[英]InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found
[英]HeaderHandler by AuthorizationHandler : No authenticationScheme was specified, and there was no DefaultChallengeScheme found
我正在嘗試使用AuthorizationHandler處理 asp.net 核心 web api 項目的標題義務
我寫了我的 Handler 和 Requirement 類:
處理程序 class :
public class HttpHeaderHandler : AuthorizationHandler<HttpHeaderRequirement>
{
private readonly IHttpContextAccessor _httpContextAccessor = null;
private readonly ILogger<HttpHeaderHandler> _logger;
public HttpHeaderHandler(IHttpContextAccessor httpContextAccessor, ILogger<HttpHeaderHandler> logger)
{
_httpContextAccessor = httpContextAccessor;
_logger = logger;
}
protected override Task HandleRequirementAsync(
AuthorizationHandlerContext context,
HttpHeaderRequirement requirement)
{
if (_httpContextAccessor?.HttpContext?.Request?.Headers != null &&
!string.IsNullOrEmpty(_httpContextAccessor.HttpContext.Request.Headers[requirement.Header]))
{
context.Succeed(requirement);
}
else
{
context.Fail();
_logger.LogWarning($"Policy validation for header {requirement.Header} failed");
}
return Task.CompletedTask;
}
}
要求 class
public class HttpHeaderRequirement : IAuthorizationRequirement
{
public HttpHeaderRequirement(string header)
{
Header = header;
}
public string Header { get; }
}
所以我將它添加到 ConfigurationServices 方法中:
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddMvc();
services.AddAuthorization(options =>
{
options.AddPolicy("HttpHeaderRequirement",
policy => policy.Requirements.Add(new SRN.Microservice.Commons.Authorization.HttpHeaderRequirement("Auth_Token")));
});
}
所以我使用實現的授權創建了我的 Controller class :
[Produces("application/json")]
[Route("api/[controller]")]
[ApiController]
[Authorize(Policy = "HttpHeaderRequirement")]
public class MyController : ControllerBase
{
[....]
}
當我嘗試調用我的 API 時,服務器返回以下異常:
System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).
at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
有人可以幫助我嗎?
如果您對經過身份驗證的用戶不感興趣,我認為在這種情況下您可能會誤用授權系統。
授權旨在說明“如果您需要授權,您將面臨提供身份驗證詳細信息的挑戰”,之后它可以運行處理程序。 在您的情況下,您沒有配置任何身份驗證(因為您實際上並沒有檢查登錄的用戶?)。
在你的情況下,你想發生什么? 如果您只是想返回錯誤頁面,您可以編寫自己的與內置授權無關的屬性,並根據您現有的邏輯在操作上運行以返回錯誤頁面。
如果您希望缺少的 header確實需要身份驗證,那么您將需要添加和配置身份驗證。
編輯
有關操作過濾器的詳細信息,請參閱https://docs.microsoft.com/en-us/aspnet/core/mvc/controllers/filters?view=aspnetcore-5.0#action- filters
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.