使用多个 ServiceStack 的身份验证提供程序会引发错误
Using multiple ServiceStack's auth providers throws error
我打算使用 2 个 ServiceStack 的身份验证提供程序:一个基于 CredentialsAuthProvider 的自定义提供程序称为 remotecreds 和内置的 JwtAuthProvider。我的 AppHost 注册码如下所示
appHost.Plugins.Add(new AuthFeature(() => new UserSession(),
new IAuthProvider[]
{
new JwtAuthProvider(AppSettings)
{
RequireSecureConnection = false,
HashAlgorithm = "RS256",
PublicKeyXml = publicKeyXml,
Audiences = new List<string> { $"{AppSettings.GetDictionary("Auth")["Url"]}/resources" },
PopulateSessionFilter = PopulateSessionFilter
},
new RemoteCredentialsAuthProvider(AppSettings)
{
PopulateSessionFilter = PopulateSessionFilter
},
}));
当我使用自定义身份验证提供程序 (POST /auth/remotecreds) 进行身份验证时,尽管身份验证提供程序的代码已正确执行,但 ServiceStack returns 出现以下错误
{
"responseStatus": {
"errorCode": "NotSupportedException",
"message": "PrivateKey required to use: RS256",
"stackTrace": "[Authenticate: 25/04/2019 9:59:25 AM]:\n[REQUEST: {provider:remotecreds,userName:admin,password:Pa$$word123}]\nSystem.NotSupportedException: PrivateKey required to use: RS256\r\n at ServiceStack.Auth.JwtAuthProvider.GetHashAlgorithm(IRequest req) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\JwtAuthProvider.cs:line 87\r\n at ServiceStack.Auth.JwtAuthProvider.CreateJwtBearerToken(IRequest req, IAuthSession session, IEnumerable`1 roles, IEnumerable`1 perms) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\JwtAuthProvider.cs:line 118\r\n at ServiceStack.Auth.JwtAuthProvider.Execute(AuthFilterContext authContext) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\JwtAuthProvider.cs:line 57\r\n at ServiceStack.Auth.AuthenticateService.Post(Authenticate request) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\AuthenticateService.cs:line 253\r\n at ServiceStack.Host.ServiceRunner`1.ExecuteAsync(IRequest req, Object instance, TRequest requestDto) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Host\ServiceRunner.cs:line 133",
"errors": []
}
}
如果我注释掉 AppHost 中的 JwtAuthProvider 注册,上面的相同调用会成功。
所以在这里我很困惑为什么 ServiceStack 调用 JwtAuthProvider 而我清楚地针对我的自定义身份验证提供程序进行了身份验证。
问题是您的 JwtAuthProvider 配置错误,如果您想使用 RSA* 哈希算法,则需要 configured with the private key:
new JwtAuthProvider(AppSettings) {
HashAlgorithm = "RS256",
PrivateKeyXml = AppSettings.GetString("PrivateKeyXml")
}
它仍然会尝试使用您的自定义 AuthProvider 进行身份验证,但如果您注册了 JwtAuthProvider,它将尝试使用 JWT token in BearerToken 填充 AuthenticateResponse,因此当用户针对您的 Auth Provider 进行身份验证,例如:
var clientnew JsonServiceClient(baseUrl);
var authResponse = client.Post(new Authenticate {
provider = "remotecreds",
UserName = username,
Password = password,
RememberMe = true,
});
他们将有权访问填充在以下位置的 JWT 令牌:
var jwt = authResponse.BearerToken;
因此,如果配置正确,它将 return 在 BearerToken 中填充 JWT 令牌或
如果您删除 JwtAuthProvider 它不会尝试填充它。
我打算使用 2 个 ServiceStack 的身份验证提供程序:一个基于 CredentialsAuthProvider 的自定义提供程序称为 remotecreds 和内置的 JwtAuthProvider。我的 AppHost 注册码如下所示
appHost.Plugins.Add(new AuthFeature(() => new UserSession(),
new IAuthProvider[]
{
new JwtAuthProvider(AppSettings)
{
RequireSecureConnection = false,
HashAlgorithm = "RS256",
PublicKeyXml = publicKeyXml,
Audiences = new List<string> { $"{AppSettings.GetDictionary("Auth")["Url"]}/resources" },
PopulateSessionFilter = PopulateSessionFilter
},
new RemoteCredentialsAuthProvider(AppSettings)
{
PopulateSessionFilter = PopulateSessionFilter
},
}));
当我使用自定义身份验证提供程序 (POST /auth/remotecreds) 进行身份验证时,尽管身份验证提供程序的代码已正确执行,但 ServiceStack returns 出现以下错误
{
"responseStatus": {
"errorCode": "NotSupportedException",
"message": "PrivateKey required to use: RS256",
"stackTrace": "[Authenticate: 25/04/2019 9:59:25 AM]:\n[REQUEST: {provider:remotecreds,userName:admin,password:Pa$$word123}]\nSystem.NotSupportedException: PrivateKey required to use: RS256\r\n at ServiceStack.Auth.JwtAuthProvider.GetHashAlgorithm(IRequest req) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\JwtAuthProvider.cs:line 87\r\n at ServiceStack.Auth.JwtAuthProvider.CreateJwtBearerToken(IRequest req, IAuthSession session, IEnumerable`1 roles, IEnumerable`1 perms) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\JwtAuthProvider.cs:line 118\r\n at ServiceStack.Auth.JwtAuthProvider.Execute(AuthFilterContext authContext) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\JwtAuthProvider.cs:line 57\r\n at ServiceStack.Auth.AuthenticateService.Post(Authenticate request) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\AuthenticateService.cs:line 253\r\n at ServiceStack.Host.ServiceRunner`1.ExecuteAsync(IRequest req, Object instance, TRequest requestDto) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Host\ServiceRunner.cs:line 133",
"errors": []
}
}
如果我注释掉 AppHost 中的 JwtAuthProvider 注册,上面的相同调用会成功。
所以在这里我很困惑为什么 ServiceStack 调用 JwtAuthProvider 而我清楚地针对我的自定义身份验证提供程序进行了身份验证。
问题是您的 JwtAuthProvider 配置错误,如果您想使用 RSA* 哈希算法,则需要 configured with the private key:
new JwtAuthProvider(AppSettings) {
HashAlgorithm = "RS256",
PrivateKeyXml = AppSettings.GetString("PrivateKeyXml")
}
它仍然会尝试使用您的自定义 AuthProvider 进行身份验证,但如果您注册了 JwtAuthProvider,它将尝试使用 JWT token in BearerToken 填充 AuthenticateResponse,因此当用户针对您的 Auth Provider 进行身份验证,例如:
var clientnew JsonServiceClient(baseUrl);
var authResponse = client.Post(new Authenticate {
provider = "remotecreds",
UserName = username,
Password = password,
RememberMe = true,
});
他们将有权访问填充在以下位置的 JWT 令牌:
var jwt = authResponse.BearerToken;
因此,如果配置正确,它将 return 在 BearerToken 中填充 JWT 令牌或
如果您删除 JwtAuthProvider 它不会尝试填充它。