摘要:今天在.NET项目中,使用基于策略角色的鉴权时,遇到一个401的问题,场景如下:
今天在.NET项目中,使用基于策略角色的鉴权时,遇到一个401的问题,场景如下:
Program.cs代码如下:
using Microsoft.AspNetCore.Authentication.JwtBearer;using Microsoft.AspNetCore.Mvc;using Microsoft.Extensions.Options;using Microsoft.IdentityModel.Tokens;using System.IdentityModel.Tokens.Jwt;using System.Security.Claims;using System.Text;var builder = WebApplication.CreateBuilder(args);var authConfig = new AuthConfig;builder.Configuration.Bind("AuthConfig", authConfig);builder.Services.AddSingleton(authConfig);builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, opt =>{ opt.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(authConfig.SecurityKey)), ValidateIssuer = true, ValidIssuer = authConfig.Issuer, ValidateAudience = true, ValidAudience = authConfig.Audience, ClockSkew = TimeSpan.Zero, RequireExpirationTime = true, ValidAlgorithms = new { SecurityAlgorithms.HmacSha512 } };});builder.Services.AddAuthorization(opt =>{ opt.AddPolicy("rolevalidate", policy => policy.RequireRole("user"));});var app = builder.Build;app.UseAuthentication;app.UseAuthorization;app.MapPost("/login", ([FromServices] AuthConfig config, [FromBody] UserModel userModel) =>{ if (userModel.UserName != "gsw" || userModel.Password != "111111") { return new { result = false, message = "用户名或密码错误!", token = "" }; } else { var token = new JwtSecurityTokenHandler.WriteToken(new JwtSecurityToken( issuer: config.Issuer, audience: config.Audience, claims: new { new Claim(ClaimTypes.Role, "user") }, notBefore: DateTime.UtcNow, expires: DateTime.UtcNow.AddSeconds(config.Expires), signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(config.SecurityKey)), SecurityAlgorithms.HmacSha512) )); return new { result = true, message = "", token = token }; }}).AllowAnonymous;app.MapGet("/index", =>{ return "登录成功!";}).RequireAuthorization("rolevalidate");app.Run;public class AuthConfig{ public string Issuer { get; set; } public string Audience { get; set; } public int Expires { get; set; } public string SecurityKey { get; set; }}public class UserModel{ public string UserName { get; set; } public string Password { get; set; }}appsettings.json内容如下:
{ "Logging": { "LogLevel": { "Default": "Information", "Microsoft.AspNetCore": "Information" } }, "AllowedHosts": "*", "AuthConfig": { "Issuer": "https://www.demo.com", "Audience": "https://www.demo.com", "Expires": 86400, "SecurityKey": "1234567890abcdefg1234567890abcdefg1234567890abcdefg1234567890abcdefg" }}引入的Nuget包如下(Microsoft.IdentityModel.Tokens包是因为觉得可传递包比较旧,升上来的):
测试开始,先登录,成功返回Token:
然后访问/index,遇到了401的报错。
一开始以为在注AddAuthentication和AddAuthorization的姿势不对,重写尝试了一段时间,总是不成功。逐渐感觉到不是这里的原因,于是想通过日志,把失败的原因找出来,方便深入分析,于是开启Microsoft.AspNetCore.Authentication.JwtBearer的日 志,在appsettings.json的LogLevel下,添加如下配置:
"Microsoft.AspNetCore.Authentication.JwtBearer": "Information"再次请求/index,错误日志如下:
最后定位到可能是Microsoft.IdentityModel.Tokens的问题,于是删除安装的版本,相当于给它降级,因类可传递的版本是8.0.1。
再次测试,正常通过!
来源:opendotnet
免责声明:本站系转载,并不代表本网赞同其观点和对其真实性负责。如涉及作品内容、版权和其它问题,请在30日内与本站联系,我们将在第一时间删除内容!