即使登录后也如何解决“未经授权的错误401”?

时间:2019-05-23 02:34:15

标签: asp.net angular

我正在使用.NET作为后端在Angular中创建此网页。一切正常,但是今天(突然)我收到了未经授权的错误(401)。删除授权后,我将收到内部服务器错误(表示我的“ User.Identity.Name”)不起作用。所以我猜我的JWT有问题

我尝试删除授权标头。但这给了我一个内部服务器错误(500)。唯一有效的请求是那些不使用IdentityUser的请求,因此为[AllowAnonymous]

我不知道可能是什么问题,因此很难显示一些代码。但由于我认为问题与我的JWT有关,因此我将添加一些代码。

一些控制器代码.NET 

[Route("api/[controller]")]
    [ApiController]
    [Produces("application/json")]
    [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
    public class BierenController : ControllerBase
    {
        private readonly IBierRepository _bierRepository;
        private readonly IGebruikerRepository _gebruikerRepository;
        private readonly IBrouwerRepository _brouwerRepository;

        public BierenController(IBierRepository bierRepository, IGebruikerRepository gebruikerRepository, IBrouwerRepository brouwerRepository)
        {
            _bierRepository = bierRepository;
            _gebruikerRepository = gebruikerRepository;
            _brouwerRepository = brouwerRepository;
        }


        [HttpGet]
        [AllowAnonymous]
        public IEnumerable<Bier> GetBieren()
        {
            return _bierRepository.GetAll().OrderBy(b => b.Naam);
        }

        [HttpGet("{id}")]
        [AllowAnonymous]
        public ActionResult<Bier> GetBier(int id)
        {
            Bier bier = _bierRepository.GetBy(id);
            if (bier == null)
                return NotFound();
            return bier;
        }

        [HttpPost]
        [Authorize(Roles = "Brouwer, Admin")]
        public IActionResult PostBier(Bier bier)
        {
            Brouwer brouwer = _brouwerRepository.GetBy(User.Identity.Name);
            brouwer.AddBier(bier);
            _brouwerRepository.SaveChanges();
            return NoContent();
        }

Startup.cs配置 

 public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }


        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

            services.AddDbContext<BrouwerContext>(options =>
              options.UseSqlServer(Configuration.GetConnectionString("BierContext")));

            services.AddScoped<IBrouwerRepository, BrouwerRepository>();
            services.AddScoped<IBierRepository, BierRepository>();
            services.AddScoped<IGebruikerRepository, GebruikerRepository>();
            services.AddScoped<IPostRepository, PostRepository>();

            services.AddOpenApiDocument(c =>
            {
                c.Title = "BabAPI";
                c.Version = "v1";
                c.Description = "De API voor BAB";
                c.DocumentProcessors.Add(new SecurityDefinitionAppender("JWT Token", new SwaggerSecurityScheme
                {
                    Type = SwaggerSecuritySchemeType.ApiKey,
                    Name = "Authorization",
                    In = SwaggerSecurityApiKeyLocation.Header,
                    Description = "Copy 'Bearer' + valid JWT token into field" }));
                c.OperationProcessors.Add(new OperationSecurityScopeProcessor("JWT Token"));
            });
            services.AddCors(options =>
                options.AddPolicy("AllowAllOrigins", builder =>
                builder.AllowAnyOrigin()
                 ));

            services.AddDefaultIdentity<IdentityUser>(cfg => cfg.User.RequireUniqueEmail = true).AddRoles<IdentityRole>().AddEntityFrameworkStores<BrouwerContext>();



            services.Configure<IdentityOptions>(options =>
            {
                // Password settings.
                options.Password.RequireDigit = true;
                options.Password.RequiredLength = 6;
                options.Password.RequireNonAlphanumeric = false;
                options.Password.RequiredUniqueChars = 1;

                // Lockout settings.
                options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
                options.Lockout.MaxFailedAccessAttempts = 5;
                options.Lockout.AllowedForNewUsers = true;

                // User settings.
                options.User.AllowedUserNameCharacters =
                "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
                options.User.RequireUniqueEmail = true;
            });


        services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(x =>
            {
                x.RequireHttpsMetadata = false; x.SaveToken = true; x.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Tokens:Key"])),
                    ValidateIssuer = false,
                    ValidateAudience = false,
                    RequireExpirationTime = true
                };
            });
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env, IServiceProvider services)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }
            app.UseStaticFiles();
            app.UseHttpsRedirection();
            app.UseMvc();
            CreateUserRoles(services).Wait();
            app.UseAuthentication();
            app.UseSwaggerUi3();
            app.UseSwagger();
            app.UseCors("AllowAllOrigins");
        }

角度身份验证拦截器 

export class AuthenticationInterceptor implements HttpInterceptor {

    constructor(private authService: AuthenticationService) { }

    intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
        if (this.authService.token.length) {
            const clonedRequest = req.clone({
                headers: req.headers.set('Authorization', `Bearer ${this.authService.token}`)
            });
            return next.handle(clonedRequest);
        }
        return next.handle(req);
    }
}

.NET登录/注册/令牌创建 

        [AllowAnonymous]
        [HttpPost]
        public async Task<ActionResult<String>> CreateToken(LoginDTO model)
        {
            var user = await this._userManager.FindByNameAsync(model.GebruikersNaam);

            if(user == null)
            {
                user = await this._userManager.FindByEmailAsync(model.GebruikersNaam);
            }

            if (user != null)
            {
                var result = await _signInManager.CheckPasswordSignInAsync(user, model.Password, false);

                if (result.Succeeded)
                {
                    string token = await GetTokenAsync(user);
                    return Created("", token);
                }
            }
            return BadRequest();
        }

        private async Task<string> GetTokenAsync(IdentityUser user)
        {
            var role = await _userManager.GetRolesAsync(user);
            IdentityOptions _options = new IdentityOptions();
            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Tokens:Key"]));

            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = new ClaimsIdentity(new Claim[] {
                    new Claim(JwtRegisteredClaimNames.UniqueName, user.UserName),
                    new Claim(_options.ClaimsIdentity.RoleClaimType, role.FirstOrDefault())
                }),

                SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256),
                Expires = DateTime.Now.AddMinutes(30)
        };
            var tokenHandler = new JwtSecurityTokenHandler();
            var securityToken = tokenHandler.CreateToken(tokenDescriptor);
            var token = tokenHandler.WriteToken(securityToken);
            return token;
        }

[AllowAnonymous]
        [HttpPost("register")]
        public async Task<ActionResult<String>> Register(RegisterDTO model)
        {
            IdentityUser user = new IdentityUser { UserName = model.GebruikersNaam, Email = model.Email };
            var result = await _userManager.CreateAsync(user, model.Password);


            if (result.Succeeded)
            {
                if (model.Email.ToLower().Equals("admin1@hotmail.com"))
                {
                    Brouwer brouwer = new Brouwer { Naam = model.GebruikersNaam, Email = model.Email };
                    _brouwerRepository.Add(brouwer);
                    _brouwerRepository.SaveChanges();
                    await _userManager.AddToRoleAsync(user, "Admin");
                }
                else if (model.Email.ToLower().Equals("brouwer1@hotmail.com"))
                {
                    Brouwer brouwer = new Brouwer { Naam = model.GebruikersNaam, Email = model.Email };
                    _brouwerRepository.Add(brouwer);
                    _brouwerRepository.SaveChanges();
                    await _userManager.AddToRoleAsync(user, "Brouwer");

                }
                else
                {
                    Gebruiker gebruiker = new Gebruiker { Email = model.Email, Gebruikersnaam = model.GebruikersNaam };
                    _gebruikerRepository.Add(gebruiker);
                    _gebruikerRepository.SaveChanges();
                    await _userManager.AddToRoleAsync(user, "User");
                }
                string token = await GetTokenAsync(user);
                return Created("", token);
            }
            else {
                return BadRequest();
            }

Image of the error

0 个答案:

没有答案
相关问题
最新问题