尝试在简单的.Net Core Web API项目中使用基于承载令牌的身份验证。这是我的Startup.cs
app.UseMvc();
//---
const string secretKey = "mysupersecret_secretkey!123";
SymmetricSecurityKey signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey));
SigningCredentials signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
//---
const string audience = "Audience";
const string issuer = "Issuer";
//---
TokenValidationParameters tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
ValidateIssuer = false,
ValidIssuer = issuer,
ValidateAudience = true,
ValidAudience = audience,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero,
AuthenticationType = JwtBearerDefaults.AuthenticationScheme
};
//---
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = tokenValidationParameters,
AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme,
});
我也添加AuthorizeAttribute
到控制器动作
[HttpGet]
[Authorize(ActiveAuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
public IEnumerable<string> Get()
{
return new[] { "value1", "value2" };
}
但是当尝试发送带有标头的获取请求时,Authorization: Bearer [TOKEN]
我得到了例外
System.InvalidOperationException: No authentication handler is configured to authenticate for the scheme: Bearer
at Microsoft.AspNetCore.Http.Authentication.Internal.DefaultAuthenticationManager.
那么,这个“身份验证处理程序”是什么?我需要在哪里设置此处理程序?
在ASP.NET Core中,中间件的顺序很重要:它们以与注册时相同的顺序执行。在这里,app.UseMvc()
在JWT承载中间件之前被调用,因此这是行不通的。
将其放在app.UseMvc()
管道的末端,它应该可以正常工作:
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = tokenValidationParameters,
AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme,
});
app.UseMvc();
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句