[英]Bearer Token Authentication in ASP.NET Core
嘗試在簡單的 .Net Core Web API 項目中使用基於不記名令牌的身份驗證。 這是我的Startup.cs
app.UseMvc();
//---
const string secretKey = "mysupersecret_secretkey!123";
SymmetricSecurityKey signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey));
SigningCredentials signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
//---
const string audience = "Audience";
const string issuer = "Issuer";
//---
TokenValidationParameters tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
ValidateIssuer = false,
ValidIssuer = issuer,
ValidateAudience = true,
ValidAudience = audience,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero,
AuthenticationType = JwtBearerDefaults.AuthenticationScheme
};
//---
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = tokenValidationParameters,
AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme,
});
此外,我將AuthorizeAttribute
添加到控制器操作
[HttpGet]
[Authorize(ActiveAuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
public IEnumerable<string> Get()
{
return new[] { "value1", "value2" };
}
但是當嘗試發送帶有標頭Authorization: Bearer [TOKEN]
get 請求時Authorization: Bearer [TOKEN]
我得到異常
System.InvalidOperationException: No authentication handler is configured to authenticate for the scheme: Bearer
at Microsoft.AspNetCore.Http.Authentication.Internal.DefaultAuthenticationManager.
那么這個“身份驗證處理程序”是什么? 我需要在哪里設置這個處理程序?
在 ASP.NET Core 中,中間件的順序很重要:它們的執行順序與注冊順序相同。 這里, app.UseMvc()
在 JWT 承載中間件之前被調用,所以這是行不通的。
將app.UseMvc()
放在管道的末尾,它應該可以工作:
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = tokenValidationParameters,
AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme,
});
app.UseMvc();
對於.NET Core 3.0,您需要:
在ConfigureServices(IServiceCollection services)
:
services.AddAuthentication()
.AddJwtBearer(options =>
{
options.Authority = issuer;
options.Audience = audience;
options.TokenValidationParameters = tokenValidationParameters;
});
在Configure(IApplicationBuilder app, IWebHostEnvironment env)
:
// Add it after app.UseRouting() and before app.UseEndpoints()!
// Order of middlewares is important!
app.UseAuthentication();
app.UseAuthorization();
PS:要在[Authorize]
屬性中省略身份驗證方案指示,您可以在AuthenticationOptions
選項中的ConfigureServices(IServiceCollection services)
中設置默認身份AuthenticationOptions
方案:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
});
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.