具有承载令牌状态的Asp.Net核心授权未经授权的401具有有效令牌

时间:2020-05-01 06:57:22

标签: asp.net-core jwt authorization postman bearer-token

    public class User: IdentityUser
    {
        // ... code here
    }


    [HttpPost]
    [Route("Login")]
    //POST: /api/User/Login
    public async Task<IActionResult> Login(LoginModel model)
    {
        var user = await _UserManager.FindByEmailAsync(model.Email);
        if (user != null && await _UserManager.CheckPasswordAsync(user, model.Password))
        {
            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = new ClaimsIdentity(
                    new Claim[]
                    {
                      new Claim("UserID", user.Id.ToString())
                    }),
                Expires = DateTime.UtcNow.AddDays(5),
                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_ApplicationSettings.JWT_Secret)), SecurityAlgorithms.HmacSha256Signature)
            };
            var tokenHandler = new JwtSecurityTokenHandler();
            var securityToken = tokenHandler.CreateToken(tokenDescriptor);
            var token = tokenHandler.WriteToken(securityToken);
            return Ok(new { token });
        }
        else
        {
            return BadRequest(new { message = "Username or password is incorrect" });
        }
    }

}

    [HttpGet]
    [Authorize]
    //GET: /api/UserProfile
    public async Task<Object> GetUserProfile()
    {
        var t = User.Claims.Count();

        string userId = User.Claims.First(c => c.Type == "UserID").Value;
        var user = await _UserManager.FindByIdAsync(userId);
        return new
        {
            user.FirstName,
            user.LastName,
            user.Email,
            user.ProfileType
        };
    }
}

当我尝试使用返回的令牌(使用邮递员)获取连接的用户时,我始终会获得状态401 Unathorized。 另外,我发现User.Claims.Count()为0(我通过注释来做到这一点,以便查看错误之处[授权]。)

有人知道这个问题是什么吗?

谢谢!

编辑:应用配置

    public void ConfigureServices(IServiceCollection services)
    {
        //Inject AppSettings
        services.Configure<ApplicationSettings>(Configuration.GetSection("ApplicationSettings"));

        services.AddControllers();
        services.AddDbContext<AuthentificationContext>(
           options =>
           {
               options.UseMySql(Configuration.GetConnectionString("IdentityConnection"));
           });

        services.AddDefaultIdentity<User>()
                .AddEntityFrameworkStores<AuthentificationContext>();

        services.Configure<IdentityOptions>(options =>
        {
            options.Password.RequireDigit = false;
            options.Password.RequireNonAlphanumeric = false;
            options.Password.RequireLowercase = false;
            options.Password.RequireUppercase = false;
            options.Password.RequiredLength = 6;
            options.User.RequireUniqueEmail = true;
        }
        );

        services.AddCors();

        //jwt authentification
        var key = Encoding.UTF8.GetBytes(Configuration["ApplicationSettings:JWT_Secret"].ToString());
        services.AddAuthentication(x =>
        {
            x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            x.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
        }).AddJwtBearer(x =>
       {
           x.RequireHttpsMetadata = false;
           x.SaveToken = false;
           x.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
           {
               ValidateIssuerSigningKey = true,
               IssuerSigningKey = new SymmetricSecurityKey(key),
               ValidateIssuer = false,
               ValidateAudience = false,
               ClockSkew = TimeSpan.Zero
           };
       });

        services.Configure<CookiePolicyOptions>(options =>
        {
            services.AddHttpContextAccessor();
            services.TryAddSingleton<IHttpContextAccessor, HttpContextAccessor>();
        });
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        app.Use(async (ctx, next) =>
        {
            await next();
            if (ctx.Response.StatusCode == 204)
            {
                ctx.Response.ContentLength = 0;
            }
        });

        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseCors(options =>
            options.WithOrigins(Configuration["ApplicationSettings:Client_URL"].ToString())
                   .AllowAnyMethod()
                   .AllowAnyHeader());

        app.UseRouting();

        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllers();
        });

        app.UseAuthentication();
    }
}

1 个答案:

答案 0 :(得分:0)

您应注意将app.UseAuthentication();放在app.UseAuthorization();之前的中间件顺序

app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();