ASP.net核心身份用户声明在开发和生产之间有所不同

时间:2017-02-09 14:13:36

标签: c# asp.net-core asp.net-core-identity

我遇到的问题是,我为JWT创建的声明在制作中的显示与我在本地开发框中的声明不同。这是我创建JWT并向其添加声明的代码:

[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Login([FromForm] LoginUser applicationUser)
{
    var identity = await GetClaimsIdentity(applicationUser);    //this function does the _loginManager.PasswordSignInAsync()
    if (identity == null)
    {
        _logger.LogInformation($"Invalid username ({applicationUser.UserName}) or password ({applicationUser.Password})");
        return BadRequest("Invalid credentials");
    }

    var claims = new List<Claim>
    {
        new Claim(JwtRegisteredClaimNames.Sub, applicationUser.UserName),
        new Claim(JwtRegisteredClaimNames.Jti, await _jwtOptions.JtiGenerator()),
        new Claim(JwtRegisteredClaimNames.Iat,
                  ToUnixEpochDate(_jwtOptions.IssuedAt).ToString(),
                  ClaimValueTypes.Integer64)
    };

    //add role claims
    var user = _userManager.FindByNameAsync(identity.Name).Result;
    var roles = _userManager.GetRolesAsync(user).Result;

    //adding the user id to the claims so it can be used in requests
    claims.Add(new Claim(ClaimTypes.Sid, user.Id));

    foreach (string role in roles)
    {
        claims.Add(new Claim(ClaimTypes.Role, role));
    }

    // Create the JWT security token and encode it.
    var jwt = new JwtSecurityToken(
        issuer: _jwtOptions.Issuer,
        audience: _jwtOptions.Audience,
        claims: claims,
        notBefore: _jwtOptions.NotBefore,
        expires: _jwtOptions.Expiration,
        signingCredentials: _jwtOptions.SigningCredentials);

    var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);

    // Serialize and return the response
    var response = new
    {
        access_token = encodedJwt,
        expires_in = (int)_jwtOptions.ValidFor.TotalSeconds,
        username = applicationUser.UserName,
        roles = roles
    };

    var json = JsonConvert.SerializeObject(response, _serializerSettings);
    return new OkObjectResult(json);
}

当此代码在本地运行并且我记录用户的声明时,&#34; sid&#34;声明总是填充用户的id(guid),这是我需要的,以及&#34; nameidentifier&#34;声明始终包含用户的用户名:

User Claim[0]: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier Value: adminuser (96b821e8)

User Claim[1]: jti  Value: 418b19b9-e502-4391-93e4-9a66e0d68d66 (80328ff0)

User Claim[2]: iat  Value: 1486588748 (a5289382)

User Claim[3]: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid    Value: c193d68b-da04-45ea-b546-8389d83076da (174611d7)

User Claim[4]: http://schemas.microsoft.com/ws/2008/06/identity/claims/role Value: Admin (2cdb3902)

User Claim[5]: nbf  Value: 1486588748 (740f01f6)

User Claim[6]: exp  Value: 1486675148 (e89329cb)

User Claim[7]: iss  Value: SuperAwesomeTokenServer (63a724a0)

User Claim[8]: aud  Value: http://localhost:50824/ (f7ca0b84)

当此代码在生产中运行并且我记录用户的声明时,&#34; sid&#34;声明是间歇性地填充用户的ID,有时甚至不存在,而&#34; nameidentifier&#34;声明始终保留用户的ID(guid):

User Claim[0]: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier Value: c193d68b-da04-45ea-b546-8389d83076da (9393a9dc)

User Claim[1]: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name   Value: adminuser (b9cd34dc)

User Claim[2]: AspNet.Identity.SecurityStamp    Value: 9c060086-1fa9-42f0-8ebf-2fdb3b443d53 (f9355f36)

User Claim[3]: http://schemas.microsoft.com/ws/2008/06/identity/claims/role Value: Admin (4cbcb5b4)

此外,您可以看到,在prod中,它添加了一个&#34; name&#34;声明现在拥有用户的用户名。

所以3个问题:

  1. 为什么&#34; sid&#34;声称在产品中间歇性地丢失?

  2. 为什么&#34; nameidentifier&#34;声明在Dev和Prod之间有不同的价值?

  3. 为什么&#34;名称&#34;声明只出现在prod?

  4. 其他细节:

    将MySql用于数据库。使用IIS在本地提供应用程序,使用Kestrel在生产中提供服务。

0 个答案:

没有答案