Question

我正在构建ASP .NET Core WebAPI应用程序，并尝试为我的应用程序提供令牌身份验证：

public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }
        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {

            services
                .AddAuthentication(options =>
                {
                    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;

                })
                .AddJwtBearer("Bearer", jwtBearerOptions =>
                {
                    jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters
                    {
                        //ValidIssuer = "Issuer"
                        ValidateIssuer = false,

                                    ////ValidAudience = "WishlistAppClient",
                                    //ValidateAudience = false,

                                    ////ClockSkew = TimeSpan.FromSeconds(5),
                                    //ValidateLifetime = false,
                                    //RequireExpirationTime = false,
                                    //RequireSignedTokens = false,                          
                                };
                });

            services.AddMvc().AddJsonOptions(options =>
                {
                    options.SerializerSettings.ContractResolver = new DefaultContractResolver()
                    {
                        NamingStrategy = new SnakeCaseNamingStrategy()
                    };
                    options.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore;
                });

            services.AddDbContext<SchemaContext>(options =>
                    options.UseSqlServer(
                        Configuration.GetConnectionString("DefaultConnection"), optionBuilder => optionBuilder.MigrationsAssembly("EventManager.DAL")
                        ));



            new DALRegistration().ConfigureServices(services);

            var mappingConfig = new MapperConfiguration(configuration =>
            {
                configuration.AddProfile(new MappingProfile());
            });
            IMapper mapper = mappingConfig.CreateMapper();
            services.AddSingleton(mapper);

            services
                .AddIdentity<SystemUser, SystemRole>()
                .AddEntityFrameworkStores<SchemaContext>()
                .AddDefaultTokenProviders();

            services.AddScoped<IUserManager, UserManager>();
            services.AddScoped<ILoginProvider, LoginProvider>();



            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

            services.AddSpaStaticFiles(configuration =>
            {
                configuration.RootPath = "ClientApp/dist";
            });

            services.AddSwaggerGen(c =>
            {
                c.SwaggerDoc("v1", new Info { Title = "My API", Version = "v1" });
                c.DescribeAllEnumsAsStrings();
            });
        }
        public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }
            app.UseAuthentication();
            app.UseMvc(routes =>
            {
                routes.MapWebApiRoute("DefaultApi", "api/{controller}/{id?}");
            });
            app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseSpaStaticFiles();



            var todayDate = DateTime.Now.ToShortDateString().Replace('/', '.');



            app.UseSwagger();
            app.UseSwaggerUI(c =>
            {
                c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
                c.DocExpansion(DocExpansion.None);
            });

            loggerFactory.AddFile(Path.Combine(Directory.GetCurrentDirectory(), "LogInformation", $"{DateTime.Now.ToShortDateString().Replace('/','.')}.txt"));
            var logger = loggerFactory.CreateLogger("New Logger");


            app.Use(async (context, next) =>
            {
                logger.LogTrace("Processing request {0}", context.Request.Path);
                await next.Invoke();
            });

            app.UseSpa(spa =>
            {
                spa.Options.SourcePath = "ClientApp";
                spa.Options.StartupTimeout = new TimeSpan(0, 2, 0);
                if (env.IsDevelopment())
                {
                    spa.UseAngularCliServer(npmScript: "start");
                }
            });

        }
    }

API代码受[Authorize（AuthenticationSchemes =“ Bearer”）]保护当我发送带有任何令牌的请求时，我总是会收到401。问题是，我关闭了所有令牌验证，但无济于事。

邮递员中有一张要求的图片

响应正文为空。响应标题（如果无法加载图片）：

HTTP / 1.1 401未经授权
服务器：Kestrel
WWW-Authenticate：承载错误=“ invalid_token”，error_description =“未找到签名密钥”
X-SourceFiles：=？UTF-8？B？RDpcUmVsZWFzZVxldmVudG1hbmFnZXJcRXZlbnRNYW5hZ2VyXEV2ZW50TWFuYWdlclxhcGlccGFydGljaXBhbnRz？=
X-Powered-By：ASP.NET
日期：星期四，2020年2月20日格林尼治标准时间
连接：关闭
内容长度：0

请求

获取
https://localhost:44372/api/participants?pageSize=30&page=1 HTTP / 1.1
主机：localhost：44372
接受：application / json
授权：承载eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJJc3N1ZXIiOiJJc3N1ZXIiLCJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.eNvdqZ4NbLXesaJOV-a1CzbJh_QbfTdtqwZmrFI2MLY
用户代理：PostmanRuntime / 7.22.0
缓存控制：无缓存
邮递员令牌：dcf57c4f-b08a-43e0-8d15-85a49e9de795
接受编码：gzip，deflate，br
连接：关闭

Answer 1

这是我如何实施的一个例子

    services.AddAuthentication()
        .AddCookie()
        .AddJwtBearer(cfg =>
        {
            cfg.TokenValidationParameters = new TokenValidationParameters()
            {
                ValidIssuer = Configuration["Tokens:Issuer"],
                ValidAudience = Configuration["Tokens:Audience"],
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Tokens:Key"]))
            };
        });

并在控制器上，类似于您的

    [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]

在身份验证控制器中，该登录控制器由带有凭据的“登录”页面调用。检查用户名和密码是否正确后，您必须实施以下代码

    var claims = new[]
                    {
                      new Claim(JwtRegisteredClaimNames.Sub, user.Email),
                    };

                    var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Tokens:Key"]));
                    var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

                    var token = new JwtSecurityToken(
                      _config["Tokens:Issuer"],
                      _config["Tokens:Audience"],
                      claims,
                      expires: DateTime.Now.AddMinutes(30),
                      signingCredentials: creds);

                    var results = new
                    {
                        token = new JwtSecurityTokenHandler().WriteToken(token),
                        expiration = token.ValidTo
                    };

ASP.NET Core WebAPI：承载错误=“ invalid_token”，error_description =“未找到签名密钥”

1 个答案: