ASP.NET核心 - 无法获得简单的承载令牌认证工作

时间:2018-01-25 21:54:28

标签: asp.net-core authorization bearer-token

我正在使用ASP.NET Core 2构建API,我正在尝试使用一个使用Bearer令牌的简单auth示例。

首先,这是我的启动代码......

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options =>
            {
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = true,
                    ValidateAudience = true,
                    ValidateLifetime = true,
                    ValidateIssuerSigningKey = true,
                    ValidIssuer = "mydomain.com",
                    ValidAudience = "mydomain.com",
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("THESECRETKEY THESECRETKEY THESECRETKEY THESECRETKEY"))
                };
            });

        // goes last
        services.AddMvc();
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler();
        }

        app.UseStatusCodePages();

        // goes last
        app.UseMvc();
    }
}

然后我有一个Auth控制器,它返回令牌......

[Route("api/[controller]")]
public class AuthController : Controller
{
    [AllowAnonymous]
    [HttpPost("RequestToken")]
    public IActionResult RequestToken([FromBody] TokenRequest request)
    {
        if (request.Username == "theuser" && request.Password == "thepassword")
        {
            var claims = new[]
            {
                new Claim(ClaimTypes.Name, request.Username)
            };

            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("THESECRETKEY THESECRETKEY THESECRETKEY THESECRETKEY"));
            var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

            var token = new JwtSecurityToken(
                issuer: "mydomain.com",
                audience: "mydomain.com",
                claims: claims,
                expires: DateTime.Now.AddMinutes(30),
                signingCredentials: creds);

            return Ok(new
            {
                token = new JwtSecurityTokenHandler().WriteToken(token)
            });
        }

        return BadRequest("Could not verify username and password");
    }
}

public class TokenRequest
{
    public string Username { get; set; }
    public string Password { get; set; }
}

所以在Postman你可以看到我得到一个代币......

enter image description here

然后我从一个值控制器尝试GET ......

[Route("api/[controller]")]
[Authorize]
public class ValuesController : Controller
{
    [HttpGet("{id}")]
    public string Get(int id)
    {
        return "value";
    }
}

如果我添加[匿名]属性,它可以正常工作。但是,当需要授权时,我会得到一个401 ......

enter image description here

1 个答案:

答案 0 :(得分:2)

您尚未在Startup.cs中引用身份验证中间件 您可以在app.UseAuthentication();

之前添加app.UseMvc();来引用它

以下是Startup.cs Configure方法的显示方式:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler();
    }

    app.UseStatusCodePages();


    app.UseAuthentication();
    app.UseMvc();
}

您可以阅读更多中间件here以及更多内容,使用ASP.NET Core here.进行授权

您还应该查看here关于ASP.NET Core的所有其他内容