c# - 此请求的授权已被拒绝:JWT Bearer
问题描述
我正在使用 JWT 在我的 Asp.net Web Api 中处理身份验证/授权。我用 [Authorize] 装饰了我的差异控制器。每次我拨打电话时,此消息都是 Send :Authorization has been denied for this request。
这是我的一个控制器的示例:
[System.Web.Http.Route("api/MyParticipations")]
[System.Web.Http.HttpGet]
[System.Web.Http.ActionName("XAMARIN_SelectMyEvent")]
[Authorize]
public HttpResponseMessage Xamarin_SelectMyEvents()
{
string token = Request.Headers.Authorization.ToString();
string resultToken = Utils.Util.ValidateToken(token);
if (resultToken == null)
{
return Request.CreateResponse(HttpStatusCode.NotFound, "Your session has expired");
}
int userId = Int32.Parse(resultToken);
var MyEvents = db.getMyEvents(userId);
if (MyEvents == null)
{
return Request.CreateResponse(HttpStatusCode.NotFound, "No Events available");
}
else
{
return Request.CreateResponse(HttpStatusCode.Accepted, MyEvents);
}
}
这是我的启动类:
public IConfiguration _Configuration { get; }
public Startup(IConfiguration configuration)
{
_Configuration = configuration;
}
public Startup()
{
}
public void Configuration(IAppBuilder app)
{
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseAuthentication();
app.UseMvc();
}
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(_Configuration[System.Web.Configuration.WebConfigurationManager.AppSettings["JWTKEY"]]))
};
});
services.AddMvc();
}
我没有成功解决的一个小问题是启动类中的空构造函数。如果我删除它,我会收到一条错误消息:“没有没有为此对象定义的参数的构造函数 owin”。
这是我生成和验证 JWT 的代码:
private static string Secret = System.Web.Configuration.WebConfigurationManager.AppSettings["JWTKEY"];
public static string GenerateToken(int userId)
{
byte[] key = Convert.FromBase64String(Secret);
SymmetricSecurityKey securityKey = new SymmetricSecurityKey(key);
SecurityTokenDescriptor descriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[] {
new Claim(ClaimTypes.PrimarySid, userId.ToString())}),
Expires = DateTime.UtcNow.AddDays(3),
SigningCredentials = new SigningCredentials(securityKey,
SecurityAlgorithms.HmacSha256Signature)
};
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
JwtSecurityToken token = handler.CreateJwtSecurityToken(descriptor);
return handler.WriteToken(token);
}
public static ClaimsPrincipal GetPrincipal(string token)
{
try
{
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken jwtToken = (JwtSecurityToken)tokenHandler.ReadToken(token);
if (jwtToken == null)
return null;
byte[] key = Convert.FromBase64String(Secret);
TokenValidationParameters parameters = new TokenValidationParameters()
{
RequireExpirationTime = true,
ValidateIssuer = false,
ValidateAudience = false,
IssuerSigningKey = new SymmetricSecurityKey(key)
};
SecurityToken securityToken;
ClaimsPrincipal principal = tokenHandler.ValidateToken(token,
parameters, out securityToken);
return principal;
}
catch (Exception e)
{
return null;
}
}
public static string ValidateToken(string token)
{
string userId = null;
ClaimsPrincipal principal = GetPrincipal(token);
if (principal == null)
return null;
ClaimsIdentity identity = null;
try
{
identity = (ClaimsIdentity)principal.Identity;
}
catch (NullReferenceException)
{
return null;
}
Claim usernameClaim = identity.FindFirst(ClaimTypes.PrimarySid);
userId = usernameClaim.Value;
return userId;
}
谁能看到这段代码有什么问题?我看过其他主题,但没有一个给我解决方案。
谢谢阅读,
绝望的学生
解决方案
确保您正在执行以下所有步骤:
- 用户提供凭据(客户端)
- 凭据被批准(服务器端)
- 生成令牌(服务器端)
- 令牌发送到客户端(服务器端)
- 客户端收到令牌并将其添加
Authorization Header
到后续请求的标头中,其值为“Bearer GeneratedToken”(例如Authorizarion : "Bearer eyJhbGci..."
)(客户端)
推荐阅读
- powershell - 在 PowerShell 中替换 word doc 中的多个字符串
- python - 根据列值拆分数据框
- ios - 我可以使用 ios Framework CallKit 在 iPhone 内置电话 aap 中显示被叫名称吗?
- java - Firebase .removeValue() 自动添加已删除的元素
- java - 为什么线程“main”java.util.NoSuchElementException中出现此错误异常:
- c# - 将 cookie 从当前 HttpContext 传输到新创建的 HttpClient 请求的简单方法
- android - 通知图标有时会变灰,但有时会起作用
- ruby-on-rails - rails-vim 状态行在生成资源后显示 `(1 of n): create`
- matlab - 如何在球面上生成一个随机点?
- python - 蟒蛇钥匙。钥匙