我正在使用JWTBearer身份验证和授权。我的启动ConfigureServices方法如下:
public void ConfigureServices(IServiceCollection services)
{
IdentityModelEventSource.ShowPII = true;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(o =>
{
o.Authority = Configuration["Jwt:Authority"];
o.Audience = Configuration["Jwt:Audience"];
o.Events = new JwtBearerEvents()
{
OnAuthenticationFailed = c =>
{
c.NoResult();
c.Response.StatusCode = 500;
c.Response.ContentType = "text/plain";
return c.Response.WriteAsync("An error occured processing your authentication.");
}
}
};
});
services.AddAuthorization(options =>
{
options.AddPolicy("Administrator", policy =>
{
policy.RequireAssertion(x => {
var claimValue = x.User.Claims.First(c => c.Type == "resource_access").Value;
return claimValue.Contains("product_catalog_admin");
});
});
options.AddPolicy("Editor", policy =>
{
policy.RequireAssertion(x => x.User.Claims.First(c => c.Type == "resource_access").Value.Contains("product_catalog_editor"));
});
**options.AddPolicy("Viewer", policy =>
{
policy.RequireAssertion(x => x.User.Claims.First(c => c.Type == "resource_access").Value.Contains("product_catalog_viewer"));
});**
});
services.AddControllers();
}
现在,每当用户提交过期令牌时,我仍然会在下面粘贴错误。人们会期望认证失败时将不会执行授权...该错误与代码options.AddPolicy("Viewer", policy..
app_1 | fail: Microsoft.AspNetCore.Server.Kestrel[13]
app_1 | Connection id "0HM0A710EAE69", Request id "0HM0A710EAE69:00000001": An unhandled exception was thrown by the application.
app_1 | System.InvalidOperationException: Sequence contains no matching element
app_1 | at System.Linq.ThrowHelper.ThrowNoMatchException()
app_1 | at System.Linq.Enumerable.First[TSource](IEnumerable`1 source, Func`2 predicate)
app_1 | at product_catalog_api.Startup.<>c.<ConfigureServices>b__9_11(AuthorizationHandlerContext x) in /src/product-catalog-api/Startup.cs:line 143
app_1 | at Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement.<>c__DisplayClass3_0.<.ctor>b__0(AuthorizationHandlerContext context)
app_1 | at Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement.HandleAsync(AuthorizationHandlerContext context)
app_1 | at Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler.HandleAsync(AuthorizationHandlerContext context)
app_1 | at Microsoft.AspNetCore.Authorization.DefaultAuthorizationService.AuthorizeAsync(ClaimsPrincipal user, Object resource, IEnumerable`1 requirements)
app_1 | at Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context, Object resource)
app_1 | at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
app_1 | at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
app_1 | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
app_1 | fail: Microsoft.AspNetCore.Server.Kestrel[13]
我做错什么了吗?或者这是已知问题?