从ASP 5 beta 7更新代码库到RC1-final后,我开始从JwtBearer中间件接收此异常
Unable to cast object of type 'Newtonsoft.Json.Linq.JArray' to type 'System.IConvertible'.
到目前为止我能看到的决定因素似乎是选项的设置.AutomaticAuthenticate。如果它是true,那么我得到例外,否则,我没有。
什么是AutomaticAuthenticate,为什么我需要启用它?
app.UseJwtBearerAuthentication(options =>
{
options.AutomaticAuthenticate = true;
}
这是完整的堆栈跟踪:
at System.Convert.ToInt32(Object value, IFormatProvider provider)
at System.IdentityModel.Tokens.Jwt.JwtPayload.GetIntClaim(String claimType)
at System.IdentityModel.Tokens.Jwt.JwtPayload.get_Nbf()
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNet.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNet.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Microsoft.AspNet.Authentication.AuthenticationHandler`1.<InitializeAsync>d__48.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.AspNet.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Api.Startup.<<Configure>b__9_0>d.MoveNext() in ...\Startup.cs:line 156
根本原因更新
我们的代码库正在为nbf,exp和iat创建重复声明。这就解释了为什么get_Nbf在堆栈跟踪中以及关于&#34; JArray&#34;因为每个值都是数组而不是值。
答案 0 :(得分:7)
如果设置为true,那么中间件将在每个入站请求上运行,查找一个JWT令牌,如果有一个它将验证它,如果有效则从中创建一个身份并将其添加到当前用户。
如果其false没有发生,您需要通过在授权属性中指定承载方案来请求中间件设置标识。
[Authorize(AuthenticationSchemes = "YourBearerSchemeName")]
或者你在政策中设置了这个;
options.AddPolicy("RequireBearer", policy =>
{
policy.AuthenticationSchemes.Add("YourBearerSchemeName");
policy.RequireAuthenticatedUser();
});
因此,通过将其设置为false,您实际上不会运行持有者的内容,直到您要求它为止,您只是将该异常关闭,直到稍后。