[英]Skip Authorization when request is not authenticated ASP.NET Core
即使请求不包含 JWT 令牌,我的授权要求的授权处理程序也会被执行。
我认为这是胡说八道。 我有什么问题吗? 或者它是预期的并且应该手动处理?
配置:
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "Puls.Cloud.Services.Account.API v1"));
}
app.UseProblemDetails();
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers().RequireAuthorization();
});
app.UseSwagger();
迪:
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(encryptionKey),
ValidateIssuer = false,
ValidateAudience = false
};
x.Events = new JwtBearerEvents
{
OnAuthenticationFailed = AuthenticationFailed
};
});
services.AddAuthorization(options =>
{
options.AddPolicy(RequirePermissionAttribute.RequirePermissionPolicyName, policyBuilder =>
{
policyBuilder.Requirements.Add(new RequirePermissionAuthorizationRequirement());
policyBuilder.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme);
});
});
在您的 app.UseEndpoints() 中有
endpoints.MapControllers().RequireAuthorization();
很明显,这将强制DefaultPolicy进入您的控制器。
您应该执行以下选项之一:
选项 1 :使用[AllowAnonymous]属性处理它
选项 2 :使用自定义AuthorizationHandler处理
请检查这些链接: https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-5.0
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.