![](/img/trans.png)
[英]How to do Azure AD groups authorization in .Net core web API?
[英]How I can add both Azure AD and non Azure AD tokens to the same .NET Core Api
想做这样的事情:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateAudience = false,
ValidateIssuer = false,
ValidateIssuerSigningKey = false,
ValidateLifetime = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("private_key"))
};
})
.AddMicrosoftIdentityWebApi(this.Configuration.GetSection("AzureAd"));
但它崩溃了。 如果我为每个方案添加一个名称,则 [Authorize] 不起作用。
我怎么能做这样的事情,并区分不同控制器上的 [Authorize] 方法之一?
谢谢
对于 AAD,在 controller 上使用 [授权]
对于非 AAD,我使用 [Authorize(AuthenticationSchemes = "Other"]
将“Other”方案名称添加到.AddJwtBearer 之一,如下所示。
快乐编码:)
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer("Other", options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateAudience = false,
ValidateIssuer = false,
ValidateIssuerSigningKey = false,
ValidateLifetime = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("private_key"))
};
})
.AddMicrosoftIdentityWebApi(this.Configuration.GetSection("AzureAd"))
仅添加您需要配置策略的身份验证是不够的,因此两者都将被验证(在官方文档中)
services.AddAuthorization(options =>
{
var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(
JwtBearerDefaults.AuthenticationScheme,
"AzureAD");
defaultAuthorizationPolicyBuilder =
defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.