredentials: new SigningCredentials(AuthOptions.GetSymmetricSecurityKey(),
            SecurityAlgorithms.HmacSha256));

  var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);

  var response = new
  {
    access_token = encodedJwt,
    user = new
    {
      login = user.Login,
      role = identity.FindFirst(ClaimsIdentity.DefaultRoleClaimType).Value
    }
  };

  Response.ContentType = "application/json";
  await Response.WriteAsync(JsonConvert.SerializeObject(response,
    new JsonSerializerSettings { Formatting = Formatting.Indented }));
}

async Task<ClaimsIdentity> GetIdentityAsync(string userName, string password)
{
  var result = await _signInManager.PasswordSignInAsync(userName, password, false, false);
  if (result.Succeeded)
  {
    var user = await _userManager.FindByNameAsync(userName);
    if (user != null)
    {
      var role = (await _userManager.GetRolesAsync(user)).SingleOrDefault();

      var claims = new List<Claim>
      {
        new Claim(ClaimsIdentity.DefaultNameClaimType, user.UserName),
        new Claim(ClaimsIdentity.DefaultRoleClaimType, role)
      };

      return new ClaimsIdentity(claims, "Token", ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
    }
  }
  return null;
}

控制器: 

[HttpGet]
public IEnumerable<Book> Get()
{
  var isAuth = User.Identity.IsAuthenticated;
}

User.Identity.IsAuthenticated总是假的。 但是,如果我使用parametr AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme添加Authorize属性,则User.Identity.IsAuthenticated为true。

怎么解决这个问题? 有变种吗?

1 个解决方案

解决方案1
 0  2019-05-15 13:12:51

我在控制器之前添加了Authorize with scheme,在我的方法之前添加了AllowAnonymous。 这很有效

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么我得到User.Identity.IsAuthenticated false User.Identity.IsAuthenticated始终为false User.Identity.IsAuthenticated始终返回false 登录成功后 User.Identity.IsAuthenticated 为 false SignInManager.PasswordSignInAsync() 成功,但 User.Identity.IsAuthenticated 为 false User.Identity.IsAuthenticated 在使用 ITFoxtec 的 SAML 2.0 中始终为假 OWIN 身份验证成功,但 User.Identity.IsAuthenticated 为 false PasswordSignInAsync() 成功后 User.Identity.IsAuthenticated 为 false 调用SignInAsync后,User.Identity.IsAuthenticated返回false 如何在表单身份验证中将User.Identity.IsAuthenticated的值设置为false
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM