堆栈内存溢出
  繁体   English   中英

我的代码在 Claim base Authorization ASP.NET CORE WEB API 中有什么问题?

[英]What is the Problems of my Code in Claim base Authorization ASP.NET CORE WEB API?

 原文  2022-11-29 09:02:50       c#/ asp.net/ api/ asp.net-core/ jwt

问题描述

我想在 ASP.NET CORE Web API 中使用声明基础授权,我认为我的代码是正确的,但是它对我不起作用并给我错误403 forbidden但是我使用在我的AspNetUserClaims表中具有正确声明值的 Right Token这是我的 Program.cs 代码

//Get Connection String
builder.Services.AddDbContext<AppDbContext>(opts =>
               opts.UseNpgsql(builder.Configuration["connection:connectionString"]));


builder.Services.Configure<ApplicationSettings>(builder.Configuration.GetSection("ApplicationSettings"));

builder.Services.AddMvc();


builder.Services.AddIdentity<ApplicationUser, IdentityRole>(options => options.SignIn.RequireConfirmedAccount = true)
    .AddEntityFrameworkStores<AppDbContext>();

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("VIEW",
        policy => policy.RequireClaim("VIEW"));
});

builder.Services.Configure<IdentityOptions>(options =>
options.User.RequireUniqueEmail = true);



//JWT Token Setup
var key = Encoding.UTF8.GetBytes(builder.Configuration["ApplicationSettings:JWT_Secret"]);

builder.Services.AddAuthentication(x =>
{
    x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    x.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(x => {
    x.RequireHttpsMetadata = false;
    x.SaveToken = false;
    x.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
    {
        ValidateIssuerSigningKey = true,
        IssuerSigningKey = new SymmetricSecurityKey(key),
        ValidateIssuer = false,
        ValidateAudience = false,
        ClockSkew = TimeSpan.Zero
    };
});

这是用户登录时我的UsersLoginController,这个controller在登录成功后生成Token

        [HttpPost]
        [Route("Login")]
   
        public async Task<IActionResult> Login(LoginModel model)
        {
            var user = await _userManager.FindByNameAsync(model.UserName);
            if (user != null && await _userManager.CheckPasswordAsync(user, model.Password))
            {
                //Get role assigned to the user
                var role = await _userManager.GetRolesAsync(user);
                IdentityOptions _options = new IdentityOptions();

                var tokenDescriptor = new SecurityTokenDescriptor
                {
                    Subject = new ClaimsIdentity(new Claim[]
                    {
                        new Claim("UserID",user.Id.ToString()),
                        new Claim(_options.ClaimsIdentity.RoleClaimType,role.FirstOrDefault())
                    }),
                    Expires = DateTime.UtcNow.AddDays(1),
                    SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_appSettings.JWT_Secret)), SecurityAlgorithms.HmacSha256Signature)
                };
                var tokenHandler = new JwtSecurityTokenHandler();
                var securityToken = tokenHandler.CreateToken(tokenDescriptor);
                var token = tokenHandler.WriteToken(securityToken);
                return Ok(new { token });
            }
            else
                return BadRequest(new { message = "Username or password is incorrect." });
        }
    }

这是我的 UsersProfileDetailsController

        [HttpGet]
        [Authorize(Policy = "VIEW")]
        
        public async Task<Object> GetUserProfile()
        {
            string userId = User.Claims.First(c => c.Type == "UserID").Value;
            var user = await _userManager.FindByIdAsync(userId);
            var role = await _userManager.GetRolesAsync(user);
            return new
            {
                user.Id,
                user.FirstName,
                user.LastName,
                user.Email,
                user.UserName,
                user.PhotoPath,
                role,
    
            };
        }

现在,当我使用在表AspNetUserClaims中具有正确 Claimvalue VIEW的管理员用户登录时,它会为我生成令牌,但是当我使用此令牌从UsersProfileDetailsController访问 UserDetails 时,它会给我代码403 forbidden 任何人都可以帮助我如何实施 Claims base Authorization 以及我的问题是什么? 我使用 Postman 进行测试。

1 个解决方案

解决方案1
 1 已采纳  2022-11-29 09:42:18

因为您配置授权如下:

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("VIEW",
        policy => policy.RequireClaim("VIEW"));
});

如果你按F12和go定义,你会找到方法的解释在此处输入图像描述

你在你的 controller 上添加了[Authorize(Policy = "VIEW")] ,如果你想成功授权,当你生成令牌时,你必须添加声明 VIEW

Subject = new ClaimsIdentity(new Claim[]
                    {
                        new Claim("UserID",user.Id.ToString()),
                        //add a new claim named View here
                        new Claim("View",.......),
                        new Claim(_options.ClaimsIdentity.RoleClaimType,role.FirstOrDefault())
                    }),

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过使用JWT令牌在Web API上声明角色授权-Asp.net核心标识 ASP.NET Core中基于声明的授权 ASP.NET 核心 5 授权策略未检测到声明 处理身份验证/授权:ASP.NET Core Web 应用程序 =&gt; ASP.NET Core Web API =&gt; SQL ASP.NET Core Web API 和角色授权 勾选IP和JWT 在ASP.NET核中授权Web Api Asp.net为web-api解雇重定向的核心授权 Asp.net core 2.1 web api中的自定义授权 在 ASP.NET Core 6 上实现 Web API 的自定义授权逻辑 将 ASP.NET 核心 Web API 的 OAuth 授权从隐式更改为 Auth-Code 授权
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM