UseJwtBearerAuthentication返回401

Question

我在我的应用程序堆栈中使用Firebase和dotnet核心。

我正在使用Firebase iOS API生成JWT罚款，并且可以使用jwt.io的解析器确认结构符合预期并且有效。

设置

我已按照this article设置dotnet核心，根据请求自动设置主体。

我的Startup文件的configure方法如下所示，实际上<project-id>部分被项目应用程序替换（我可以确认它与我解析的JWT中的aud属性相同如在jwt.io上看到的那样：

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    loggerFactory.AddConsole(Configuration.GetSection("Logging"));
    loggerFactory.AddDebug();
    loggerFactory.AddSerilog();

    app.UseJwtBearerAuthentication(new JwtBearerOptions
    {
        AutomaticAuthenticate = true,
        IncludeErrorDetails = true,
        Authority = "https://securetoken.google.com/<project-id>",
        TokenValidationParameters = new TokenValidationParameters
        {  
            ValidateIssuer = true,
            ValidIssuer = "https://securetoken.google.com/<project-id>",
            ValidateAudience = true,
            ValidAudience = "<project-id>",
            ValidateLifetime = true,
        },
    });

    app.UseMvc();
}

请求

我有一个控制器操作，我可以在网址http://localhost:5000/api/dashboard点击，并在控制器上没有Authorize属性时获得预期的响应。然后我添加了Authorize属性，以便我可以开始测试JWT中间件。

我在Postman中创建了一个请求，如下图所示：

响应

如上图所示，回复为401 Unauthorized。

服务器登录我的调试输出看起来像这样。

info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 GET http://localhost:5000/api/dashboard  
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:5000/api/dashboard  
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
      Authorization failed for user: (null).
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: (null).
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
      Executing ChallengeResult with authentication schemes ().
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware[12]
      AuthenticationScheme: Bearer was challenged.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware:Information: AuthenticationScheme: Bearer was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
      Executed action Sured.Api.Controllers.DashboardController.Get (Sured.Api) in 20.2369ms
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action Sured.Api.Controllers.DashboardController.Get (Sured.Api) in 20.2369ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 37.6488ms 401 

问题

我一直在研究谷歌并搜索源代码，我根本无法解决这个问题。

谁能看到我在这里做错了什么？

为了更好的衡量，这是我项目中的所有依赖版本：

<PackageReference Include="Microsoft.AspNetCore" Version="1.1.2" />
<PackageReference Include="Microsoft.AspNetCore.Mvc" Version="1.1.3" />
<PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="1.1.2" />
<PackageReference Include="Serilog" Version="2.5.0" />
<PackageReference Include="Serilog.Enrichers.Environment" Version="2.1.2" />
<PackageReference Include="Serilog.Extensions.Logging" Version="1.4.0" />
<PackageReference Include="Serilog.Settings.Configuration" Version="2.4.0" />
<PackageReference Include="Serilog.Sinks.ElasticSearch" Version="5.3.0" />
<PackageReference Include="Serilog.Sinks.RollingFile" Version="3.3.0" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="1.1.2" />

Answer 1

默认情况下，密钥已经被添加了。可能您可能需要将密钥添加到帖子中 密钥：Authorization价值：Bearer eyjhbGciOij...
这是必须在谷歌API帖子中允许安全连接。仪表板会自动添加此密钥。

来源：
以前使用Google API的经验

Answer 2

所以...结果发现它不起作用的可能原因是我玩过的令牌过期了。我今天又生成了另一个并再次尝试了邮递员查询，但它确实有效。

所以，如果你遇到同样的麻烦，不要犯下我的愚蠢错误，并确保你有一个没有过期的令牌！