Owin JWT 401 未经授权
Owin JWT 401 Unauthorized
我正在尝试使用 IdentityServer4 和 JWT 进行身份验证。我从我的客户那里得到了一个令牌,并试图 post 向我的一个控制器发出一个简单的请求。
我有这样的请求
GET api/Users
Authorization: Bearer {{my-token}}
在我的启动中class我已经注册
var authorizationPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
services.AddMvc(config => {
config.Filters.Add(new AuthorizeFilter(authorizationPolicy)});
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddIdentityServerAuthentication(o =>
{
o.Authority = "https://localhost:44333";
o.RequireHttpsMetadata = false;
o.ApiName = "MyApi";
o.JwtBearerEvents = new JwtBearerEvents
{
OnAuthenticationFailed = async context => {
Console.WriteLine("Debugger");
},
OnMessageReceived = async context => {
Console.WriteLine("Debugger");
},
OnTokenValidated = async tokenValidationContext =>
{
Console.WriteLine("Debugger");
}
});
我已经在每个 Console.WriteLine("Debugger") 语句中设置了断点,但 none 断点命中。我仍然被未经授权退回。
header 是否适合我的授权?我想在请求失败时检查请求,但是即使打开了所有异常我也无法达到断点,有人有什么建议吗?
编辑
我的客户端配置:
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("MyApi", "My Api"),
new ApiResource
{
Name = "customAPI",
DisplayName = "Custom API",
Description = "Custom API Access",
UserClaims = new List<string> {"role"},
ApiSecrets = new List<Secret> {new Secret("secretPassword".Sha256())},
Scopes = new List<Scope>
{
new Scope("customAPI.read"),
new Scope("customAPI.write")
}
}
};
}
控制器控制器基地:
[Route("api/[controller]")]
public class AsyncCRUDSingleKeyServiceController<TDTO, TKey> : Controller
where TKey : struct
{
protected IAsyncCRUDService<TDTO> _service;
public AsyncCRUDSingleKeyServiceController(IAsyncCRUDService<TDTO> service)
{
this._service = service;
}
[HttpGet("{id}")]
public virtual async Task<TDTO> Get(TKey id)
{
return await this._service.Get(new object[] { id });
}
//...
}
在 Startup.Configure 中,您是否包含了以下行(在 app.UseMvc 之前)?
app.UseAuthentication();
我正在尝试使用 IdentityServer4 和 JWT 进行身份验证。我从我的客户那里得到了一个令牌,并试图 post 向我的一个控制器发出一个简单的请求。
我有这样的请求
GET api/Users
Authorization: Bearer {{my-token}}
在我的启动中class我已经注册
var authorizationPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
services.AddMvc(config => {
config.Filters.Add(new AuthorizeFilter(authorizationPolicy)});
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddIdentityServerAuthentication(o =>
{
o.Authority = "https://localhost:44333";
o.RequireHttpsMetadata = false;
o.ApiName = "MyApi";
o.JwtBearerEvents = new JwtBearerEvents
{
OnAuthenticationFailed = async context => {
Console.WriteLine("Debugger");
},
OnMessageReceived = async context => {
Console.WriteLine("Debugger");
},
OnTokenValidated = async tokenValidationContext =>
{
Console.WriteLine("Debugger");
}
});
我已经在每个 Console.WriteLine("Debugger") 语句中设置了断点,但 none 断点命中。我仍然被未经授权退回。
header 是否适合我的授权?我想在请求失败时检查请求,但是即使打开了所有异常我也无法达到断点,有人有什么建议吗?
编辑 我的客户端配置:
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("MyApi", "My Api"),
new ApiResource
{
Name = "customAPI",
DisplayName = "Custom API",
Description = "Custom API Access",
UserClaims = new List<string> {"role"},
ApiSecrets = new List<Secret> {new Secret("secretPassword".Sha256())},
Scopes = new List<Scope>
{
new Scope("customAPI.read"),
new Scope("customAPI.write")
}
}
};
}
控制器控制器基地:
[Route("api/[controller]")]
public class AsyncCRUDSingleKeyServiceController<TDTO, TKey> : Controller
where TKey : struct
{
protected IAsyncCRUDService<TDTO> _service;
public AsyncCRUDSingleKeyServiceController(IAsyncCRUDService<TDTO> service)
{
this._service = service;
}
[HttpGet("{id}")]
public virtual async Task<TDTO> Get(TKey id)
{
return await this._service.Get(new object[] { id });
}
//...
}
在 Startup.Configure 中,您是否包含了以下行(在 app.UseMvc 之前)?
app.UseAuthentication();