ASP.NET核心API始终返回401,但包含承载令牌 [英] ASP.Net Core API always returns 401 but Bearer token is included
本文介绍了ASP.NET核心API始终返回401,但包含承载令牌的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
已尝试将标题中的授权更改为
[Authorize(AuthenticationSchemes = "Bearer")]
还访问了jwt.io以确保JWT令牌有效。
生成JWT令牌的函数
public User AuthenticateAdmin(string username, string password)
{
var user = _context.User
.FirstOrDefault(x => x.UserName == username
&& x.Password == password);
//return null if user is not found
if (user == null) return null;
//authentication successful so generate jwt token
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.Id.ToString()),
new Claim(ClaimTypes.Role, user.Role)
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials =
new SigningCredentials(
new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
user.Token = tokenHandler.WriteToken(token);
user.Password = null;
return user;
}
启动:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration
{
get;
}
public void ConfigureServices(IServiceCollection services)
{
services.Configure<AuthMessengerOptions>(Configuration);
var connection = @"Host=localhost;Database=PayArenaMock;Username=postgres;Password=tim";
services.AddDbContext<PayArenaMockContext>(
options => options.UseNpgsql(connection));
services.AddTransient<IEmailSender, EmailSender>();
// services.AddAuthorization(auth =>
// {
// auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
// .AddAuthenticationSchemes(
// JwtBearerDefaults.AuthenticationScheme)
// .RequireAuthenticatedUser().Build());
// });
services.AddCors();
// Note - this is on the IMvcBuilder, not the service collection
// services.AddMvcCore()
// .AddAuthorization()
// .AddJsonFormatters(options => options.ContractResolver =
// new CamelCasePropertyNamesContractResolver());
// services.AddMvcCore()
// .AddJsonFormatters(options =>
// options.ContractResolver = new CamelCasePropertyNamesContractResolver());
services.AddMvc()
.SetCompatibilityVersion(
CompatibilityVersion.Version_2_2);
//configure strongly typed settings objects
var appSettingsSection =
Configuration.GetSection("AppSettings");
services.Configure<AppSettings>(appSettingsSection);
//configure JWT authentication
var appSettings = appSettingsSection.Get<AppSettings>();
var key = Encoding.ASCII.GetBytes(appSettings.Secret);
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme =
JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme =
JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
});
services.AddScoped<IUserService,UserService>();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseCors(x => x
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader());
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc();
}
}
控制器:
//[Authorize(AuthenticationSchemes = "Bearer")]
[Authorize]
[Route("api/[controller]")]
[ApiController]
public class BusinessListingsController: ControllerBase
{
private readonly PayArenaMockContext _context;
public BusinessListingsController(PayArenaMockContext context)
{
_context = context;
}
// GET: api/BusinessListings
[HttpGet]
//[AllowAnonymous]
//[Authorize(Roles = Role.Admin)]
public async Task<ActionResult<IEnumerable<BusinessListing>>>
GetBusinessListing()
{
//var businesslisting = _context.BusinessListing
// .Include(b => b.CategoryNameNav);
var businesslisting = await _context
.BusinessListing
.ToListAsync();
return Ok(businesslisting);
}
}
推荐答案
我遇到了同样的问题,但在移动后
app.UseAuthentication();
至第
行之前app.UseAuthorization();
在
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
..
app.UseAuthentication();
..
app.UseAuthorization();
...
}
成功了。
这篇关于ASP.NET核心API始终返回401,但包含承载令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文