gpt4 book ai didi

asp.net-core - options.AutomaticAuthenticate 和 UseJwtBearerAuthentication 的用途

转载 作者:行者123 更新时间:2023-12-01 19:12:55 35 4
gpt4 key购买 nike

将代码库从 ASP 5 beta 7 更新到 RC1-final 后,我开始从 JwtBearer 中间件收到此异常

Unable to cast object of type 'Newtonsoft.Json.Linq.JArray' to type 'System.IConvertible'.

到目前为止我看到的决定因素似乎是 options.AutomaticAuthenticate 的设置。如果它是true,那么我会得到异常,否则,我不会。

什么是AutomaticAuthenticate?为什么我需要启用它?

    app.UseJwtBearerAuthentication(options =>
{
options.AutomaticAuthenticate = true;
}

这是完整的堆栈跟踪:

at System.Convert.ToInt32(Object value, IFormatProvider provider)
at System.IdentityModel.Tokens.Jwt.JwtPayload.GetIntClaim(String claimType)
at System.IdentityModel.Tokens.Jwt.JwtPayload.get_Nbf()
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNet.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNet.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Microsoft.AspNet.Authentication.AuthenticationHandler`1.<InitializeAsync>d__48.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.AspNet.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Api.Startup.<<Configure>b__9_0>d.MoveNext() in ...\Startup.cs:line 156

更新根本原因

我们的代码库正在为 nbf、exp 和 iat 创建重复的声明。这解释了为什么 get_Nbf 出现在堆栈跟踪中以及对“JArray”的提示,因为每个值都是数组而不是值。

最佳答案

如果它设置为true,那么中间件将在每个入站请求上运行,查找 JWT token ,如果存在,它将验证它,如果有效,则从中创建一个身份并添加给当前用户。

如果 false 没有发生,您需要通过在授权属性中指定承载方案来请求中间件设置身份。

[Authorize(AuthenticationSchemes = "YourBearerSchemeName")]

或者你在政策中设置了这个;

options.AddPolicy("RequireBearer", policy =>
{
policy.AuthenticationSchemes.Add("YourBearerSchemeName");
policy.RequireAuthenticatedUser();

});

因此,通过将其设置为 false,在您请求之前,您实际上并没有运行承载内容,您只是将异常推迟到以后。

关于asp.net-core - options.AutomaticAuthenticate 和 UseJwtBearerAuthentication 的用途,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34915433/

35 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com