个人中心
gpt4 book ai didi

c# - 即使包含不记名 token ,Net Core API 也会返回 401

转载 作者:太空宇宙 更新时间:2023-11-03 19:42:19 25 4
gpt4 key购买 nike

我想保护我的 API 端点,以便它只能通过身份验证访问,我最终收到此错误。我使用 register 方法注册用户并获取 token 。然后,我在请求 header 中使用该长 token 来访问 protected 区域。但我不断收到授权 401 错误。究竟发生了什么错误! 

http Get http://localhost:5000/Account/Protected 'authorization:Bearer       eyJhb....fx0IM'
HTTP/1.1 401 Unauthorized
Content-Length: 0
Date: Fri, 27 Jul 2018 12:36:46 GMT
Server: Kestrel
WWW-Authenticate: Bearer error="invalid_token", error_description="The token as no expiration"

我有这个 Controller 配置用于 Account Controller。 Register 方法运行良好并注册了人员,现在如果我想添加一个带有 protected Controller 的 api 测试。我收到 401 错误。

namespace Lemon.Auth.Controllers
{
[Route("[controller]/[action]")]
public class AccountController : ControllerBase
{

    private readonly SignInManager<IdentityUser> _signInManager;
    private readonly UserManager<IdentityUser> _userManager;
    private readonly IConfiguration _configuration;

    public AccountController(
        UserManager<IdentityUser> userManager,
        SignInManager<IdentityUser> signInManager,
        IConfiguration configuration
    )
    {
        _userManager = userManager;
        _signInManager = signInManager;
        _configuration = configuration;
    }

    [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)
    [HttpGet]
    public async Task<object> Protected()
    {
        return "Protected area";
    }

    // Handlers
    [HttpPost]
    public async Task<object> Login([FromBody] LoginDto model)
    {

        var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, false, false);

        if(result.Succeeded)
        {
            var appUser = _userManager.Users.SingleOrDefault(r => r.Email == model.Email);
            return await GenerateJwtToken(model.Email, appUser);
        }

        throw new ApplicationException("Invalid Login Attempt");
    }

    // Handler :Register:
    public async Task<object> Register([FromBody] RegisterDto model)
    {
        var user = new IdentityUser
        {
            UserName = model.Email,
            Email = model.Email
        };

        // debuggi
        try
        {
            var result = await _userManager.CreateAsync(user, model.Password);
            if (result.Succeeded)
            {
                await _signInManager.SignInAsync(user, false);
                return await GenerateJwtToken(model.Email, user);
            }
        }
        catch (System.Exception ex)
        {
            Console.WriteLine(ex.ToString());
        }

        throw new ApplicationException("Unknown Error");
    }

    private async Task<object> GenerateJwtToken(string email, IdentityUser user)
    {
        var claims = new List<Claim>
        {
            new Claim(JwtRegisteredClaimNames.Sub, email),
            new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
            new Claim(ClaimTypes.NameIdentifier, user.Id)
        };

        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JwtKey"]));
        var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
        // var expires = DateTime.Now.AddDays(Convert.ToDouble(_configuration["JwtExpiresDays"]));
        Console.WriteLine("hello");

        var token = new JwtSecurityToken(
            _configuration["JwtIssuer"],
            _configuration["JwtIssuer"],
            claims,
            signingCredentials: creds
        );

        return new JwtSecurityTokenHandler().WriteToken(token);
    }
}
}

这是我的 Startup.cs

        public void ConfigureServices(IServiceCollection services)
    {
        // Db and context
        services.AddEntityFrameworkNpgsql().AddDbContext<ApplicationDbContext>(options =>
            {
                options.UseNpgsql(Configuration.GetConnectionString("DefaultConnection"));
            }
        );

        // add Identity
        services.AddIdentity<IdentityUser, IdentityRole>()
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();

        // add jwt
        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); // clear default behaviour
        services.AddAuthentication(options => 
        {
            options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        })
        .AddJwtBearer(cfg => 
        {
            cfg.RequireHttpsMetadata = false;
            cfg.SaveToken = true;
            cfg.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidIssuer = Configuration["JwtIssuer"],
                    ValidAudience = Configuration["JwtIssuer"],
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtKey"])),
                    ClockSkew = TimeSpan.Zero // remove delay of token when expire
};
            });

        // add mvc
        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ApplicationDbContext dbContext)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseHsts();
        }

        // app.UseHttpsRedirection();
        app.UseMvc();
        app.UseAuthentication();

        // ensure tables are created
        dbContext.Database.EnsureCreated();
    }

我想要实现的只是保护API..我引用了这个教程https://medium.com/@ozgurgul/asp-net-core-2-0-webapi-jwt-authentication-with-identity-mysql-3698eeba6ff8

最佳答案

Edit-2:我刚刚看到您正在使用的教程。它已经在做同样的事情。您可以尝试为 token 添加到期日期吗?错误消息说 token 没有过期。

private async Task<object> GenerateJwtToken(string email, IdentityUser user)
{
    var claims = new List<Claim>
    {
        new Claim(JwtRegisteredClaimNames.Sub, email),
        new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
        new Claim(ClaimTypes.NameIdentifier, user.Id)
    };

    var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JwtKey"]));
    var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
    // var expires = DateTime.Now.AddDays(Convert.ToDouble(_configuration["JwtExpiresDays"]));
    Console.WriteLine("hello");

    var token = new JwtSecurityToken(
        _configuration["JwtIssuer"],
        _configuration["JwtIssuer"],
        claims,
        expires: DatimeTime.UtcNow.AddHours(1), // or smth else
        signingCredentials: creds
    );

编辑:我的第一个答案也是问题的部分原因,但还没有。实际问题是 services.AddIdentity<,>可以看到添加 cookie 身份验证 here .如果您坚持使用 asp.net-identity,则必须进行一些更改。可以找到一个例子here .

旧: 您的身份验证不起作用,因为您在 mvc 之后添加了身份验证。随便翻一下

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ApplicationDbContext dbContext)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseHsts();
    }

    // app.UseHttpsRedirection();
    app.UseAuthentication();
    app.UseMvc();

    // ensure tables are created
    dbContext.Database.EnsureCreated();
}

关于c# - 即使包含不记名 token ,Net Core API 也会返回 401,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51558915/

25 4 0
文章推荐: c# - unity GetComponent 返回值
文章推荐: c# - 多个 REST API 方法可以共享同一个 Controller 类吗?
文章推荐: c# - 获取在C#中进入控制台输入所花费的时间
文章推荐: matlab - 如何在 MATLAB 的函数内创建 GUI?
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com