使用多个ServiceStack的身份验证提供程序会引发错误

时间:2019-04-25 10:12:07

标签: authentication servicestack

我打算使用2个ServiceStack的身份验证提供程序:一个基于CredentialsAuthProvider的自定义提供程序,称为remotecreds和内置的JwtAuthProvider。我的AppHost注册代码如下:

appHost.Plugins.Add(new AuthFeature(() => new UserSession(),
                new IAuthProvider[]
                {
                    new JwtAuthProvider(AppSettings)
                    {
                        RequireSecureConnection = false,
                        HashAlgorithm = "RS256",
                        PublicKeyXml = publicKeyXml,
                        Audiences = new List<string> { $"{AppSettings.GetDictionary("Auth")["Url"]}/resources" },
                        PopulateSessionFilter = PopulateSessionFilter
                    },
                    new RemoteCredentialsAuthProvider(AppSettings)
                    {
                        PopulateSessionFilter = PopulateSessionFilter                  
                    },

                }));

当我使用自定义身份验证提供程序(POST /auth/remotecreds)进行身份验证时,尽管身份验证提供程序的代码已正确执行,但ServiceStack返回以下错误

{
    "responseStatus": {
        "errorCode": "NotSupportedException",
        "message": "PrivateKey required to use: RS256",
        "stackTrace": "[Authenticate: 25/04/2019 9:59:25 AM]:\n[REQUEST: {provider:remotecreds,userName:admin,password:Pa$$word123}]\nSystem.NotSupportedException: PrivateKey required to use: RS256\r\n   at ServiceStack.Auth.JwtAuthProvider.GetHashAlgorithm(IRequest req) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack\\Auth\\JwtAuthProvider.cs:line 87\r\n   at ServiceStack.Auth.JwtAuthProvider.CreateJwtBearerToken(IRequest req, IAuthSession session, IEnumerable`1 roles, IEnumerable`1 perms) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack\\Auth\\JwtAuthProvider.cs:line 118\r\n   at ServiceStack.Auth.JwtAuthProvider.Execute(AuthFilterContext authContext) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack\\Auth\\JwtAuthProvider.cs:line 57\r\n   at ServiceStack.Auth.AuthenticateService.Post(Authenticate request) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack\\Auth\\AuthenticateService.cs:line 253\r\n   at ServiceStack.Host.ServiceRunner`1.ExecuteAsync(IRequest req, Object instance, TRequest requestDto) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack\\Host\\ServiceRunner.cs:line 133",
        "errors": []
    }
}

如果我注释掉AppHost中的JwtAuthProvider注册,则上面的相同调用成功。

因此,在这里我感到困惑,为什么在我针对自定义身份验证提供程序进行清晰身份验证时,ServiceStack调用JwtAuthProvider

1 个答案:

答案 0 :(得分:1)

问题是您的JwtAuthProvider配置错误,如果您想使用RSA*哈希算法,则必须使用configured with the private key

new JwtAuthProvider(AppSettings) { 
    HashAlgorithm = "RS256",
    PrivateKeyXml = AppSettings.GetString("PrivateKeyXml") 
}

它仍将尝试通过您的Custom AuthProvider进行身份验证,但是如果您注册了JwtAuthProvider,它将尝试用JWT token in BearerToken填充AuthenticateResponse,因此当用户根据您的身份验证提供商,例如:

var clientnew JsonServiceClient(baseUrl);

var authResponse = client.Post(new Authenticate {
    provider = "remotecreds",
    UserName = username,
    Password = password,
    RememberMe = true,
});

他们将有权访问填充在以下位置的JWT令牌:

var jwt = authResponse.BearerToken;

因此,如果配置正确,它将在BearerToken中返回填充的JWT令牌,或者 如果您删除JwtAuthProvider,它将不会尝试填充它。

相关问题
最新问题