从 ASP.NET Core 2.2 迁移后，ASP.NET Core 3.1.1 Jwt 重定向而不是返回 http 状态 401 [英] ASP.NET Core 3.1.1 Jwt redirects instead of returning http status 401 after migration from ASP.NET Core 2.2

问题描述

将我的网站从 .NET Core 2.2 迁移到 3.1.1 后，我的 api 端点突然开始尝试将我的 api 请求重定向到默认登录页面(/Account/Login?ReturnUrl=，其中我的任何路线中都没有).

After migrating my website from .NET Core 2.2 to 3.1.1, my api endpoints suddenly started trying to redirect my api request to a default login page (/Account/Login?ReturnUrl=, which I don't even have in any of my routes).

我的 api 正在使用 JWT 承载身份验证方案和 JWT 挑战方案，但仍然发生了重定向.

My api is using a JWT bearer authentication scheme, with JWT Challenge Scheme, but still the redirect happened.

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})

我终于找到了解决问题的方法，但我不知道为什么它真的有帮助.

I finally found a solution to the problem, but I have no idea why it actually helped.

最初我将我的服务设置为:

Initially I had my services set as:

services
  .AddIdentity<IdentityUser, IdentityRole>()
  .AddSignInManager()
  .AddEntityFrameworkStores<CleWebToolsIdentityDbContext>();

但这确实是重定向.

最终解决我的问题的是将它们设置为:

What finally solved my problem was setting them to:

services
  .AddIdentityCore<IdentityUser>()
  .AddRoles<IdentityRole>()
  .AddSignInManager()
  .AddEntityFrameworkStores<CleWebToolsIdentityDbContext>();

谁能告诉我这里发生了什么?

Can somebody tell me what is going on here?

即使挑战方案应该是 JWT，AddIdentity 方法如何导致重定向?

How does the AddIdentity-method cause the redirect, even though the challenge scheme should be JWT?

推荐答案

那是因为 AddIdentity 为应用程序本身注册了默认的基于 Cookie 的身份验证方案，外部登录(例如 Facebook 和 Google) 和 2FA .如果您将 services.AddIdentity() 放在 AddJwtBearer 配置下方，它将重置默认架构，为避免这种情况，您可以将身份配置放在jwt承载配置:

That is because AddIdentity registers the default Cookie-based authentication schemes for the application itself, external sign-in (e.g. Facebook and Google), and 2FA . It will reset the default schema if you put services.AddIdentity<IdentityUser, IdentityRole>() below the AddJwtBearer config , to avoid this , you can put the identity config above the jwt bearer config :

services
.AddIdentity<IdentityUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>().AddDefaultTokenProviders().AddDefaultUI();

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
  ....

});

使用 AddIdentityCore 有效，因为它不会注册默认的基于 Cookie 的身份验证方案，请参阅 AddIdentity vs AddIdentityCore 了解更多详情.

Use AddIdentityCore works because it won't registers the default Cookie-based authentication schemes , see AddIdentity vs AddIdentityCore for more details.

这篇关于从 ASP.NET Core 2.2 迁移后，ASP.NET Core 3.1.1 Jwt 重定向而不是返回 http 状态 401的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！