使用Asp.net Core 2.1的JWT身份验证仅适用于本地主机

时间:2019-04-05 09:51:57

标签: asp.net-core-mvc jwt authorization asp.net-core-2.1

我向现有的aspnet核心mvc Web应用程序添加了JWT身份验证,以保护移动应用程序的api。

我使用了多身份验证和MultiPolicies进行授权(具有身份和JWT的Cookie),我使用邮递员和移动应用程序在localhost上对其进行了测试,并且工作正常。但是当我将其部署到远程服务器上时,我无法工作。身份验证和令牌生成有效,但是当我通过httpget请求访问api时,将重定向到mvc登录页面。 我的Startup.cs包含以下内容:

services.AddAuthentication().AddCookie(options =>
        {
            options.Cookie.HttpOnly = identityDefaultOptions.CookieHttpOnly;
            options.Cookie.Expiration = TimeSpan.FromDays(identityDefaultOptions.CookieExpiration);
            options.LoginPath = identityDefaultOptions.LoginPath; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login
            options.LogoutPath = identityDefaultOptions.LogoutPath; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout
            options.AccessDeniedPath = identityDefaultOptions.AccessDeniedPath; // If the AccessDeniedPath is not set here, ASP.NET Core will default to /Account/AccessDenied
            options.SlidingExpiration = identityDefaultOptions.SlidingExpiration;
        })
        .AddJwtBearer(options =>
        {
            options.TokenValidationParameters = tokenValidationParameters;
            options.Audience = jwtAppSettingsOptions[nameof(JwtIssuerOptions.Audience)];
            options.RequireHttpsMetadata = bool.Parse(jwtAppSettingsOptions[nameof(JwtIssuerOptions.RequireHttpsMetadata)]);
        });
        services.AddMvc(config =>
        {
            var policy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .Build();
            config.Filters.Add(new RequireHttpsAttribute());
            config.Filters.Add(new AuthorizeFilter(policy));

        }).AddJsonOptions(opt =>
                opt.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver())
        .AddJsonOptions(opt => opt.SerializerSettings
            .ReferenceLoopHandling = ReferenceLoopHandling.Ignore).AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix)
            // Add support for localizing strings in data annotations (e.g. validation messages) via the
            // IStringLocalizer abstractions.
            .AddDataAnnotationsLocalization();
        services.AddAuthorization(options => 
        {
            options.AddPolicy("ApiUserPolicy", policy => policy.RequireClaim("JwtRole", "ID"));

            });

login-localhost 这是在localhost whith postman中登录的屏幕截图。 login- production env 这是使用带生产环境的邮递员的登录信息。 get - localhost 这是本地主机上的请求,它可以正常工作,我得到了json结果。 get - production env 在这里,我将此重定向到了mvc登录页面。

1 个答案:

答案 0 :(得分:0)

通过在 startup.cs 上进行一些更改来解决我的问题,我从服务中删除了策略过滤器。AddMVC选项定义并添加了像这样的授权定义的两个授权策略:

services.AddAuthentication().AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
        {
            options.Cookie.HttpOnly = identityDefaultOptions.CookieHttpOnly;
            options.Cookie.Expiration = TimeSpan.FromDays(identityDefaultOptions.CookieExpiration);
            options.LoginPath = identityDefaultOptions.LoginPath; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login
            options.LogoutPath = identityDefaultOptions.LogoutPath; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout
            options.AccessDeniedPath = identityDefaultOptions.AccessDeniedPath; // If the AccessDeniedPath is not set here, ASP.NET Core will default to /Account/AccessDenied
            options.SlidingExpiration = identityDefaultOptions.SlidingExpiration;
        })
        .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
        {
            options.TokenValidationParameters = tokenValidationParameters;
            options.Audience = jwtAppSettingsOptions[nameof(JwtIssuerOptions.Audience)];
            options.RequireHttpsMetadata = bool.Parse(jwtAppSettingsOptions[nameof(JwtIssuerOptions.RequireHttpsMetadata)]);
        });
        services.AddMvc(config =>
        {
            config.Filters.Add(new RequireHttpsAttribute());
        }).AddJsonOptions(opt =>
                opt.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver())
        .AddJsonOptions(opt => opt.SerializerSettings
            .ReferenceLoopHandling = ReferenceLoopHandling.Ignore).AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix)
            // Add support for localizing strings in data annotations (e.g. validation messages) via the
            // IStringLocalizer abstractions.
            .AddDataAnnotationsLocalization();
        services.AddAuthorization(options => 
        {
            options.AddPolicy(CookieAuthenticationDefaults.AuthenticationScheme, new AuthorizationPolicyBuilder()
    .RequireAuthenticatedUser()
    .AddAuthenticationSchemes(CookieAuthenticationDefaults.AuthenticationScheme)
    .Build());

            options.AddPolicy("ApiUserPolicy", new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .RequireClaim("JwtRole", "ID")
                .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
                .Build());
        });

要了解更多有关策略和authentificationSchemas的授权如何检查此answer

相关问题
最新问题