asp.net-web-api – 使用Asp.Net Core WebAPI进行授权
|
不可否认,这是建立Asp.Net Core web api项目的第一步.一个要求是支持OAuth2. Api和Identity服务器是两个独立的项目,都是从Asp.Net核心空模板开始的.
身份服务器已启动并正在运行,并且正在通过资源所有者流提供令牌.获取令牌很好,范围和相关的access_token详细信息似乎是正确的. 当我向我的资源端点发出get请求时,我首先得到以下信息…… info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://localhost:12886/v1/mystuff
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware[2]
Successfully validated the token.
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware[3]
HttpContext.User merged via AutomaticAuthentication from authenticationScheme: Bearer.
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware[8]
AuthenticationScheme: Bearer was successfully authenticated.
info: IdentityModel.AspNetCore.ScopeValidation.ScopeValidationMiddleware[0]
Scopes found on current principal: scope: stuffdetails,scope: stuffmover
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware[8]
AuthenticationScheme: Bearer was successfully authenticated.
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[1]
Authorization was successful for user: 939d72dd-654c-447f-a65d-d0426b1eca59.
所以,我可以告诉中间件正在验证我的令牌,读取范围以及验证令牌. info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed for user: 939d72dd-654c-447f-a65d-d0426b1eca59.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
Executing ChallengeResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware[13]
AuthenticationScheme: Bearer was forbidden.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action TestApi.StuffController.GetStuff (TestApi) in 32.4439ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 1207.1769ms 403
以下是我认为启动时的相关内容. ConfigureServices … services.AddMvcCore()
.AddAuthorization(opts =>
{
opts.AddPolicy("stuffdetails",policy => policy.RequireClaim("stuffdetails"));
}
)
.AddJsonFormatters();
services.AddOptions();
配置 var authServerOptions = new IdentityServerAuthenticationOptions
{
Authority = configOptions.Value.AuthServerSettings.AuthServerURI,RequireHttpsMetadata = configOptions.Value.AuthServerSettings.RequiresHttpsMetaData,ApiName = configOptions.Value.AuthServerSettings.ApiName,AllowedScopes = configOptions.Value.AuthServerSettings.AllowedScopes,SupportedTokens = IdentityServer4.AccessTokenValidation.SupportedTokens.Jwt,AuthenticationScheme = "Bearer",SaveToken = true,ValidateScope = true
};
app.UseIdentityServerAuthentication(authServerOptions);
app.UseMvc();
东西控制器 [Route("v1/[controller]")]
[Authorize(ActiveAuthenticationSchemes = "Bearer")]
public class StuffController : Controller
{
[HttpGet]
[Authorize(Policy = "stuffdetails")]
public JsonResult GetStuff()
{
return new JsonResult(new
{
Message = "You've got stuff.."
});
}
}
如果我从GetStuff方法中删除Authorize属性,一切都很好,因为如日志所示,持有者令牌被授权. 问题: >授权失败是因为我的政策不正确,如果是这样,应如何设置? 任何帮助是极大的赞赏.. 解决方法
您所看到的内容看起来是正确的,但您只需删除“授权”属性的“政策”部分即可轻松验证:如果它现在有效,则问题与您的政策有关,如果仍然失败那么这是一个更广泛的问题而不仅仅是你的政策.我假设您使用自己的IProfileService实现将“stuffdetails”声明添加到access_token中?
是的,似乎是aspnet进行自定义授权的核心方式.
我正在使用UseIdentityServerAuthentication和ResourceOwnerPassword流程.我有兴趣听听UseJwtBearerAuthentication方法是首选还是提供其他功能. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
- asp.net-mvc – asp.net mvc子行为
- asp.net-mvc – 如何在mvc网格格式中格式化日期
- asp.net-mvc – ASP.NET MVC – Typesafe Html.TextBoxFor,
- asp.net-mvc – 如何开始使用多租户MVC应用程序
- asp.net-mvc – 将母版页的代码放在MVC应用程序中的位置?
- asp.net – Firefox在IIS6上启用了摘要式身份验证的每个HTT
- ASP.NET:文字属性中的单引号和双引号
- 会话状态信息无效,可能在ASP.Net中已损坏
- asp.net – 如何循环通过WebForms中的数据,就像在MVC中
- ASP.NET Server.HtmlEncode限制