如何从 ASP.NET Core 2.1 API 获取 401 Unauthorized 的详细信息

How-To get details of 401 Unauthorized from ASP.NET Core 2.1 API

我正在开发 ASP.NET API(内置于 Core 2.1 中),当我尝试从测试应用程序调用它时,我收到 401 Unauthorized。但是,据我所知,访问令牌很好。有没有办法从 ASP.NET Core 2.1 中的身份验证处理程序中获取有关无效内容的更多详细信息?如果我能对令牌有什么问题有所了解,我应该能够找到解决方案来纠正它,但现在我在黑暗中跌跌撞撞,只是尝试各种事情(很可能,我只是在做它更糟)。

您应该查看服务器日志。我可能是您在请求中传递令牌的方式。例如:

I was doing:

GET https://localhost:44357/api/test 
Headers:   
    Bearer: {ACCESS_TOKEN_VALUE}   
    Content-Type: application/json

when I should have been doing:

GET https://localhost:44357/api/test 
Headers:   
    Authorization: Bearer {ACCESS_TOKEN_VALUE}
    Content-Type: application/json

https://github.com/openiddict/openiddict-core/issues/577

检查服务器的日志或事件查看器。

对于您的错误,请检查您是否将 app.UseAuthentication() 作为 Configure() 中的第一个方法调用,甚至在 UseMVC().

之前

如果您提到了错误的子代码,将会有所帮助:

401.1: Access is denied due to invalid credentials.
401.2: Access is denied due to server configuration favoring an alternate authentication method.
401.3: Access is denied due to an ACL set on the requested resource.
401.4: Authorization failed by a filter installed on the Web server.
401.5: Authorization failed by an ISAPI/CGI application.
401.7: Access denied by URL authorization policy on the Web server.