Asp Core 2.1 Jwt +身份. userManager存储未实现IUserRoleStore [英] Asp Core 2.1 Jwt + Identity. userManager store does not implement IUserRoleStore
问题描述
我正在尝试在ASP Net Core 2.1中使用Jwt身份验证和身份
I am trying to work with Jwt auth and Identity in ASP Net Core 2.1
在我的Startup.cs中,我有:
In my Startup.cs I have:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = AuthOptions.ISSUER,
ValidateAudience = true,
ValidAudience = AuthOptions.AUDIENCE,
ValidateLifetime = true,
IssuerSigningKey = AuthOptions.GetSymmetricSecurityKey(),
ValidateIssuerSigningKey = true,
};
});
var builder = services.AddIdentityCore<User>(options =>
{
// Password settings
...
// Lockout settings
...
// User settings
options.User.RequireUniqueEmail = true;
}).AddEntityFrameworkStores<ApplicationDbContext>();
builder = new IdentityBuilder(builder.UserType,typeof(IdentityRole),builder.Services);
builder = new IdentityBuilder(builder.UserType, typeof(IdentityRole), builder.Services);
然后在SecurityService.cs中,我试图通过使用此语句来获取角色
Then in SecurityService.cs I am trying to get roles by using this statement
var roles = await _userManager.GetRolesAsync(user);
及其引发以下异常:
NotSupportedException:存储未实现IUserRoleStore
Microsoft.AspNetCore.Identity.UserManager.GetUserRoleStore()
NotSupportedException: Store does not implement IUserRoleStore
Microsoft.AspNetCore.Identity.UserManager.GetUserRoleStore()
我发现它的原因是AddIdentityCore
:如果我使用
AddIdentity<User, IdentityRole>
相反,它可以工作,但随后[Authorize]
不起作用
I found it because of AddIdentityCore
: If I use
AddIdentity<User, IdentityRole>
instead it works, but then [Authorize]
doesn't work
有人遇到过类似的情况吗,或者为什么会发生这种情况?
Does anybody faced similar situation, or why it can happen?
推荐答案
使用AddIdentity<TUser, TRole>
时,该调用将配置默认的身份验证方案,例如(
When you use AddIdentity<TUser, TRole>
, that call configures the default authentication scheme, like so (source):
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
})
在您的Startup.ConfigureServices
中,您具有以下内容,其中还设置默认的身份验证方案:
In your Startup.ConfigureServices
, you have the following, which also sets the default authentication scheme:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
由于已定义顺序(AddIdentity
在之后 AddAuthentication
),因此默认值是从Jwt更改为Identity,因此,当您使用[Authorize]
时,身份验证过程为现在希望使用身份而不是Jwt.
Because of the order this is defined (AddIdentity
is after AddAuthentication
), the default is changing from Jwt to Identity, so that when you use [Authorize]
, the authentication process is now expecting to use Identity rather than Jwt.
要解决此问题,最简单的选择是切换AddIdentity
和AddAuthentication
的顺序,因此JwtBearer调用排在最后,因此获胜".您还需要更加明确,并同时设置DefaultAuthenticateScheme
和DefaultChallengeScheme
:
To resolve this, the simplest option is to switch the order of AddIdentity
and AddAuthentication
, so the JwtBearer call comes last and therefore "wins". You'll also need to be more explicit and set both DefaultAuthenticateScheme
and DefaultChallengeScheme
:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(...);
另一种方法是在[Authorize]
属性中明确显示,调出要使用的 身份验证方案,例如以下两行之一:
Another option is to be explicit in the [Authorize]
attribute, calling out which authentication scheme you want to use, like either of the following two lines:
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[Authorize(AuthenticationSchemes = IdentityConstants.ApplicationScheme)]
第一个选项似乎最适合您的用例,但是很高兴知道,随着Identity的发展,第二个选项是否存在(如果有,例如,使用策略)就可以了.
It seems the first option would be most appropriate for your use-case, but it's good to know that this second option exists should you need it as you go further with Identity (there are more - e.g. using policies).
这篇关于Asp Core 2.1 Jwt +身份. userManager存储未实现IUserRoleStore的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!