我正在尝试验证传递给C#应用程序的JWT令牌。我确认令牌随每个请求一起发送。如果我手动对其进行解码,则一切正常(我看到了声明)。但是,当我启用授权时,当我尝试访问页面时,会从(角度)客户端收到404。我的理论是Angular发送失败的OPTIONS请求,因为它无法正确使用令牌进行Auth。关于如何确认这是问题的任何建议,并对其进行故障排除?
通过令牌中的声明进行身份验证
[Authorize(Policy = "IsEmployee")]
[HttpGet("TestTokenAccess")]
public JsonResult TestTokenAccess()
{
return Json("token decoded. you have claim IsEmployee=yes");
}
手动令牌解码
[HttpGet("TestDecodeToken")]
public JsonResult TestDecodeToken()
{
//https://shellmonger.com/2015/07/18/decoding-an-auth0-json-web-token-with-c/
if (this.HttpContext.Request.Headers.ContainsKey("Authorization"))
{
var authHeader = this.HttpContext.Request.Headers["Authorization"];
var authBits = authHeader.ToString().Split(' ');
if (authBits.Length != 2)
{
return Json("{error:\"auth bits needs to be length 2\"}");
}
if (!authBits[0].ToLowerInvariant().Equals("bearer"))
{
return Json("{error:\"authBits[0] must be bearer\"}");
}
var secret = "xxxxx";
//Install-Package JWT -Version 4.0.0
try
{
var json = new JwtBuilder()
.WithSecret(secret)
//.MustVerifySignature()
.Decode(authBits[1]);
return Json(json);
}
catch (TokenExpiredException)
{
return Json("Token has expired");
}
catch (SignatureVerificationException)
{
return Json("Token has invalid signature");
}
catch (Exception e)
{
return Json($"other token err: {e.Message}");
}
}
return Json("no token");
}
Startup.cs 在ConfigureServices内部,但在AddMVC()调用上方
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = Configuration["JwtIssuer"];
options.Audience = Configuration["JwtIssuer"];
options.RequireHttpsMetadata = true;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = Configuration["JwtIssuer"],
ValidAudience = Configuration["JwtIssuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtKey"]))
};
}
);
services.AddAuthorization(options =>
{
options.AddPolicy("IsEmployee", policy => policy.Requirements.Add(new IsEmployeeRequirement("yes")));
});
services.AddSingleton<IAuthorizationHandler, IsEmployeeAuthorizationHandler>();
appsettings.json
"JwtKey": "xxx",
"JwtIssuer": "http://localhost:44362/",
"JwtExpireDays": 30
来自web.config的代码段启用CORS
<!--added to enable CORS for Angular-->
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="https://localhost:44362/" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
答案 0 :(得分:0)
原来我的问题是我需要拥有的SELECT OBJECT_NAME(id)
FROM syscomments
WHERE
[text] like '%DatabaseB%'
--and [text] like '%''F''%'
AND OBJECTPROPERTY(id, 'IsProcedure') = 1
GROUP BY OBJECT_NAME(id)
中的声明不正确:
Startup.ConfigureServices()而不是Microsoft在示例here中使用的特定于策略的方式。我还删除了services.AddAuthorization(options =>
{
options.AddPolicy("IsEmployee", policy =>policy.RequireClaim("IsEmployee", "Yes", "yes"));
});
行,因为这不是必需的