asp.net core 2.0使用特定方案进行授权

时间:2017-12-20 08:16:31

标签: authentication cookies asp.net-core jwt

我有一个带有cookie和jwt auth方案的应用程序。这是ConfigureServices代码:

var authTokenSettings = configuration.GetSection(nameof(TokenProviderSettings)).Get<TokenProviderSettings>();

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddCookie(authSection.AuthenticationScheme, u =>
{
    u.Cookie.Name = authSection.AuthCookieName;
    u.LoginPath = new PathString(authSection.LoginPath);
    u.AccessDeniedPath = "/Home/Index";
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{
    options.RequireHttpsMetadata = false;
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidIssuer = authTokenSettings.Issuer,
        ValidateAudience = true,
        ValidAudience = authTokenSettings.Audience,
        ValidateLifetime = true,
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(authTokenSettings.Key)),
        ValidateIssuerSigningKey = true,
    };
});

现在我需要在一个方法上使用cookie方案而在另一个方法上使用jwt。我添加了适当的属性

([Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)])

但忽略这些属性,并使用默认方案。如果我没有指定默认方案,我会得到这个例外:

  

System.InvalidOperationException:没有authenticationScheme   指定,并且没有找到DefaultChallengeScheme。

代码有什么问题?

2 个答案:

答案 0 :(得分:0)

我已经解决了这个问题。仅当添加到控制器而不是操作

时,属性/** * Drupal 7 Programmatically user Login */ function hook_menu(){ $itmes['user/form'] = array( 'title' => t('Example Form'), 'description' => 'Drupal Example Form', 'page callback' => 'drupal_get_form', 'page arguments' => array('example_form'), 'access callback' => TRUE, 'type' => MENU_LOCAL_TASK, ); return $itmes; } function otp_login_form($form, &$form_state){ $form['name'] = array( '#type' => 'textfield', '#title' => t('Username'), '#description' => t('Enter your @site_name username.', array('@site_name'=> variable_get('site_name'))), '#required' => TRUE, '#size' => 60, '#maxlength' => 60, '#weight' => 2, ); $form['password'] = array( '#type' => 'password', '#title' => t('Password'), '#description' => t('Enter the password that accompanies your username.'), '#required' => TRUE, '#size' => 60, '#maxlength' => 60, '#weight' => 3, ); $form['submit'] = array( '#type' => 'submit', '#value' => t('Login'), '#weight' => 4, ); return $form; } function otp_login_form_submit($form, &$form_state){ if(user_authenticate($form_state['values']['name'], $form_state['values']['password'])) { $user_obj = user_load_by_name($form_state['values']['name']); $form_state['uid'] = $user_obj->uid; user_login_submit($form,$form_state); return true; } else { form_set_error('name', t('Sorry, unrecognized username or password.')); watchdog('user', 'Login attempt by unregistered user %user.', array('%user' => $form_state['values']['name'])); } } 才定义认证方案

答案 1 :(得分:0)

不需要单独的控制器,您可以实现IControllerModelConvention 

public class AddAuthorizeFiltersControllerConvention : IControllerModelConvention
{
    public void Apply(ControllerModel controller)
    {
        if (controller.ControllerName.Contains("Api"))
        {
            controller.Filters.Add(new AuthorizeFilter("apipolicy"));
        }
        else
        {
            controller.Filters.Add(new AuthorizeFilter("defaultpolicy"));
        }
    }
}

或实施IActionModelConvention 

public class AddAuthorizeFiltersActionConvention : IActionModelConvention
{
    public void Apply(ActionModel action)
    {
        if (action.ActionName.Contains("GetUser"))
        {
            action.Filters.Add(new AuthorizeFilter("apipolicy"));
        }
        else
        {
            action.Filters.Add(new AuthorizeFilter("defaultpolicy"));
        }
    }
}

参考和信誉https://joonasw.net/view/apply-authz-by-default

相关问题
最新问题