将Web API身份验证从.NET Core 1.1迁移到2.0 [英] Migrating web api authentication from .NET Core 1.1 to 2.0

问题描述

我正在尝试将旧的身份验证转换为.NET 2.0.我有以下代码:

I'm trying to convert my old authentication to .NET 2.0. I had the following code:

app.UseJwtBearerAuthentication(new JwtBearerOptions
{
    AutomaticAuthenticate = true,
    IncludeErrorDetails = true,
    Authority = "https://securetoken.google.com/xxxxx",
    TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidIssuer = "https://securetoken.google.com/xxxxxx",
        ValidateAudience = true,
        ValidAudience = "xxxx",
        ValidateLifetime = true,
    },
});

我的新代码如下:

public void Configure(...)
{
    ...
    app.UseAuthentication();
    ...
}

public void ConfigureServices(IServiceCollection services)
{
    ...
    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(options =>
        {
            options.RequireHttpsMetadata = false;
            options.IncludeErrorDetails = true;
            options.Authority = "https://securetoken.google.com/xxxxxx";
            options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = true,
                ValidIssuer = "https://securetoken.google.com/xxxxx",
                ValidateAudience = true,
                ValidAudience = "xxxxxx",
                ValidateLifetime = true,
            };
        }); 
    ...
    services.AddMvc();
    services.AddAuthorization(......);
}

但是在2.0中，我得到了404响应.如果我从端点删除[Authorize]属性，它将起作用.我的输出窗口显示如下:

But in 2.0 I'm getting a 404 response. If I remove the [Authorize] attribute from my endpoint, it works. My output window shows this:

Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求 开始HTTP/1.1 GET http://localhost:62423/api/users/info
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:信息: 用户授权失败:(空). Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:信息: 过滤器中的请求授权失败 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'. Microsoft.AspNetCore.Mvc.ChallengeResult:信息:正在执行 带有身份验证方案()的ChallengeResult.

Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:62423/api/users/info
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: (null). Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'. Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().

Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:信息: AuthenticationScheme:Identity.Application已受到挑战. Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:信息: 已执行的动作 SORTE.API.ContentManager.Controllers.UsersController.Info (SORTE.API.ContentManager)在24.0837毫秒内 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求 于35.2446毫秒完成302 Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求 开始HTTP/1.1 GET http://localhost:62423/Account/Login?ReturnUrl =％2Fapi％ 2Fusers％2Finfo
Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求 在5.8149ms内完成404

Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information: AuthenticationScheme: Identity.Application was challenged. Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action SORTE.API.ContentManager.Controllers.UsersController.Info (SORTE.API.ContentManager) in 24.0837ms Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 35.2446ms 302 Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:62423/Account/Login?ReturnUrl=%2Fapi%2Fusers%2Finfo
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 5.8149ms 404

由于日志错误，似乎正在尝试将我重定向到/Account/Login，但是我没有这样的终结点，我的项目是Web API.

From the log errors, it seems that it's trying to redirect me to /Account/Login, but I don't have such endpoint, my project is a Web API.

我缺少一些配置吗?

推荐答案

直到我阅读此.

当我们使用Authorize属性时，默认情况下它实际上绑定到第一个身份验证系统.

When we use the Authorize attribute, it actually binds to the first authentication system by default.

解决方案是指定要使用的方案(JwtBearer):

The solution was especify wich scheme to use (JwtBearer):

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme, Policy = "PoliceName")]

现在我可以获得状态200(带有有效令牌)和401(未经授权-无效令牌)

Now i can get status 200 (with valid token) and 401 (unauthorized - invalid token)

这篇关于将Web API身份验证从.NET Core 1.1迁移到2.0的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！