使用.NET Core 2的AddJwtBearer时,Authorize属性不会重定向到“登录"页面 [英] Authorize attribute does not redirect to Login page when using .NET Core 2's AddJwtBearer
问题描述
使用新的AddJwtBearer时,我无法制作任何示例.我有一个归属于Authorize的HomeController:
I can't make any samples to work when using the new AddJwtBearer. I have a HomeController attributed with Authorize:
[Authorize]
public class HomeController : Controller
{
public IActionResult Index()
{
return View();
}
}
我正在尝试新的ASP.NET Core AddJwtBearer,并且在services.AddMvc()之前的ConfigureServices中有此代码:
I was trying out the new ASP.NET Core AddJwtBearer and I have this code in ConfigureServices just before services.AddMvc():
services.AddAuthentication(opts =>
{
opts.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
opts.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
opts.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(opts =>
{
opts.RequireHttpsMetadata = false;
opts.SaveToken = true;
opts.TokenValidationParameters = new TokenValidationParameters()
{
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("mysupersecretkey")),
ValidIssuer = "issuer,
ValidAudience = "audience",
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
};
});
,在启动"中的"Configure"方法中,我在app.UseMvc()之前有这个
and in Configure method in Startup, I have this just before app.UseMvc()
app.UseAuthentication();
我希望它重定向到登录页面(不具有Authorize属性),因此我可以输入用户名和密码,然后创建一个令牌以进行成功使用,但是我总是重定向到空白页面.
I was expecting it to redirect to Login page (which do not have Authorize attribute) so I can enter username and password and then create a token for succeeding use but I always get redirected to a blank page.
我尝试使用邮递员导航Home/Index,正文为空,并且标头中包含:
I tried navigating Home/Index using postman, body was empty and in the header there is:
WWW-Authenticate →Bearer error="invalid_token", error_description="The token is expired"
如果我使用cookie身份验证,它将重定向到登录"页面.在以前的版本(UseJwtBearerAuthentication)中,此重定向使我可以输入密码并获得令牌.
If I use cookie authentication, it redirects to Login page. In the previous version (UseJwtBearerAuthentication), this redirected allowing me to enter a password and get a token.
我期待的是错误的行为还是我错过了什么?
Am I expecting the wrong behavior or am I missing something?
推荐答案
我认为您期望错误的行为. JWT Bearer令牌通常在调用API时使用.对于另一个应用程序调用您的API的功能不是很有用,例如HttpClient获得重定向作为响应. 401质询直接告诉呼叫者他们需要进行身份验证.
I think you expect the wrong behaviour. JWT Bearer tokens are mostly used when calling APIs. It is not very useful for another app calling your API with e.g. HttpClient to get a redirect as a response. A 401 challenge directly tells the caller that they need to authenticate.
如果您使用此API的前端JavaScript,则应在其中添加401状态代码的校验,然后从客户端重定向到登录页面.
If you have front-end JavaScript using this API, you should add a check there for the 401 status code, and redirect to the login page from the client-side.
You can see the source code here: https://github.com/aspnet/Security/blob/dev/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs#L194
它设置401状态代码并返回正确的错误.
It sets a 401 status code and returns the proper error.
尽管,看一下代码,我想您也可以通过OnChallenge事件从服务器端进行重定向.就个人而言,除了API之外,我不会重定向到登录页面.
Though, looking at the code, I guess you could do the redirect from server-side as well, by using the OnChallenge event. Personally I would not except an API to do redirects to login pages.
这篇关于使用.NET Core 2的AddJwtBearer时,Authorize属性不会重定向到“登录"页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
