jwt令牌得到了验证,但是Authorize属性(简单用法,未指定角色或其他内容)仍然阻止该请求。 请注意,我没有任何代码可以控制AutorizeAttribute行为(因此,所有内容都应与框架中的内容保持一致)
从日志中:
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:55000/api/Companies/GetSummaries
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Route matched with {action = "GetSummaries", controller = "Companies"}. Executing action MyTestApplication.Controllers.Companies.CompaniesController.GetSummaries (MyTestApplication)
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: Successfully validated the token.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: AuthenticationScheme: Bearer was challenged.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action MyTestApplication.Controllers.Companies.CompaniesController.GetSummaries (MyTestApplication) in 16.5934ms
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 25.4438ms 401
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:55000/api/Customers/Get?includeInactive=false
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Route matched with {action = "Get", controller = "Customers"}. Executing action MyTestApplication.Controllers.Customers.CustomersController.Get (MyTestApplication)
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: Successfully validated the token.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: AuthenticationScheme: Bearer was challenged.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action MyTestApplication.Controllers.Customers.CustomersController.Get (MyTestApplication) in 9.6949ms
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 20.3964ms 401
The thread 0x4764 has exited with code 0 (0x0).
在应用启动时进行Jwt配置(不确定它是否起作用,因为它似乎可以正常工作):
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, jwtBearerOptions =>
{
var keyBytes = Encoding.UTF8.GetBytes(JwtTokenCreator.Secret);
jwtBearerOptions.IncludeErrorDetails = true;
jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(keyBytes),
ValidateIssuer = true,
ValidIssuer = JwtTokenCreator.AppIssuer,
ValidateAudience = true,
ValidAudience = JwtTokenCreator.AppAudience,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(JwtTokenCreator.ExpirationTimeInMinutes)
};
});
也是令牌生成:
public string GenerateToken(Guid sessionId)
{
var symmetricKey = Encoding.UTF8.GetBytes(Secret);
var now = DateTime.UtcNow;
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, sessionId.ToString()), new Claim(ClaimTypes.Role,"User") }),
Expires = now.AddMinutes(ExpirationTimeInMinutes),
Audience = AppAudience,
Issuer = AppIssuer,
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(symmetricKey), SecurityAlgorithms.HmacSha256)
};
var stoken = tokenHandler.CreateToken(tokenDescriptor);
var token = tokenHandler.WriteToken(stoken);
return token;
}