问题来了。我需要实现逻辑以在运行时对不同发行者的用户进行身份验证。 (使用 Cognito 用户池)
ConfigureServices.cs:
var schemaMap = services.GetAllAuthorizationSchemesFromDB();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearerForSchemes(schemaMap, IssuerTemplate);
services.AddAuthorization(auth =>
{
var allSchemaNames = schemaMap.Keys.ToList();
allSchemaNames.Add(JwtBearerDefaults.AuthenticationScheme);
auth.AddPolicy("EXTERNAL", new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(allSchemaNames.ToArray())
.RequireAuthenticatedUser()
.Build());
});
Extentions.cs:
public static AuthenticationBuilder AddJwtBearerForSchemes(this AuthenticationBuilder authBuilder, Dictionary<string, string> schemaIssuerMap, Func<string, string> IssuerTemplate)
{
foreach (var item in schemaIssuerMap)
{
authBuilder.AddJwtBearer(item.Key, options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidateAudience = false,
ClockSkew = TimeSpan.Zero,
ValidIssuer = IssuerTemplate(item.Value)
};
options.Authority = IssuerTemplate(item.Value);
});
}
authBuilder.AddPolicyScheme("EXTERNAL", "EXTERNAL", options =>
{
options.ForwardDefaultSelector = context =>
{
string authorization = context.Request.Headers[HeaderNames.Authorization];
if (!string.IsNullOrEmpty(authorization))
{
if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
{
var token = authorization.Substring("Bearer ".Length).Trim();
var jwtHandler = new JwtSecurityTokenHandler();
if (jwtHandler.CanReadToken(token))
{
var jwtToken = jwtHandler.ReadJwtToken(token);
var scheme = jwtToken.Issuer;
return scheme;
}
}
}
return JwtBearerDefaults.AuthenticationScheme;
};
});
return authBuilder;
}
根本没有找到有关 asp net core auth 的正确解释信息,所以我只是不明白它是如何工作的。
异常,尝试发送请求时:
System.InvalidOperationException: 未指定 authenticationScheme,也未找到 DefaultChallengeScheme。
我错过了什么?