Question

Токен jwt проверяется, но атрибут Authorize (простое использование, роли не указаны и т. Д.) По-прежнему блокирует запрос. Обратите внимание, что у меня нет кода, который управлял бы поведением AutorizeAttribute (поэтому все должно идти в соответствии с тем, что имеет фреймворк)

Из журналов:

Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:55000/api/Companies/GetSummaries  
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Route matched with {action = "GetSummaries", controller = "Companies"}. Executing action MyTestApplication.Controllers.Companies.CompaniesController.GetSummaries (MyTestApplication)
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: Successfully validated the token.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: AuthenticationScheme: Bearer was challenged.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action MyTestApplication.Controllers.Companies.CompaniesController.GetSummaries (MyTestApplication) in 16.5934ms
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 25.4438ms 401 
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:55000/api/Customers/Get?includeInactive=false  
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Route matched with {action = "Get", controller = "Customers"}. Executing action MyTestApplication.Controllers.Customers.CustomersController.Get (MyTestApplication)
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: Successfully validated the token.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: AuthenticationScheme: Bearer was challenged.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action MyTestApplication.Controllers.Customers.CustomersController.Get (MyTestApplication) in 9.6949ms
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 20.3964ms 401 
The thread 0x4764 has exited with code 0 (0x0).

Конфигурация Jwt при запуске приложения (не уверен, поможет ли это, как кажется, работает):

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, jwtBearerOptions =>
    {
        var keyBytes = Encoding.UTF8.GetBytes(JwtTokenCreator.Secret);

        jwtBearerOptions.IncludeErrorDetails = true;

        jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(keyBytes),

                ValidateIssuer = true,
                ValidIssuer = JwtTokenCreator.AppIssuer,

                ValidateAudience = true,
                ValidAudience = JwtTokenCreator.AppAudience,

                ValidateLifetime = true, 

                ClockSkew = TimeSpan.FromMinutes(JwtTokenCreator.ExpirationTimeInMinutes)                                            
    };
});

Также поколение токенов:

public string GenerateToken(Guid sessionId)
{
        var symmetricKey = Encoding.UTF8.GetBytes(Secret);

        var now = DateTime.UtcNow;
        var tokenDescriptor = new SecurityTokenDescriptor
        {
                Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, sessionId.ToString()), new Claim(ClaimTypes.Role,"User") }),

                Expires = now.AddMinutes(ExpirationTimeInMinutes),
                Audience = AppAudience,
                Issuer = AppIssuer,

                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(symmetricKey), SecurityAlgorithms.HmacSha256)

        };

        var stoken = tokenHandler.CreateToken(tokenDescriptor);
        var token = tokenHandler.WriteToken(stoken);
        return token;
}

Asp.Net core 2.1 AuthorizeAttribute завершается неудачно [использование jwt для аутентификации, которая, кажется, проходит]

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

Ответы [ 0 ]

Asp.Net core 2.1 AuthorizeAttribute завершается неудачно [использование jwt для аутентификации, которая, кажется, проходит]

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

Ответы [ 0 ]

Нет похожих вопросов