azure - 在 Azure 中运行应用服务时 JWT 声明丢失
问题描述
最近实现了 Asp.net core 2.0 WEB Api。在我的本地开发环境中运行良好。但是......当我部署到 AZURE 时,我发现我的 JWT 访问令牌不包含颁发者和受众声明,因此我得到 401 Unauthorized with:Bearer error="invalid_token", error_description="The Audience is invalid"。在我的本地机器上生成的 JWT 有:(由 jwt.io 提供)
{
"http://schemas.xmlsoap.org/...": "Rory@gspin.com",
"sub": "Rory@gspin.com",
"given_name": "Rory",
"family_name": "McGilroy",
"email": "Rory@gspin.com",
"jti": "3875f83d-eb93-4d45-8507-795a0cb7e3e4",
"iat": 1533506381,
"rol": "api_access",
"id": "420990b2-4747-4c3c-ae0f-ccbbc4dfe521",
"nbf": 1533506381,
"exp": 1533513581,
"iss": "gspin.com",
"aud": "https://www.gspin.com"
}
但是在将相同的应用程序部署到 AZURE APP 服务后,我的访问令牌包含以下内容:
{
"http://schemas.xmlsoap.org/...": "billyttom@fido.com",
"sub": "billyttom@fido.com",
"given_name": "billy mark tom",
"family_name": "last",
"email": "billyttom@fido.com",
"jti": "0d34a03f-31ae-45aa-9ace-004d5916b430",
"iat": 1533498384,
"rol": "api_access",
"id": "5485d641-974b-4f60-ade6-35c048503701",
"nbf": 1533498383,
"exp": 1533505583
}
缺少iss和aud ???
知道为什么当它们被定义并出现在本地机器/Visual Studio env 上生成的 Token 中时部署到 azure 时会被丢弃吗?
My Code is : public async Task<string> GenerateEncodedToken(string
userName, ClaimsIdentity identity, UserManager<GSIdentityUser> _userManager)
{
var user = await _userManager.FindByNameAsync(userName);
var userClaims = await _userManager.GetClaimsAsync(user);
var claims = new[]
{
new Claim(ClaimTypes.Name, userName),
new Claim(JwtRegisteredClaimNames.Sub, userName),
new Claim(JwtRegisteredClaimNames.GivenName, user.FirstName),
new Claim(JwtRegisteredClaimNames.FamilyName, user.LastName),
new Claim(JwtRegisteredClaimNames.Email, user.Email), /// same as username
new Claim(JwtRegisteredClaimNames.Jti, await _jwtOptions.JtiGenerator()), // the uniqueness claim is a GUID
new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(_jwtOptions.IssuedAt).ToString(), ClaimValueTypes.Integer64),
identity.FindFirst(Helpers.Constants.Strings.JwtClaimIdentifiers.Rol),
identity.FindFirst(Helpers.Constants.Strings.JwtClaimIdentifiers.Id)
};
// Create the JWT security token and encode it.
var jwt = new JwtSecurityToken(
issuer: _jwtOptions.Issuer,
audience: _jwtOptions.Audience,
claims: claims,
notBefore: _jwtOptions.NotBefore,
expires: _jwtOptions.Expiration,
signingCredentials: _jwtOptions.SigningCredentials);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
return encodedJwt;
}
public ClaimsIdentity GenerateClaimsIdentity(string userName, string id)
{
return new ClaimsIdentity(new GenericIdentity(userName, "Token"), new[]
{
new Claim(Helpers.Constants.Strings.JwtClaimIdentifiers.Id, id),
new Claim(Helpers.Constants.Strings.JwtClaimIdentifiers.Rol, Helpers.Constants.Strings.JwtClaims.ApiAccess)
});
}
Also in ConfigureServices i have :
services.Configure<JwtIssuerOptions>(options =>
{
options.Issuer = Configuration["JwtIssuerOptions:Issuer"];
options.Audience=Configuration["JwtIssuerOptions:Audience"];
options.SigningCredentials = new SigningCredentials(_signingKey,
SecurityAlgorithms.HmacSha256);
});
解决方案
推荐阅读
- javascript - Fabric JS缩放多个对象并将其在画布上居中而不缩放画布
- python - Snakemake:修剪包装器属性错误
- git - git svn fetch 已运行超过 3 周,但未在日志中显示修订
- java - 如何在堆栈对象中搜索一对的值?
- arrays - 从列标题创建 VBA 数组?
- php - 如何在 php 中删除小于当前日期的 txt 文件中的行
- android - 制作最终“排气”Jetpack Compose 的列、行设置
- javascript - Javascript groupBy 实现只产生 1 个组
- python - 返回布尔值时的语法错误
- java - 检查 List 中是否出现 boolean = true 的对象