无法使用ASP.NET Core从JWT令牌获得声明 [英] Can't get claims from JWT token with ASP.NET Core
问题描述
我正在尝试使用ASP.NET Core做一个非常简单的JWT承载身份验证实现.我从控制器返回如下响应:
I'm trying to do a really simple implementation of JWT bearer authentication with ASP.NET Core. I return a response from a controller a bit like this:
var identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ClaimTypes.Name, applicationUser.UserName));
var jwt = new JwtSecurityToken(
_jwtOptions.Issuer,
_jwtOptions.Audience,
identity.Claims,
_jwtOptions.NotBefore,
_jwtOptions.Expiration,
_jwtOptions.SigningCredentials);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
return new JObject(
new JProperty("access_token", encodedJwt),
new JProperty("token_type", "bearer"),
new JProperty("expires_in", (int)_jwtOptions.ValidFor.TotalSeconds),
new JProperty(".issued", DateTimeOffset.UtcNow.ToString())
);
我有用于传入请求的Jwt中间件:
I have Jwt middleware for incoming requests:
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = tokenValidationParameters
});
这似乎可以用authorize属性保护资源,但是声明永远不会出现.
This seems to work to protect resources with the authorize attribute, but the claims never show up.
[Authorize]
public async Task<IActionResult> Get()
{
var user = ClaimsPrincipal.Current.Claims; // Nothing here
推荐答案
您不能在ASP.NET Core应用程序中使用ClaimsPricipal.Current
,因为它不是由运行时设置的.您可以阅读 https://github.com/aspnet/Security/issues/322 更多信息.
You can't use ClaimsPricipal.Current
in an ASP.NET Core application, as it's not set by the runtime. You can read https://github.com/aspnet/Security/issues/322 for more information.
相反,请考虑使用ControllerBase
公开的User
属性.
Instead, consider using the User
property, exposed by ControllerBase
.
这篇关于无法使用ASP.NET Core从JWT令牌获得声明的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!