MVC 应用程序中的 User.Claims 为空 [英] User.Claims Is Empty In MVC Application

问题描述

我正在将我的 .NET Core 2.2 MVC 应用程序升级到 3.0.在这个应用程序中，我使用 JWT 令牌对控制器进行身份验证.该令牌包含多个声明，但是当我尝试通过 User.Claims 访问它们时，结果列表始终为空.

I'm working on upgrading my .NET Core 2.2 MVC application to 3.0. In this application I'm authenticating to a controller using a JWT token. The token contains several claims, but when I try to access them through User.Claims the resulting list is always empty.

在我的 Startup.cs 中，我的身份验证设置如下:

In my Startup.cs I have the authentication setup like so:

public class Startup
{
    public void ConfigureServices(IServiceCollection services)
    {
        // Code removed for clarity //

        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options =>
            {
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = true,
                    ValidateAudience = true,
                    ValidateLifetime = true,
                    ValidateIssuerSigningKey = true,
                    ValidIssuer = JwtManager.Issuer,
                    ValidAudience = "MyAudience",
                    IssuerSigningKey = "MySigningKey"
                };
            });
    }
}

在 Core 2.2 中，我能够使用类似于以下的代码访问我的声明:

In Core 2.2 I was able to access my claims using code similar to the following:

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
public class MyController : Controller
{
    [HttpGet("MyController/Action")]
    public ActionResult<Aggregate[]> GetAction()
    {
        var username = User.FindFirstValue("MyUsernameClaim");
        if (username == null)
        {
            return Forbid();
        }       
        // Do Stuff //
    }
}

但是，当我将相同的代码迁移到 Core 3.0 时，我正确地进行了身份验证，但是我没有收到 User 对象的声明.

However, when I migrate the same code to Core 3.0, I authenticate properly, but I get no claims for the User object.

我是否错过了将其转换为 3.0 的步骤?User 是否不再自动填充信息或其他内容?

Did I miss a step in converting this to 3.0? Does User not get automatically populated with information anymore or something?

推荐答案

似乎用户根本没有经过身份验证.

It seems the user isn't authenticated at all.

随着 asp.net core 3.0 路由已更改为端点路由.您可以通过设置 EnableEndpointRouting = false 来选择退出.

With asp.net core 3.0 routing has changed to Endpoint routing. You can opt-out by setting EnableEndpointRouting = false.

但这里的情况似乎并非如此.这意味着您在使用某些服务时必须包含这些服务，例如身份验证和授权:

But that seems not the case here. That means you'll have to include certain services when you use them, like authentication and authorization:

public void Configure(IApplicationBuilder app)
{
  ...

  app.UseStaticFiles();

  app.UseRouting();
  app.UseCors();

  app.UseAuthentication();
  app.UseAuthorization();

  app.UseEndpoints(endpoints => {
     endpoints.MapControllers();
  });

最重要的是，按照这个顺序.如此处所述:迁移 Startup.Configure.

And most important, in that order. As documentated here: Migrate Startup.Configure.

这篇关于MVC 应用程序中的 User.Claims 为空的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！