时间戳

首页 > 解决方案 > 此请求的授权已被拒绝:JWT Bearer

c# - 此请求的授权已被拒绝:JWT Bearer

问题描述

我正在使用 JWT 在我的 Asp.net Web Api 中处理身份验证/授权。我用 [Authorize] 装饰了我的差异控制器。每次我拨打电话时,此消息都是 Send :Authorization has been denied for this request。

这是我的一个控制器的示例:

    [System.Web.Http.Route("api/MyParticipations")]
    [System.Web.Http.HttpGet]
    [System.Web.Http.ActionName("XAMARIN_SelectMyEvent")]
    [Authorize]
    public HttpResponseMessage Xamarin_SelectMyEvents()
    {
        string token = Request.Headers.Authorization.ToString();
        string resultToken = Utils.Util.ValidateToken(token);
        if (resultToken == null)
        {
            return Request.CreateResponse(HttpStatusCode.NotFound, "Your session has expired");
        }
        int userId = Int32.Parse(resultToken);
        var MyEvents = db.getMyEvents(userId);
        if (MyEvents == null)
        {
            return Request.CreateResponse(HttpStatusCode.NotFound, "No Events available");
        }
        else
        {
            return Request.CreateResponse(HttpStatusCode.Accepted, MyEvents);
        }
    }

这是我的启动类:

    public IConfiguration _Configuration { get; }

    public Startup(IConfiguration configuration)
    {
        _Configuration = configuration;
    }
    public Startup()
    {

    }
    public void Configuration(IAppBuilder app)
    {
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888
    }
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        app.UseAuthentication();
        app.UseMvc();
    }
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options =>
            {
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateLifetime = true,
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = new SymmetricSecurityKey(
                        Encoding.UTF8.GetBytes(_Configuration[System.Web.Configuration.WebConfigurationManager.AppSettings["JWTKEY"]]))
                };
            });
        services.AddMvc();
    }

我没有成功解决的一个小问题是启动类中的空构造函数。如果我删除它,我会收到一条错误消息:“没有没有为此对象定义的参数的构造函数 owin”。

这是我生成和验证 JWT 的代码:

private static string Secret = System.Web.Configuration.WebConfigurationManager.AppSettings["JWTKEY"];

    public static string GenerateToken(int userId)
    {
        byte[] key = Convert.FromBase64String(Secret);
        SymmetricSecurityKey securityKey = new SymmetricSecurityKey(key);
        SecurityTokenDescriptor descriptor = new SecurityTokenDescriptor
        {
            Subject = new ClaimsIdentity(new[] {
                  new Claim(ClaimTypes.PrimarySid, userId.ToString())}),
            Expires = DateTime.UtcNow.AddDays(3),
            SigningCredentials = new SigningCredentials(securityKey,
            SecurityAlgorithms.HmacSha256Signature)
        };

        JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
        JwtSecurityToken token = handler.CreateJwtSecurityToken(descriptor);
        return handler.WriteToken(token);
    }

    public static ClaimsPrincipal GetPrincipal(string token)
    {
        try
        {
            JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
            JwtSecurityToken jwtToken = (JwtSecurityToken)tokenHandler.ReadToken(token);
            if (jwtToken == null)
                return null;
            byte[] key = Convert.FromBase64String(Secret);
            TokenValidationParameters parameters = new TokenValidationParameters()
            {
                RequireExpirationTime = true,
                ValidateIssuer = false,
                ValidateAudience = false,
                IssuerSigningKey = new SymmetricSecurityKey(key)
            };
            SecurityToken securityToken;
            ClaimsPrincipal principal = tokenHandler.ValidateToken(token,
                  parameters, out securityToken);
            return principal;
        }
        catch (Exception e)
        {
            return null;
        }
    }
    public static string ValidateToken(string token)
    {
        string userId = null;
        ClaimsPrincipal principal = GetPrincipal(token);
        if (principal == null)
            return null;
        ClaimsIdentity identity = null;
        try
        {
            identity = (ClaimsIdentity)principal.Identity;
        }
        catch (NullReferenceException)
        {
            return null;
        }
        Claim usernameClaim = identity.FindFirst(ClaimTypes.PrimarySid);
        userId = usernameClaim.Value;
        return userId;
    }

谁能看到这段代码有什么问题?我看过其他主题,但没有一个给我解决方案。

谢谢阅读,

绝望的学生

标签: c#asp.netjwtowinbearer-token

解决方案

确保您正在执行以下所有步骤:

  1. 用户提供凭据(客户端)
  2. 凭据被批准(服务器端)
  3. 生成令牌(服务器端)
  4. 令牌发送到客户端(服务器端)
  5. 客户端收到令牌并将其添加Authorization Header到后续请求的标头中,其值为“Bearer GeneratedToken”(例如Authorizarion : "Bearer eyJhbGci...")(客户端)

推荐阅读