当令牌过期或令牌未通过Asp.net核心2时,获取404错误而不是401

时间:2018-04-10 12:04:08

标签: api asp.net-core asp.net-core-2.0 bearer-token

我创建了Asp.net-core 2项目并添加了

  1. 由承载令牌授权的api控制器。
  2. mvc控制器授权 CookieAuthenticationDefaults.AuthenticationScheme。
  3. 没有app.UseIdentity();在配置功能

    4. 当我试图调用在iis express中发布的api时,它将返回401未经授权。

    当我试图调用在iis.it中发布的api时,将返回404未找到。

    当令牌过期或未通过令牌时,我收到404错误而不是401错误

    和我的创业公司

        public void ConfigureServices(IServiceCollection services)
    {
        services.AddDbContext<ApiContext>();
        //options =>
        //    options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
        services.AddTransient<ApiContextSeed>();
        //a confirmed email.
        services.AddIdentity<ApplicationUser, IdentityRole>(config =>
        {
            config.SignIn.RequireConfirmedEmail = true;
            config.Password.RequireDigit = false;
            config.Password.RequireLowercase = false;
            config.Password.RequireNonAlphanumeric = false;
            config.Password.RequireUppercase = false;
            config.Password.RequiredUniqueChars =0;
            config.Password.RequiredLength = 6;
            config.User.AllowedUserNameCharacters = null;

        })
            .AddEntityFrameworkStores<ApiContext>()
            .AddDefaultTokenProviders();

        // Add application services.
        services.AddTransient<IEmailSender, EmailSender>();
        services.AddMvc().AddSessionStateTempDataProvider();
        services.AddResponseCaching();
        services.AddAutoMapper();
        services.AddSingleton<IEmailSender, EmailSender>();
        services.AddSingleton<IWizIQSender, WizIQSender>();
        services.AddSingleton<IWizIQClass, WizIQClass>();
        services.AddSingleton<ITimeZone, TimeZone>();
        services.AddSingleton<IPinCodeGenerator, PinCodeGenerator>();
        services.AddScoped<IUnitOfWorkAsync, UnitOfWorkAsync>();
        services.AddSingleton<IActionContextAccessor, ActionContextAccessor>();
        services.AddBootstrapPagerGenerator(options =>
        {
            // Use default pager options.
            options.ConfigureDefault();
        });         
        services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)

              .AddCookie("UserAuth", options =>
        {

            options.LoginPath = string.Empty;



        });      
        services.AddDistributedMemoryCache();         
        #region FlashMessage

        services.AddSession();
        // Needed so we can access the user's session.
        services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
        services.AddScoped(x => x.GetRequiredService<IHttpContextAccessor>().HttpContext.Session);

        services.AddScoped<IMessageProvider, SessionMessageProvider>();

        // Customize the message types (i.e. we are using Bootstrap v3 and need to provide a custom-value for the error message-type).
        services.AddScoped<IMessageTypes>(x =>
        {
            return new MessageTypes(error: "danger");
        });

        services.AddScoped<IMessengerOptions, MessengerOptions>();

        // We are using a stack to hold messages (i.e. LIFO).
        services.AddScoped<IMessenger, StackMessenger>();

        #endregion
        services.AddCors(cfg =>
        {
            cfg.AddPolicy("UserPanel", bldr =>
            {
                bldr.AllowAnyHeader()
                    .AllowAnyMethod()
                .AllowAnyOrigin();
            });
        });
        //using JWT
        services.AddAuthentication()
              .AddJwtBearer(cfg =>
              {
                  cfg.RequireHttpsMetadata = false;
                  cfg.SaveToken = true;
                  cfg.TokenValidationParameters = new TokenValidationParameters()
                  {
                      ValidIssuer = Configuration["Tokens:Issuer"],
                      ValidAudience = Configuration["Tokens:Issuer"],  
                      IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Tokens:Key"]))
                  };

              });


        services.AddMvc();
        services.AddSingleton<IEmailSender, EmailSender>();
        //services.AddUrlHelper();
        services.AddTransient<IEmailSender, EmailSender>();

        services.AddSwaggerGen(c =>
        {
            c.SwaggerDoc("v1", new Info { Title = "Drossey API", Version = "v1" });
        });


    } 

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ApiContextSeed seeding)
   {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseBrowserLink();
            app.UseDatabaseErrorPage();
        }
        else
        {
             app.UseExceptionHandler("/error");
            app.UseStatusCodePagesWithReExecute("/error");

        }
        app.UseStaticFiles();       
        app.UseSession();
        app.UseAuthentication();
        app.UseCors("UserPanel");
        app.UseSwagger();
        app.UseSwaggerUI(c =>
        {
            c.SwaggerEndpoint("/swagger/v1/swagger.json", "Drossey Api");
        });
        app.UseMvc(routes =>
        {            
            routes.MapRoute(
            name: "areaRoute",
            template: "{area:exists}/{controller=Home}/{action=Index}/{id?}");

            routes.MapRoute(
              name: "default",
              template: "{controller=Home}/{action=Index}/{id?}");
        });           
        seeding.EnsureSeeding().Wait();
    }

    这是我的api控制器

    public class CodeController : BaseController
{
    private readonly IPinCodeGenerator _pinCodeGenerator;

    public CodeController(IUnitOfWorkAsync unitOfWork,
        UserManager<ApplicationUser> userMgr, IPasswordHasher<ApplicationUser> hasher, 
        ILogger<AuthController> logger, IConfiguration config, IMapper mapper, IPinCodeGenerator pinCodeGenerator) :
        base(unitOfWork, userMgr, hasher, logger, config, mapper)
    {
        _pinCodeGenerator = pinCodeGenerator;
    }

    [HttpPost]
    public async Task<IActionResult> Add([FromBody]CodeAddViewModel model)
    {

        try
        {
            if (ModelState.IsValid)
            {
                var userId = await GetUserId();
                var user = await _userMgr.FindByIdAsync(userId);

                var random = Convert.ToDouble(model.Code.Substring(0, 10));
                var code = model.Code.Substring(10, 5);
                var pinCode = _unitOfWork.PinCodeRepository.Filter(u => u.Code == random).FirstOrDefault();
                if (pinCode == null || pinCode.Status != CodeStatus.IsActive)
                {
                    return StatusCode(400, "InValidCode");
                }
                else
                {
                    string codeStr = _pinCodeGenerator.GetCode(pinCode.Amount, pinCode.Code,
                        pinCode.Vector, pinCode.Key);
                    if (codeStr != model.Code)
                    {
                        return StatusCode(400, "InValidCode");
                    }
                    else
                    {
                        user.Balance += pinCode.Amount;
                        await _userMgr.UpdateAsync(user);
                        pinCode.Status = CodeStatus.Shipped;
                        await _unitOfWork.CommitAsync();
                        return Ok();

                    }
                }

            }
            return StatusCode(400, ModelState);
        }
        catch (Exception e)
        {

            return StatusCode(500, e.Message);
        }



    }
}

    和基本控制器包含

     public class BaseController : Controller
{
    public readonly ILogger<AuthController> _logger;
    public readonly SignInManager<ApplicationUser> _signInMgr;
    public readonly UserManager<ApplicationUser> _userMgr;
    public readonly IPasswordHasher<ApplicationUser> _hasher;
    public readonly IConfiguration _config;
    public IUnitOfWorkAsync _unitOfWork;
    protected readonly IMapper _mapper;

    public BaseController(IUnitOfWorkAsync unitOfWork,

        UserManager<ApplicationUser> userMgr,
        IPasswordHasher<ApplicationUser> hasher,
        ILogger<AuthController> logger,
        IConfiguration config,
        IMapper mapper
        )
    {
        _unitOfWork = unitOfWork;
        //_signInMgr = signInMgr;
        _logger = logger;
        _userMgr = userMgr;
        _hasher = hasher;
        _config = config;
        _mapper = mapper;


    }

    protected async Task<string> GetUserId()
    {
        try
        {
            var userName = this.User.FindFirst(ClaimTypes.NameIdentifier).Value;
            if (!string.IsNullOrEmpty(userName))
            {
                var user = await _userMgr.FindByNameAsync(userName);
                if (user != null)
                    return user.Id;
                else
                    return null;
            }
        }
        catch (Exception)
        {

            return null;
        }

        return null;
    }

}

1 个答案:

答案 0 :(得分:2)

startup.cs中的app.UseStatusCodePagesWithReExecute(&#34; / error&#34;)隐藏401 un授权错误。

相关问题
最新问题