我有一个.net核心应用程序,我已经从1.1升级到2.0。 我遇到的问题是如何设置身份验证和授权。
当我尝试点击api端点时,我收到此异常...
2017-08-15 15:28:12.2191 | 13 | Microsoft.AspNetCore.Server.Kestrel | ERROR | 连接ID" 0HL73T7CAJGBE",请求ID" 0HL73T7CAJGBE:00000001":An 应用程序抛出了未处理的异常。没有 authenticationScheme已指定,但没有 找到DefaultChallengeScheme。
我的控制器上有这个属性......
[授权(政策=" Viewer3AuthPolicy")]
我的startup.cs有这种方法试图设置一切......
@Override
public void onSwiped(RecyclerView.ViewHolder viewHolder, int swipeDir) {
MyCustomViewHolder vh = (MyCustomViewHolder) viewHolder;
if(vh.isDescriptionShown()){
vh.showDetails()
}else {
vh.showDescription()
}
}
在我的配方方法中,我正在打电话......
app.UseAuthentication();
我在想我必须排序错误或在设置中拨打错误的电话。
有没有人有任何想法?
答案 0 :(得分:2)
_userManager.AddClaimsAsync的解决方案。以下是我在 ConfigureServices :
services.AddAuthorization(options => {
options.AddPolicy("CRM", policy => { policy.RequireClaim("department", "Sales", "Customer Service", "Marketing", "Advertising", "MIS"); });
});
AccountController构造函数:
private readonly UserManager<ApplicationUser> _userManager;
private readonly SignInManager<ApplicationUser> _signInManager;
private readonly IEmailSender _emailSender;
private readonly ILogger _logger;
private readonly MyDB_Context _context;
public AccountController(
MyDB_Context context,
UserManager<ApplicationUser> userManager,
SignInManager<ApplicationUser> signInManager,
IEmailSender emailSender,
ILogger<AccountController> logger)
{
_context = context;
_userManager = userManager;
_signInManager = signInManager;
_emailSender = emailSender;
_logger = logger;
}
在登录下: ( var vUser 是我自己的类,其属性为 Name,department,SingIn等 ...)。以下示例使用自定义用户表 mytable (读取声明类型及其值)和 AspNetUserClaims 的组合表(添加声明):
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
ViewData["ReturnUrl"] = returnUrl;
if (ModelState.IsValid) {
var vUser = _context.mytable.SingleOrDefault(m => m.Email.ToUpper() == model.Email.ToUpper());
const string Issuer = "https://www.mycompany.com/";
var user = _userManager.Users.Where(u => u.Email == model.Email).FirstOrDefault();
ApplicationUser applicationUser = await _userManager.FindByNameAsync(user.UserName);
IList<Claim> allClaims = await _userManager.GetClaimsAsync(applicationUser); // get all the user claims
// Add claim if missing
if (allClaims.Where(c => c.Type == "department" && c.Value == vUser.department).ToList().Count == 0) {
await _userManager.AddClaimAsync(user, new Claim("department", vUser.department, ClaimValueTypes.String, Issuer));
}
// Remove all other claim values for "department" type
var dept = allClaims.Where(c => c.Type == "department" && c.Value != vUser.department);
foreach(var claim in dept) {
await _userManager.RemoveClaimAsync(user, new Claim("department", claim.Value, ClaimValueTypes.String, Issuer));
}
vUser.SignIn = DateTime.Now; _context.Update(vUser); await _context.SaveChangesAsync();
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(vUser.Name, model.Password, model.RememberMe, lockoutOnFailure: false);
//var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded) {
_logger.LogInformation("User logged in.");
return RedirectToLocal(returnUrl);
}
if (result.RequiresTwoFactor) {
return RedirectToAction(nameof(LoginWith2fa), new { returnUrl, model.RememberMe });
}
if (result.IsLockedOut) {
_logger.LogWarning("User account locked out.");
return RedirectToAction(nameof(Lockout));
} else {
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return View(model);
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
这就是我在控制器中的内容:
[Authorize(Policy = "CRM")]
public class CRMController : Controller
答案 1 :(得分:1)
添加
AddJwtBearer(options => { options.RequireHttpsMetadata = false; ... });"
为我做了诀窍。
[dotnet core 2.0]