我在ASP.NET Core 2,JWT,Angular项目上关注here并使用基于声明的授权策略获取403禁止错误。如果我取消关闭策略名称并仅放置dotnet watch run属性,则可以使用。
从jwt.io我得到以下日志。似乎基于Jwt令牌的身份验证工作正常。但是用户没有被授权访问控制器。如果我从info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://localhost:5000/api/dashboard/home
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[2]
Successfully validated the token.
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[8]
AuthenticationScheme: Bearer was successfully authenticated.
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed for user: user1@test.com.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3]
Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ForbidResult[1]
Executing ForbidResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[13]
AuthenticationScheme: Bearer was forbidden.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action JWT.Controllers.DashboardController.Home (JWT) in 5.4232ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 11.5967ms 403
解码一个令牌,它会在有效负载中显示正确的声明名称。
{{1}}
我检查了几个类似的问题/论坛帖子,但对我帮助不大。任何帮助赞赏。