JWT Bearer 令牌身份验证在 ASP.NET Core Web API 中失败

问题描述 投票:0回答:1

我有一个使用 JWT Bearer 令牌身份验证设置的 ASP.NET Core Web API 应用程序,但我面临令牌验证失败的问题。我已经使用 Postman 测试了令牌,但它在那里也不起作用。问题似乎出在服务器端。

下面是我的Startup.cs中设置认证的相关代码:

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidIssuer = jwtAuth.Issuer,
            ValidateAudience = true,
            ValidAudience = jwtAuth.Audience,
            ValidateLifetime = true,
            IssuerSigningKey = jwtAuth.GetSecurityKey(),
            ValidateIssuerSigningKey = true,
        };
    });

这是生成 JWT 令牌的代码:

var authClaims = new List<Claim>
  {
      new (ClaimTypes.Name, user.UserName!),
      new (JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
  };

// No role claims are added since I'm not using roles

var token = new JwtSecurityTokenHandler().WriteToken(_jwtConfiguration.GetToken(authClaims));

获取代币方法:

public JwtSecurityToken GetToken(IEnumerable<Claim> claims)
    {
        return new JwtSecurityToken(
            issuer: Issuer,
            audience: Audience,
            notBefore: DateTime.Now,
            claims: claims,
            expires: DateTime.Now.Add(TimeSpan.FromMinutes(LifetimeInMinutes)),
            signingCredentials: new SigningCredentials(GetSecurityKey(), SecurityAlgorithms.HmacSha256));
    }

这是具有 [Authorize] 属性的安全方法:

[HttpPost("/auth/test")]
[Authorize]
public async Task<ActionResult> TestAuthorization()
{
    return Ok();
}

当我使用 Postman 或我的 Flutter 客户端对此进行测试时,出现以下错误:

[23:35:31 INF] Request starting HTTP/1.1 POST http://10.0.2.2:5180/auth/test - 0
[23:35:31 INF] Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
[23:35:31 INF] AuthenticationScheme: Bearer was challenged.
[23:35:31 INF] Request finished HTTP/1.1 POST http://10.0.2.2:5180/auth/test - 0 - 401 0 - 30.5047ms

顺便说一下,这是我的 Flutter 代码:

final url = Uri.parse("${Config.baseUrl}/auth/google");

final Map response = json.decode((await http.post(url, body: {
  'code': signIn?.serverAuthCode,
}))
    .body);

final result = response['result'] as Map;

await http.post(Uri.parse('${Config.baseUrl}/auth/test'), headers: {
  HttpHeaders.authorizationHeader: 'Bearer ${result['accessToken']}',
});

我试过用这种方式生成token:

var tokenDescriptor = new SecurityTokenDescriptor
{
    Subject = new ClaimsIdentity(authClaims),
    Expires = DateTime.UtcNow.AddHours(1),
    SigningCredentials = new SigningCredentials(jwtAuth.GetSecurityKey(), SecurityAlgorithms.HmacSha256Signature),
    Issuer = jwtAuth.Issuer,
    Audience = jwtAuth.Audience,
};

var tokenHandler = new JwtSecurityTokenHandler();
var securityToken = tokenHandler.CreateToken(tokenDescriptor);
var accessToken = tokenHandler.WriteToken(securityToken);
asp.net asp.net-core authentication jwt authorization
1个回答
0
投票

我放

app.UseAuthentication();

之前

app.UseAuthorization();

这解决了我的问题

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.