ASP.NET Core 3.1 Web API基于角色的授权不起作用

时间:2020-02-04 07:03:48

标签: c# asp.net-core asp.net-web-api

我不明白为什么我总是得到 401未经授权的原因,我所登录的用户具有 SuperAdmin 的角色。我尝试查看其他解决方案和项目,它们似乎与我仍然无法使用的代码相同。我使用Postman来测试API,并在“授权”选项卡中的承载令牌中粘贴了我登录的用户的令牌,并对此API进行了请求。

    //API
    [Route("create")]
    [Authorize(Roles = "SuperAdmin")]
    public async Task<IActionResult> RegisterUserAsync([FromBody] Request request)
    {
       return something;
    }

    //StartUp.cs
    private void ConfigureAuth(IServiceCollection services)
    {
        services.AddIdentity<UserEntity, RoleEntity>()
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders()
            .AddRoles<RoleEntity>();
    }
    var key = Encoding.ASCII.GetBytes(jwtSettings.Secret);
        services.AddAuthentication(x =>
        {
            x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        })
        .AddJwtBearer(x =>
        {
            x.RequireHttpsMetadata = false;
            x.SaveToken = true;
            x.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(key),
                ValidateIssuer = false,
                ValidateAudience = false
            };
        });

    //JWT
    public string GenerateToken(UserEntity userEntity, IList<string> roles)
    {
        var token = string.Empty;
        var tokenHandler = new JwtSecurityTokenHandler();
        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(this.jwtOptions.GetJwtOptions().Secret));
        var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);

        var claims = new List<Claim>()
        {
            new Claim(ClaimTypes.Name, userEntity.UserName),
            new Claim(ClaimTypes.GivenName, userEntity.FirstName),
            new Claim(ClaimTypes.Surname, userEntity.LastName),
            new Claim(ClaimTypes.NameIdentifier, userEntity.Id.ToString()),
            new Claim(ClaimTypes.Role, roles.FirstOrDefault()) //SuperAdmin
        };

        var tokenDescriptor = new SecurityTokenDescriptor
        {
            Subject = new ClaimsIdentity(claims),
            Expires = DateTime.UtcNow.AddMinutes(this.jwtOptions.GetJwtOptions().ExpiresInMinutes),
            SigningCredentials = credentials
        };

        token = tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor));

        return token;
    }

1 个答案:

答案 0 :(得分:3)

您需要在app.UseAuthentication()之前添加app.UseAuthorization(),身份验证中间件将处理JWT承载身份验证,验证和解码令牌,最后写入用户的原则。

相关问题
最新问题