c# - ASP 核心 API 2.2。RequireClaim 和 RequireAuthenticatedUser 策略不起作用
问题描述
ASP 核心 2.2 API。我有 2 个政策:
services.AddAuthorization(options => {
options.AddPolicy("RequireClientClaim", policy => policy.RequireAuthenticatedUser().RequireClaim("Client"));
options.AddPolicy("AllAuthenticated", policy => policy.RequireAuthenticatedUser());
});
“RequireClientClaim”不允许任何用户,即使有客户声明。声明从数据库中获取并添加到 JWT 令牌中。令牌通过授权发回:Bearer xxxx 标头。我可以在 context.HttpContext.User.Claims 中用户的下一个请求中看到此声明:
“AllAuthenticated”允许每个人:) 所以我想这里有些东西很糟糕。
[HttpPost, Route("refresh")]
[Authorize(Policy = "AllAuthenticated")]
public async Task<IActionResult> ActionName(){}
我没有在过滤器中放置任何策略,因为我的策略并不适用于所有控制器和操作。启动.cs
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.SpaServices.AngularCli;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.AspNetCore.ResponseCompression;
using Microsoft.IdentityModel.Tokens;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using System.Linq;
using System.IO.Compression;
using System.Text;
using Scrutor;
using MediatR;
using System.Reflection;
using xxxxxxx.Features.shared;
using Newtonsoft.Json.Serialization;
using Swashbuckle.AspNetCore.Swagger;
using System.IO;
using Microsoft.AspNetCore.Rewrite;
using System.Globalization;
using Microsoft.AspNetCore.Localization;
using System.Collections.Generic;
using AspNetCore.Identity.Dapper;
using Microsoft.AspNetCore.Identity;
using ConnectionsManager;
namespace xxxxxx
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddNodeServices(options =>
{
options.ProjectPath = Path.Combine(Directory.GetCurrentDirectory(), "App");
});
services.AddLazyCache();
services.AddResponseCompression();
services.Configure<GzipCompressionProviderOptions>(options =>
{
options.Level = CompressionLevel.Fastest;
});
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = null,
ValidAudience = null,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("xxxxxxxxx"))
};
});
services.AddCors(options =>
{
options.AddPolicy("EnableCORS", builder =>
{
builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().AllowCredentials().Build();
});
});
var connectionString = DbConnectionsManager.GetConnectionStringToSqlDB();
services.Configure<IdentityOptions>(options => {
options.Password.RequireDigit = false;
options.Password.RequiredLength = 4;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, -._@+ñÑçÇäëïöüâêîôûáéíóúàèìòùÄËÏÖÜÂÊÎÔÛÁÉÍÓÚÀÈÌÒÙ";
});
services.AddIdentity<ApplicationUser, ApplicationRole>()
.AddUserManager<UserManager<ApplicationUser>>()
.AddRoles<ApplicationRole>()
.AddRoleManager<RoleManager<ApplicationRole>>()
.AddSignInManager<SignInManager<ApplicationUser>>()
.AddDapperStores(connectionString)
.AddDefaultTokenProviders();
services.AddMvc(config =>
{
config.Filters.Add<CurrentUserFilter>();
config.Filters.Add(new UserLanguageFilter());
})
.SetCompatibilityVersion(CompatibilityVersion.Version_2_2)
.AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());
services.AddAuthorization(options => {
options.AddPolicy("RequireClientClaim", policy => policy.RequireAuthenticatedUser().RequireClaim("Client"));
options.AddPolicy("AllAuthenticated", policy => policy.RequireAuthenticatedUser());
});
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "App/dist";
});
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info { Title = "XXXXXXXXX", Version = "v1" });
});
services.Scan(scan => scan
.FromAssembliesOf(typeof(SapViewsProxyDBLoaders.SimilarItemsSapViewLoader))
.AddClasses()
.UsingRegistrationStrategy(RegistrationStrategy.Skip)
.AsImplementedInterfaces()
.WithSingletonLifetime());
services.Scan(scan => scan
.FromCallingAssembly()
.AddClasses()
.UsingRegistrationStrategy(RegistrationStrategy.Skip)
.AsImplementedInterfaces()
.WithTransientLifetime());
services.Scan(scan => scan
.FromAssembliesOf(typeof(SapDataProvider.SapDataProvider),
typeof(ConnectionsManager.SapConfiguration),
typeof(FeaturesLogs.Products.PriceRequestLogger))
.AddClasses()
.UsingRegistrationStrategy(RegistrationStrategy.Skip)
.AsImplementedInterfaces()
.WithTransientLifetime());
services.AddMediatR(typeof(Startup).GetTypeInfo().Assembly);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseResponseCompression();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseAuthentication();
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "xxxx");
});
var defaultDateCulture = "es-ES";
var ci = new CultureInfo(defaultDateCulture);
ci.NumberFormat.NumberDecimalSeparator = ".";
ci.NumberFormat.CurrencyDecimalSeparator = ".";
// Configure the Localization middleware
app.UseRequestLocalization(new RequestLocalizationOptions {
DefaultRequestCulture = new RequestCulture(ci),
SupportedCultures = new List<CultureInfo>
{
ci,
},
SupportedUICultures = new List<CultureInfo>
{
ci,
}
});
app.UseRewriter(new RewriteOptions()
.AddRedirect("index.html", "/"));
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action=Index}/{id?}");
});
app.UseCors("EnableCORS");
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
spa.UseSpaPrerendering(options =>
{
options.BootModulePath = $"{spa.Options.SourcePath}/dist-server/main.js";
options.BootModuleBuilder = env.IsDevelopment()
? new AngularCliBuilder(npmScript: "build:ssr")
: null;
options.ExcludeUrls = new[] { "/sockjs-node" };
});
if (env.IsDevelopment())
{
spa.UseAngularCliServer(npmScript: "start");
}
});
}
}
}
解决方案
的第一个参数RequireClaim应该是claimType:
public AuthorizationPolicyBuilder RequireClaim(string claimType, params string[] requiredValues);
如果你想限制clientrole( http://schemas.microsoft.com/ws/2008/06/identity/claims/role) 类型的值,策略会喜欢:
options.AddPolicy("RequireClientClaim", policy => policy.RequireClaim(ClaimTypes.Role, "Client"));
推荐阅读
- python - Python Azure Functions 和 Bitbucket Pipelines - 如何压缩要求?
- react-native - 使用 react-native-dialog 和 date-fns 时变量未在 Formik 中初始化
- php - 有什么方法可以验证有时是文件(图像)&&有时是字符串(同一图像的Src)的字段
- directus - 我可以只使用 DirectusSDK 而不是 REST 或 GraphQL 吗?
- mysql - 在 Mac OS X 上安装 RMySQL 以在 Docker 中运行时出错
- python - 接收错误:_tkinter.TclError:无效的命令名称“.!frame3.!treeview”
- ios - 如何找到属于 Apple 框架的属性的默认值?
- json - Azure DevOps Server 2019 扩展:如何限制我的自定义页面出现的工作项数据输入表单?
- android - 布局对片段膨胀不起作用
- excel - 根据小数位数对列的值进行排序