Asp Core 2.1 Jwt +身份. userManager存储未实现IUserRoleStore [英] Asp Core 2.1 Jwt + Identity. userManager store does not implement IUserRoleStore

问题描述

我正在尝试在ASP Net Core 2.1中使用Jwt身份验证和身份

I am trying to work with Jwt auth and Identity in ASP Net Core 2.1

在我的Startup.cs中，我有:

In my Startup.cs I have:

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.RequireHttpsMetadata = false;
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidIssuer = AuthOptions.ISSUER,
            ValidateAudience = true,
            ValidAudience = AuthOptions.AUDIENCE,
            ValidateLifetime = true,
            IssuerSigningKey = AuthOptions.GetSymmetricSecurityKey(),
            ValidateIssuerSigningKey = true,
        };
    });

var builder = services.AddIdentityCore<User>(options =>
{
    // Password settings
    ...
    // Lockout settings
    ...
    // User settings
    options.User.RequireUniqueEmail = true;
}).AddEntityFrameworkStores<ApplicationDbContext>();

builder = new IdentityBuilder(builder.UserType，typeof(IdentityRole)，builder.Services);

builder = new IdentityBuilder(builder.UserType, typeof(IdentityRole), builder.Services);

然后在SecurityService.cs中，我试图通过使用此语句来获取角色

Then in SecurityService.cs I am trying to get roles by using this statement

var roles = await _userManager.GetRolesAsync(user);

及其引发以下异常:

NotSupportedException:存储未实现IUserRoleStore
Microsoft.AspNetCore.Identity.UserManager.GetUserRoleStore()

NotSupportedException: Store does not implement IUserRoleStore
Microsoft.AspNetCore.Identity.UserManager.GetUserRoleStore()

我发现它的原因是AddIdentityCore:如果我使用 AddIdentity<User, IdentityRole>相反，它可以工作，但随后[Authorize]不起作用

I found it because of AddIdentityCore: If I use AddIdentity<User, IdentityRole> instead it works, but then [Authorize] doesn't work

有人遇到过类似的情况吗，或者为什么会发生这种情况?

Does anybody faced similar situation, or why it can happen?

推荐答案

使用AddIdentity<TUser, TRole>时，该调用将配置默认的身份验证方案，例如(

When you use AddIdentity<TUser, TRole>, that call configures the default authentication scheme, like so (source):

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
    options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
    options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
})

在您的Startup.ConfigureServices中，您具有以下内容，其中还设置默认的身份验证方案:

In your Startup.ConfigureServices, you have the following, which also sets the default authentication scheme:

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)

由于已定义顺序(AddIdentity在之后 AddAuthentication)，因此默认值是从Jwt更改为Identity，因此，当您使用[Authorize]时，身份验证过程为现在希望使用身份而不是Jwt.

Because of the order this is defined (AddIdentity is after AddAuthentication), the default is changing from Jwt to Identity, so that when you use [Authorize], the authentication process is now expecting to use Identity rather than Jwt.

要解决此问题，最简单的选择是切换AddIdentity和AddAuthentication的顺序，因此JwtBearer调用排在最后，因此获胜".您还需要更加明确，并同时设置DefaultAuthenticateScheme和DefaultChallengeScheme:

To resolve this, the simplest option is to switch the order of AddIdentity and AddAuthentication, so the JwtBearer call comes last and therefore "wins". You'll also need to be more explicit and set both DefaultAuthenticateScheme and DefaultChallengeScheme:

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(...);

另一种方法是在[Authorize]属性中明确显示，调出要使用的 身份验证方案，例如以下两行之一:

Another option is to be explicit in the [Authorize] attribute, calling out which authentication scheme you want to use, like either of the following two lines:

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[Authorize(AuthenticationSchemes = IdentityConstants.ApplicationScheme)]

第一个选项似乎最适合您的用例，但是很高兴知道，随着Identity的发展，第二个选项是否存在(如果有，例如，使用策略)就可以了.

It seems the first option would be most appropriate for your use-case, but it's good to know that this second option exists should you need it as you go further with Identity (there are more - e.g. using policies).

这篇关于Asp Core 2.1 Jwt +身份. userManager存储未实现IUserRoleStore的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！