即使请求不包含 JWT 令牌,我的授权请求的授权处理程序也会被执行。
我认为这是无稽之谈。我做错了什么吗?或者它是预期的并且应该手动处理?
配置:
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "Puls.Cloud.Services.Account.API v1"));
}
app.UseProblemDetails();
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers().RequireAuthorization();
});
app.UseSwagger();
DI:
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(encryptionKey),
ValidateIssuer = false,
ValidateAudience = false
};
x.Events = new JwtBearerEvents
{
OnAuthenticationFailed = AuthenticationFailed
};
});
services.AddAuthorization(options =>
{
options.AddPolicy(RequirePermissionAttribute.RequirePermissionPolicyName, policyBuilder =>
{
policyBuilder.Requirements.Add(new RequirePermissionAuthorizationRequirement());
policyBuilder.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme);
});
});
答案 0 :(得分:0)
在你的 app.UseEndpoints() 中有
<块引用>endpoints.MapControllers().RequireAuthorization();
很明显,这将强制 DefaultPolicy 到您的控制器。
您应该执行以下选项之一:
选项 1:使用 [AllowAnonymous] 属性处理
选项 2:使用自定义 AuthorizationHandler
处理请检查这些链接: https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-5.0