我有一个.NET 4.52 WebAPI v5.2.6和我需要基于有效JWT授权的OWIN(OAuth&JWT)4.0.1。 JWT是从外部身份验证服务器生成的。我正在Startup.cs
中使用当前配置,以实现此目标。我肯定使用正确的AudienceSecret
string issuer = ConfigurationManager.AppSettings["Issuer"];
string audienceId = ConfigurationManager.AppSettings["AudienceId"];
string audienceSecret = TextEncodings.Base64.Encode(
Encoding.UTF8.GetBytes(
ConfigurationManager.AppSettings["AudienceSecret"]
));
uwApp.UseJwtBearerAuthentication(
new JwtBearerAuthenticationOptions()
{
TokenValidationParameters = new TokenValidationParameters()
{
RequireSignedTokens = false,
RequireExpirationTime = false,
ValidateAudience = false,
ValidateLifetime = false,
ValidateIssuer = false
},
IssuerSecurityKeyProviders = new IIssuerSecurityKeyProvider[]
{
new SymmetricKeyIssuerSecurityKeyProvider(issuer, audienceSecret)
}
}
);
我将此添加到了WebApiConfig:config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
但是我无法添加
config.SuppressDefaultHostAuthentication();
,因为该方法在我的版本中不存在,所以我尝试添加或不添加config.SuppressHostPrincipal();
都没有成功。
我相信自己的最终课题与
该声明未传递给Thread.CurrentPrincipal [Authorize]属性正在读取
与该线程中一样
Cannot validate token in UseJwtBearerAuthentication. Authorization has been denied
此外,当使用cookie身份验证来维护会话时,此方法工作正常,但它只是不从中间件内部进行拦截或验证,因此我不知道如何调试它。我什至在本地切换到https,以查看是否允许API读取承载,但这也不起作用:*(
总而言之,我有一个外部生成的JWT和一个用于验证其完整性的密钥。我需要的是以承载格式从请求中发送的令牌,将其通过API传递,以便中间件允许我结合WebAPI授权属性使用经过验证的角色和其他声明。
我通过将令牌传递到正文而不是标头Bearer {token}格式,然后通过ValidateToken(token)
进行了验证,从而验证了签名证书是否相同,但是我不能将其与API的授权属性使用相同的验证设置。
这是交易的完整请求/响应日志
POST /api/Auth/LoggedIn HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOjIyMTIsImVtYWlsIjoiYWRtaW5AaW5maW5pdHktc29mdHdhcmUuY29tIiwidXNlcm5hbWUiOiJLZW4gQ29sc29uIiwiaXNFbXBsb3llZSI6dHJ1ZSwiYWdlbmN5SWQiOjQyMDI4MSwiYWdlbmN5TmFtZSI6IkFDSUMtYWdlbmN5LTI2MyIsInJvbGUiOjMsImV4cCI6IjEyLzEyLzIwMjUifQ.FdW2XRzPFQUSfPieICmjuQ6lyqZSXx1iolCM9OxFppg
User-Agent: PostmanRuntime/7.20.1
Accept: */*
Cache-Control: no-cache
Postman-Token: ea68c533-4d76-4c79-b7d5-cc7dfae28bcb
Host: localhost:44300
Accept-Encoding: gzip, deflate
Content-Length: 0
Connection: keep-alive
HTTP/1.1 401 Unauthorized
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
WWW-Authenticate: Bearer
X-SourceFiles: =?UTF-8?B?QzpcVXNlcnNcbmljaG9sYXNhXF9fc291cmNlX2NvZGVcdXdtYW51YWxcQUNJQy5VVy5hcGlcYXBpXEF1dGhcTG9nZ2VkSW4=?=
X-Powered-By: ASP.NET
Date: Sat, 30 Nov 2019 20:34:58 GMT
Content-Length: 68
{
"message": "Authorization has been denied for this request."
}
WebAPI配置
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Web API configuration and services
config.EnableCors();
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}
在此方面的任何帮助将不胜感激,谢谢!