智威汤逊的令牌不与JwtAuthForWebAPI网站API2认证认可 [英] JWT token not accepted by Web APi2 authentication with JwtAuthForWebAPI
问题描述
我也跟着教程,但它似乎不智威汤逊正常工作,但它的基本身份验证是好的。
我下载并安装JwtAuthForWebAPI。我也产生了JWT令牌,并尝试做一个API调用,但误差 HTTP / 1.1 401未经授权。
< STRONG>我一定要实现/修改任何从智威汤逊债权转让给&Thread.CurrentPrincipal中放; ?HttpContext.CurrentPrincipal
我的代码非常简单:
的global.asax.cs:
GlobalConfiguration.Configuration.MessageHandlers.Add(
新JwtAuthenticationMessageHandler
{
AllowedAudience = reader.AllowedAudience,
发行人=读者。发行人,
SigningToken = builder.CreateFromKey(reader.SymmetricKey)
});
Web.config文件:
< configSections>
<节名称=log4net的TYPE =log4net.Config.Log4NetConfigurationSectionHandler,log4net的/>
<节名称=JwtAuthForWebAPITYPE =JwtAuthForWebAPI.JwtAuthForWebApiConfigurationSection/>
< / configSections>
< JwtAuthForWebAPI
AllowedAudience =http://www.example.com
发行人=总公司
SymmetricKey =cXdlcnR5dWlvcGFzZGZnaGprbHp4Y3Zibm0xMjM0NTY =
/>
调用示例
GET HTTP://本地主机:34669 / API / V1 /任务/ 8 HTTP / 1.1
主机:本地主机:34669
授权:承载eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJjb3JwIiwiYXVkIjoiaHR0cDovL3d3dy5leGFtcGxlLmNvbSIsIm5iZiI6MTQwMDU1Mzc1NywiZXhwIjoxNzE2MTcyOTU3LCJ1bmlxdWVfbmFtZSI6ImJob2dnIiwiZ2l2ZW5fbmFtZSI6IkJvc3MiLCJmYW1pbHlfbmFtZSI6IkhvZ2ciLCJyb2xlIjpbIk1hbmFnZXIiLCJKdW5pb3JXb3JrZXIiXX0.Ls73kz80rCaCNqzc3K32BVO9_LnJDL8c1g5AXKIzn8w
哈哈,我发现错误在书中的教程:)
有在我的例子中一个错误的智威汤逊值:)正确的调用应该看起来是这样的。我不得不手动重新JWT令牌
GET HTTP://本地主机:34669 / API / V1 /任务/ 8 HTTP / 1.1
主机:本地主机:34669
授权:承载eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1bmlxdWVfbmFtZSI6ImJob2dnIiwiZ2l2ZW5fbmFtZSI6IkJvc3MiLCJmYW1pbHlfbmFtZSI6IkhvZ2ciLCJyb2xlIjpbIk1hbmFnZXIiLCJTZW5pb3JXb3JrZXIiLCJKdW5pb3JXb3JrZXIiXSwiaXNzIjoiY29ycCIsImF1ZCI6Imh0dHA6Ly93d3cuZXhhbXBsZS5jb20iLCJleHAiOjE3NTIwNjgzNjAsIm5iZiI6MTQzNjQ0OTE2MH0.t1lK0ZEA_IZbdiiYeJuuLVeeh1CFSiodzmRPdmezv3c
I followed the tutorial but it's seems not working properly with JWT, but it was ok for basic authentication.
I downloaded and installed JwtAuthForWebAPI. I also generated JWT token and trying to do a API call but error is HTTP/1.1 401 Unauthorized.
Do I have to implement/modify anything to transfer claims from JWT to Thread.CurrentPrincipal & HttpContext.CurrentPrincipal?
My code is quite simple: global.asax.cs:
GlobalConfiguration.Configuration.MessageHandlers.Add(
new JwtAuthenticationMessageHandler
{
AllowedAudience = reader.AllowedAudience,
Issuer = reader.Issuer,
SigningToken = builder.CreateFromKey(reader.SymmetricKey)
});
Web.config:
<configSections>
<section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />
<section name="JwtAuthForWebAPI" type="JwtAuthForWebAPI.JwtAuthForWebApiConfigurationSection"/>
</configSections>
<JwtAuthForWebAPI
AllowedAudience="http://www.example.com"
Issuer="corp"
SymmetricKey="cXdlcnR5dWlvcGFzZGZnaGprbHp4Y3Zibm0xMjM0NTY="
/>
Call example
GET http://localhost:34669/api/v1/tasks/8 HTTP/1.1
Host: localhost:34669
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJjb3JwIiwiYXVkIjoiaHR0cDovL3d3dy5leGFtcGxlLmNvbSIsIm5iZiI6MTQwMDU1Mzc1NywiZXhwIjoxNzE2MTcyOTU3LCJ1bmlxdWVfbmFtZSI6ImJob2dnIiwiZ2l2ZW5fbmFtZSI6IkJvc3MiLCJmYW1pbHlfbmFtZSI6IkhvZ2ciLCJyb2xlIjpbIk1hbmFnZXIiLCJKdW5pb3JXb3JrZXIiXX0.Ls73kz80rCaCNqzc3K32BVO9_LnJDL8c1g5AXKIzn8w
Haha, I found error in the book's tutorial:)
There was a wrong JWT value in my example:) The proper call should looks like this. I had to recreate JWT token manually.
GET http://localhost:34669/api/v1/tasks/8 HTTP/1.1
Host: localhost:34669
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1bmlxdWVfbmFtZSI6ImJob2dnIiwiZ2l2ZW5fbmFtZSI6IkJvc3MiLCJmYW1pbHlfbmFtZSI6IkhvZ2ciLCJyb2xlIjpbIk1hbmFnZXIiLCJTZW5pb3JXb3JrZXIiLCJKdW5pb3JXb3JrZXIiXSwiaXNzIjoiY29ycCIsImF1ZCI6Imh0dHA6Ly93d3cuZXhhbXBsZS5jb20iLCJleHAiOjE3NTIwNjgzNjAsIm5iZiI6MTQzNjQ0OTE2MH0.t1lK0ZEA_IZbdiiYeJuuLVeeh1CFSiodzmRPdmezv3c
这篇关于智威汤逊的令牌不与JwtAuthForWebAPI网站API2认证认可的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
