如何在.net Core 2.2中实现JWT令牌
我已经为此奋斗了几个小时,而且似乎无法追踪为什么我对启用了[Authorize]的端点的所有呼叫均因401而失败。
在我的.Net Core 2.2 Web API项目中,在Startup.cs中,我设置了身份验证:
public void ConfigureServices(IServiceCollection services)
{
var jwtSettings = new JwtSettings();
Configuration.Bind(nameof(jwtSettings), jwtSettings);
services.AddSingleton(jwtSettings);
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
// Add the JWT Bearer token configuration
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("craigcraigcraigcraigcraigcraig")),//jwtSettings.Secret)),
ValidateIssuer = false,
ValidateAudience = false,
RequireExpirationTime = false,
ValidateLifetime = true
};
});
services.AddSwaggerGen(x =>
{
x.SwaggerDoc("v1", new Info { Title = "My Backend", Version = "v1" });
var security = new Dictionary<string, IEnumerable<string>>
{
{"Bearer", new string[0]}
};
x.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
Description = "JWT Authorisation header using the bearer scheme",
Name = "Authorisation",
In = "header",
Type = "apiKey"
});
x.AddSecurityRequirement(security);
});
}
- 注意,我不确定我的密钥,因为我不确定是否是问题所在。
然后,在配置中,我告诉我的应用UseAuthentication,同时确保Swagger知道我需要一些授权帮助。
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseAuthentication();
// This is getting the seetings from a 'SwaggerOptions' section within appSettings.[Env].json, and bind that data to the SwaggerOptions class.
var swaggerOptions = new Options.SwaggerOptions();
Configuration.GetSection(nameof(Options.SwaggerOptions)).Bind(swaggerOptions);
app.UseSwagger(option => { option.RouteTemplate = swaggerOptions.JsonRoute; });
app.UseSwaggerUI(option => { option.SwaggerEndpoint(swaggerOptions.UiEndpoint, swaggerOptions.Description); });
app.UseMvc();
}
我有一个接受用户名和密码的端点。我进行了一些检查,如果用户名和密码正确,则会生成一个令牌:
private string GenerateToken(UserDto user)
{
var key = Encoding.ASCII.GetBytes("craigcraigcraigcraigcraigcraig");// config.GetSection("JwtSettings").GetSection("Secret").Value);
var singingKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(key);
var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor()
{
Subject = new ClaimsIdentity(new[]
{
new Claim(JwtRegisteredClaimNames.Sub, user.Email),
new Claim(JwtRegisteredClaimNames.GivenName, user.Firstname),
new Claim(JwtRegisteredClaimNames.FamilyName, user.Surname),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Email, user.Email),
new Claim("id", user.Id.ToString())
}),
Expires = DateTime.UtcNow.AddHours(2),
SigningCredentials = new SigningCredentials(singingKey, SecurityAlgorithms.HmacSha256)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return tokenHandler.WriteToken(token);
}
此令牌返回我的Swagger前端,看起来还可以。
我大摇大摆地回答:
{
"success": true,
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtZUBoZXJlLmNvbSIsImdpdmVuX25hbWUiOiJDcmFpZyIsImZhbWlseV9uYW1lIjoiU21pdGgiLCJqdGkiOiI2ZWJkYjk4MC1iZWM0LTQzMTctOTkwYy1kN2Q3Mzk4MmY3Y2QiLCJlbWFpbCI6Im1lQGhlcmUuY29tIiwiaWQiOiIzMjA3YWZkOC1kMTU5LTQwNTgtYmVlNS1kZmRmYzBhYzBlODgiLCJuYmYiOjE1NjM4NzI4ODYsImV4cCI6MTU2Mzg4MDA4NiwiaWF0IjoxNTYzODcyODg2fQ.FGuc5qU-3QoIJBodYf6yi3Wi9Q9RS2kdp0NHaCrplaY"
}
我在jwt.ms中对此进行了验证:
因此,在这一点上,我已经生成了一个有效的JWT(我认为)。
我有一个测试端点。我在Swagger中“授权”(单击“授权”,键入“ Bearer”并粘贴令牌。
当我执行“ Autorize”端点时,我会把它找回来
卷曲-X GET“ https://localhost:44370/api/accounts” -H“接受: application / json“ -H”授权:承载 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtZUBoZXJlLmNvbSIsImdpdmVuX25hbWUiOiJDcmFpZyIsImZhbWlseV9uYW1lIjoiU21pdGgiLCJqdGkiOiI2ZWJkYjk4MC1iZWM0LTQzMTctOTkwYy1kN2Q3Mzk4MmY3Y2QiLCJlbWFpbCI6Im1lQGhlcmUuY29tIiwiaWQiOiIzMjA3YWZkOC1kMTU5LTQwNTgtYmVlNS1kZmRmYzBhYzBlODgiLCJuYmYiOjE1NjM4NzI4ODYsImV4cCI6MTU2Mzg4MDA4NiwiaWF0IjoxNTYzODcyODg2fQ.FGuc5qU-3QoIJBodYf6yi3Wi9Q9RS2kdp0NHaCrplaY“
这似乎表明它发送了JWT。
但是,我也收到401响应:
date: Tue, 23 Jul 2019 09:12:20 GMT
server: Microsoft-IIS/10.0
status: 401
www-authenticate: Bearer
x-powered-by: ASP.NET
x-sourcefiles: =?UTF-8?B?QzpcU3RvcmFnZVxTb2Z0d2FyZSBSZXBvc2l0b3JpZXNcUGVyc29uYWxcQWNjdUZpbmFuY2VWMkJhY2tlbmRcQWNjdUZpbmFuY2UgQmFja2VuZFxBUElcYXBpXGFjY291bnRz?=
我不确定该如何调试。我显然在某处有代码问题,但无法在哪里解决。令牌似乎生成。但是验证失败。谁能发现问题或告诉我在哪里可以调试为什么要得到401?
1 个答案:
答案 0 :(得分:5)
您已经在那里,但是curl有错字,请将Authorisation更改为Authorization:
curl -X GET“ https://localhost:44370/api/accounts” -H“ accept:application / json” -H“授权:Bearer eyJ .....
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?