jwt – ASP.NET 5 OAuthBearerAuthentication：以下认证方案未被接受：承载

发布时间：2020-05-23 04:56:10 所属栏目：asp.Net 来源：互联网

导读：更新： Pinpoint帮助我把这个原型放在发射台上 – 我非常接近,除了：我需要根据these instructions升级到beta6 SDK.Global.json现在显示如下： { projects: [ src, test ], sdk: { version: 1.0.0-beta6 }} 我更新了project.json中的引用： {

更新：

Pinpoint帮助我把这个原型放在发射台上 – 我非常接近,除了：

>我需要根据these instructions升级到beta6 SDK.Global.json现在显示如下：

{
  "projects": [ "src","test" ],"sdk": {
    "version": "1.0.0-beta6"
  }
}

>我更新了project.json中的引用：

{
  "webroot": "wwwroot","version": "1.0.0-*","dependencies": {
    "Microsoft.AspNet.Mvc": "6.0.0-beta6","Microsoft.AspNet.Server.IIS": "1.0.0-beta6","Microsoft.AspNet.Server.WebListener": "1.0.0-beta6","Microsoft.AspNet.StaticFiles": "1.0.0-beta6","System.IdentityModel.Tokens": "5.0.0-beta6-207211625","Serilog.Framework.Logging": "1.0.0-beta-43","Microsoft.AspNet.Authentication.OAuthBearer": "1.0.0-beta6"
  },"commands": {
    "web": "Microsoft.AspNet.Hosting --config hosting.ini"
  },"frameworks": {
    "dnx451": { }
  },"exclude": [
    "wwwroot","node_modules","bower_components"
  ],"publishExclude": [
    "node_modules","bower_components","**.xproj","**.user","**.vspscc"
  ]
}

>启动配置方法中的中间件顺序很重要. USEOAuthBearerAuthentication需要在UseMvc之前使用. Startup.cs中的Configure方法现在显示如下：

public void Configure(IApplicationBuilder app,IHostingEnvironment env)
{
    app.USEOAuthBearerAuthentication();      

    app.UseMvc();
}

我正在使用ASP.NET 5,并试图实现一个非常简单的概念证明来生成和使用JWT令牌.我已经阅读了文章here,here和here,但this one最符合我的需求.

为此,我非常仔细地阅读文章,重新阅读,内部化所有的评论,然后站起来一个简单的例子.我现在可以生成一个JWT令牌,但是当我尝试使用授权属性[Authorize(“Bearer”)]来调用我的控制器操作时,我收到以下消息：

The following authentication scheme was not accepted: Bearer

由于我没有看到如何做到这一点的高保真A到Z的例子,请考虑以下步骤来重现：

>在Visual Studio 2015中创建一个新的Web API项目(我正在使用Enterprise),选择“新建项目… Web … ASP.NET Web应用程序”,然后选择“ASP.NET 5”下的“Web API”选项预览模板“
>使用beta 5 SDK,global.json如下所示：

{
  "projects": [ "src","sdk": {
    "version": "1.0.0-beta5","runtime": "clr","architecture": "x86"
  }
}

>引入JWT令牌所需的依赖项,project.json如下所示：

{
    "webroot": "wwwroot","dependencies": {
        "Microsoft.AspNet.Mvc": "6.0.0-beta6","System.IdentityModel.Tokens": "5.0.0-beta5-206011020","Microsoft.AspNet.Authentication.OAuthBearer": "1.0.0-beta5"
    },"commands": {
        "web": "Microsoft.AspNet.Hosting --config hosting.ini"
    },"frameworks": {
        "dnx451": { }
    },"exclude": [
        "wwwroot","bower_components"
    ],"publishExclude": [
        "node_modules","**.vspscc"
    ]
}

> Startup.cs(这是不适合生产的示例)

public class Startup
{
    const string        _TokenIssuer        = "contoso.com"             ;
    const string        _TokenAudience      = "contoso.com/resources"   ;
    RsaSecurityKey      _key                = null                      ;
    SigningCredentials  _signingCredentials = null                      ;

    public Startup(IHostingEnvironment env)
    {
        GenerateRsaKeys();
    }

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddInstance(_signingCredentials);

        services.ConfigureOAuthBearerAuthentication
        (
            options =>
            {
                options.AutomaticAuthentication = true;
                options.TokenValidationParameters.IssuerSigningKey  = _key          ;
                options.TokenValidationParameters.ValidAudience     = _TokenAudience;
                options.TokenValidationParameters.ValidIssuer       = _TokenIssuer  ;
            }
        );

        services.ConfigureAuthorization
        (
            options =>
            {
                options.
                AddPolicy
                (
                    "Bearer",new AuthorizationPolicyBuilder().
                        AddAuthenticationSchemes(OAuthBearerAuthenticationDefaults.AuthenticationScheme).
                        RequireAuthenticatedUser().
                        Build()
                );
            }
        );

        services.AddMvc();
    }

    public void Configure(IApplicationBuilder app,IHostingEnvironment env,ILoggerFactory loggerfactory)
    {
        app.UseMvc();

        app.USEOAuthBearerAuthentication();
    }

    void GenerateRsaKeys()
    {
        using(RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048))
        {
            _key = new RsaSecurityKey(rsa.ExportParameters(true));

            _signingCredentials = 
                new SigningCredentials
                (
                    _key,SecurityAlgorithms.RsaSha256Signature,SecurityAlgorithms.Sha256Digest,"secret"
                );

            rsa.PersistKeyInCsp = false;
        }
    }
}

>一些型号：

Credentials.cs

public class Credentials
{
    public string user { set;get;}
    public string password { set;get;}
}

JwtToken.cs

public class JwtToken
{
    public string access_token  { set; get; }
    public string token_type    { set; get; }
}

>用于提取令牌的令牌控制器(这是不适合生产的示例),TokenController.cs：

[ Route("[controller]") ]
public class TokenController : Controller
{
    private readonly OAuthBearerAuthenticationOptions   _bearerOptions      ;
    private readonly SigningCredentials                 _signingCredentials ;

    public TokenController
    (
        IOptions<OAuthBearerAuthenticationOptions>  bearerOptions,SigningCredentials                          signingCredentials
    )
    {
        _bearerOptions      = bearerOptions.Options ;
        _signingCredentials = signingCredentials    ;
    }

    // POST: /token
    [HttpPost()]
    public JwtToken Token([FromBody] Credentials credentials)
    {
        // Pretend to validate credentials...

        JwtSecurityTokenHandler handler = 
            _bearerOptions                      .
            SecurityTokenValidators             .
            OfType<JwtSecurityTokenHandler>()   .
            First();

        JwtSecurityToken securityToken = 
            handler     .
            CreateToken
            (
                issuer              : _bearerOptions.TokenValidationParameters.ValidIssuer,audience            : _bearerOptions.TokenValidationParameters.ValidAudience,signingCredentials  : _signingCredentials,subject             : new ClaimsIdentity
                (
                    new Claim [] 
                    {
                        new Claim(ClaimTypes.Name,"somebody"),new Claim(ClaimTypes.Role,"admin"   ),"teacher" ),}
                ),expires             : DateTime.Today.AddDays(1)
            );

        string token = handler.WriteToken(securityToken);

        return new JwtToken()
        {
            access_token    = token,token_type      = "bearer"
        };
    }
}

>一个值控制器来演示摄取令牌ValuesController.cs：

[Route("api/[controller]")]
public class ValuesController : Controller
{
    // GET: api/values
    [Authorize("Bearer")]
    [HttpGet]
    public IEnumerable<string> Get()
    {
        return new string[] { "value1","value2" };
    }

    // GET api/values/5
    [HttpGet("{id}")]
    public string Get(int id)
    {
        return "value";
    }
}

>启动postman(或您最喜欢的REST客户端)的副本,在Visual Studio下启动示例应用程序,并使用与JSON主体类似的http：// localhost：22553 / token /

{
    "user" : "user","password" : "secret"
}

该应用程序使用令牌进行响应：

{
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6bnVsbH0.eyJ1bmlxdWVfbmFtZSI6InNvbWVib2R5Iiwicm9sZSI6WyJhZG1pbiIsInRlYWNoZXIiXSwiaXNzIjoiY29udG9zby5jb20iLCJhdWQiOiJjb250b3NvLmNvbS9yZXNvdXJjZXMiLCJleHAiOjE0Mzk1MzU2MDB9.anRgL10XFG_bKDDxY3D2xQSfhPRLGMjUTreQNsP1jDA6eRKwXHf3jtpCwm_saoWyUDFFA2TMI9e_LbP6F5l7vtozCluziE_GQkPkspUSWuWIpQJLPRTTPPZHGKmPmK4MLEl1zPPrggJWbvF9RBw3mMQ0KoMfjSL0vUQ8kZ7VXAel8dnYJccd-CFdnB6aDe79x2E9Se2iLxdhr--R_qgvfz1Fa6tR1dstqLQ-UjYqPWY4SOgBjM3abtjfLLVEzeQMVyezX7Cx9ObMXAGbGvQL6GB_T5RlfAoXWME4jM8Bzhd-07wwd732bBws4OXivj1sSz-qawNTnXmnuccLRtI1uA","token_type": "bearer"
}

（编辑：安卓应用网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!