ASP.Net Core 3.0 JWT承载令牌没有SecurityTokenValidator可用
我正在将ASP.Net Core 3.0 API与EntityFramework Core用作UserStorage。 Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.SpaServices.AngularCli;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
.
.
.
//Add Identity Provider with EntityFramework
services.AddIdentity<User, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDBContext>()
.AddDefaultTokenProviders();
//Initialize EntityFramework
services.AddDbContext<ApplicationDBContext>(options => options.UseSqlite(Configuration.GetConnectionString("localDB")));
//Initialize JWT Authentication
services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(jwtBearerOptions =>
{
jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = "http://localhost:44352",
ValidAudience = "http://localhost:44352",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration.GetSection("Secrets")["jwt"]))
};
}
);
services.AddMvc(options => options.EnableEndpointRouting = false)
.AddNewtonsoftJson();
// In production, the Angular files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/dist";
});
}
.
.
.
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseSpaStaticFiles();
//Enable Authentication
app.UseAuthentication();
app.UseAuthorization();
.
.
.
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action=Index}/{id?}");
});
.
.
.
这是我发行JWT令牌的代码:
public async Task<IActionResult> Login()
{
using (var reader = new StreamReader(Request.Body))
{
var body = await reader.ReadToEndAsync();
var cred = JsonConvert.DeserializeObject<Credentials>(body);
var result = (await userService.LoginUser(cred.userName, cred.password));
if (result == 200)
{
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration.GetSection("Secrets")["jwt"]));
var signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256Signature);
var roles = await userService.GetRoleFromUsername(cred.userName);
var rolesString = JsonConvert.SerializeObject(roles);
var tokeOptions = new JwtSecurityToken(
issuer: "http://localhost:44352",
audience: "http://localhost:44352",
claims: new List<Claim>(new List<Claim> {
new Claim("userName",cred.userName),
new Claim("roles", rolesString)
}),
expires: DateTime.Now.AddHours(1),
signingCredentials: signinCredentials
);
这是我使用授权进行的API调用:
[Route("api/videos/add")]
[Authorize(Roles = "Admin")]
[HttpPost]
public async Task<IActionResult> AddVideo()
{
using (var reader = new StreamReader(Request.Body))
{
var body = await reader.ReadToEndAsync();
var video = JsonConvert.DeserializeObject<Video>(body);
await videoService.AddVideo(video);
return Ok();
}
}
我的NuGet软件包是:
- Microsoft.EntityFrameworkCore {3.0.0-preview5.19227.1}
- Microsoft.EntityFrameworkCore.Sqlite {3.0.0-preview5.19227.1}
- Microsoft.AspNetCore.Authentication.JwtBearer {3.0.0-preview4-19216-03}
- Microsoft.EntityFrameworkCore.Sqlite.Core {3.0.0-preview5.19227.1}
- Microsoft.NETCore.Platforms {3.0.0-preview4.19212.13}
- Microsoft.AspNetCore.Mvc.NewtonsoftJson {3.0.0-preview5-19227-01}
- Microsoft.AspNetCore.SpaServices.Extensions {3.0.0-preview5-19227-01}
- Microsoft.AspNetCore.Identity.EntityFrameworkCore {3.0.0-preview5-19227-01}
- runtime.win-x64.Microsoft.NETCore.DotNetAppHost {3.0.0-preview4-27615-11}
我遇到的问题是,如果我调用该API部分,则会收到错误消息:
信息:承载未通过身份验证。失败消息:没有可用于令牌的SecurityTokenValidator:
任何帮助将不胜感激,因为我找不到错误
3 个答案:
答案 0 :(得分:1)
如果要添加角色作为声明,请尝试使用ClaimTypes.Role代替roles。
var tokeOptions = new JwtSecurityToken(
issuer: "http://localhost:44352",
audience: "http://localhost:44352",
claims: new List<Claim>(new List<Claim> {
new Claim("userName",cred.userName),
new Claim(ClaimTypes.Role, "Admin")
}),
expires: DateTime.Now.AddHours(1),
signingCredentials: signinCredentials
);
答案 1 :(得分:0)
感谢邹兴,我找到了错误的根源。问题是我发送了带有引号的不记名令牌。
现在API中的错误已消失,问题在于API中的授权现在失败,并且返回403。
编辑:
我发现了与错误403有关的问题。似乎只允许您在承载令牌中发送一个角色,以便ASP.Net对其进行验证。 userManager.GetRolesAsync的返回类型建议用户可以具有多个角色,这些角色可以包含在JWT承载令牌中。
这意味着我的问题已解决。
我要感谢大家的回答。没有你,我不会得到它的!
答案 2 :(得分:0)
我这样解决了这个问题:
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {token.Replace("\"", "")}");
这不是最好的解决方案,但是它奏效了。
相关问题
- JWT Bearer令牌流程
- 在asp.net vnext上使用bearer token身份验证刷新令牌
- 没有SecurityTokenValidator可用于令牌
- AspNetCore.Authentication.JwtBearer失败,没有SecurityTokenValidator可用于.net核心RC2的令牌
- ASP.Net Core RC2 JWT Bearer令牌
- ASP.NET核心JWT承载令牌自定义验证
- Identity Server 4没有可用于令牌的安全令牌验证器
- 从IdentityServer4发出承载令牌
- ASP.Net Core 3.0 JWT承载令牌没有SecurityTokenValidator可用
- AspNet核心401-添加令牌时没有SecurityTokenValidator
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?