我正在使用带有openiddict的asp.net核心,用于授权我正在使用jwtmiddleware
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
RequireHttpsMetadata = false,
Authority= "http://localhost"
});
但由于某种原因,它会抛出此错误,任何帮助都将受到赞赏。
信息: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware [7] 持票人未经过认证。失败消息:IDX10501:签名验证失败。无法匹配孩子': ' 7FG4SQ4TIATESTLI-ZDHTLRYPWIEDU_RA1FVG91D',令牌: ' {" ALG":" RS256""典型值":" JWT""小子&#34 ;: " 7FG4SQ4TIATESTLI-ZDHTLRYPWIEDU_RA1FVG9 1D"} {" UNIQUE_NAME":" ASD""电子邮件":" ASD"" AspNet.Identity .SecurityStamp":" eb93ee4 4-6dbf-41b8-b1d6-157e4aa23ea7"" JTI":" 4f0f5395-e565-4489-8baf-6361d5c4cb94""美国 GE":"的access_token""机密":真,"范围":[" offline_access""轮廓&# 34;,"鄂麦 升""作用&#34],"子":" 9125d8c5-5739-4f46-8747-e3423a464969"" AZP&#34 ;: " firebaseApp"" NB F":1466997962,"&EXP#34;:1466999762," IAT":1466997962," ISS":" http://localhost:5000/&#34 ;}' 。警告:Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker [1] 过滤器' Microsoft.AspNetCore.Mvc.A uthorization.AuthorizeFilter'中的请求授权失败。警告: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker [1] 过滤器' Microsoft.AspNetCore.Mvc.A uthorization.AuthorizeFilter'。
上的请求授权失败。
答案 0 :(得分:2)
权限应包含OIDC服务器的基址。您应该使用端口指定权限URL(在您的情况下为5000,相应于令牌信息中的“iss”声明):
SELECT column FROM table WHERE column1 = "test" AND column2 = "test2"
您可以通过设置Authority="http://localhost:5000"
来停用授权验证。 JwtBearerOptions包含属性TokenValidationParameters,它聚合有关验证的设置:
ValidateIssuerSigningKey = false
答案 1 :(得分:1)
如果您使用的是第三方STS(例如身份服务器或Auth0),那么您可以使用BackChannelHandler来更轻松地调试来自中间件的http结果:
app.UseJwtBearerAuthentication(new JwtBearerOptions() {
...
BackchannelHttpHandler = new BackChannelHandler()
...
}
然后
using System.Net.Http;
using System.Threading;
using System.Threading.Tasks;
namespace Application.API.Utilities
{
public class BackChannelHandler : HttpMessageHandler
{
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
HttpClient client = new HttpClient(new HttpClientHandler(), disposeHandler: false);
client.DefaultRequestHeaders.Add("Accept", "application/json");
var res = await client.GetAsync(request.RequestUri);
return res;
}
}
}
在我的例子中,jwks和openid-configuration端点的默认返回类型是text / html而不是application / json。通过在自定义处理程序发出请求时添加Accept标头,一切正常。