c# - JWT Authentication .Net core [Authorize] 属性被控制器忽略
问题描述
我正在尝试在具有 Angular 8 前端和 .Net Core 后端的应用程序中实现基于 JWT 的身份验证。我已经添加了
app.UseAuthentication();
app.UseAuthorization();
和
services.AddAuthentication(opt =>
[Authorize]
在启动类中。我已经使用属性修饰了控制器方法。但是当我尝试在没有任何标记的情况下点击控制器方法时,它允许进入控制器方法。
启动
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
var jwtSettings = Configuration.GetSection("JwtSettings");
services.AddAuthentication(opt =>
{
opt.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
opt.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = jwtSettings.GetSection("validIssuer").Value,
ValidAudience = jwtSettings.GetSection("validAudience").Value,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSettings.GetSection("securityKey").Value))
};
});
services.AddSignalR();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
// In production, the Angular files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/dist";
});
// requires using Microsoft.Extensions.Options
services.Configure<DatabaseSettings>(
Configuration.GetSection(nameof(DatabaseSettings)));
services.AddSingleton<IDatabaseSettings>(sp =>
sp.GetRequiredService<IOptions<DatabaseSettings>>().Value);
services.AddSingleton<FileService>();
services.AddSingleton<InternalReportService>();
services.AddTransient<MailService>();
services.AddMvc(option => option.EnableEndpointRouting = false);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseRouting();
app.UseMvc();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapHub<CoreHub>("/corehub");
endpoints.MapControllerRoute("default", "{controller=Home}/{action=Index}");
});
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseProxyToSpaDevelopmentServer("http://localhost:4200");
}
});
}
}
控制器
[Authorize]
public async Task UploadFile(IFormFile file)
{
// Do Stuff
}
解决方案
好吧,您已经配置了 API 的身份验证部分,现在您需要以相同的方式配置授权...
你可以这样配置:
services.AddAuthorization(options =>
{
options.AddPolicy("Default", new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build());
options.AddPolicy("Admin", new AuthorizationPolicyBuilder()
.RequireRole("Admin")
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build());
});
然后您将能够使用该属性作为
[Authorize("User")]
[Authorize("Admin")]
在您的控制器或特定端点上。
如果您希望将此默认策略放在所有端点/控制器上并仅控制 if 的“AllowAnonymous”部分,您可以这样做:
services.AddMvc()
.AddMvcOptions(options =>
{
// Mark all endpoints with the default policy
options.Filters.Add(new AuthorizeFilter("Default"));
})
推荐阅读
- batch-file - 如何在批处理文件中读取 .dat 文件中的内容?
- javascript - 将 Auth 添加到 Storybook 项目
- r-markdown - 我的项目和缩进没有正确呈现
- swift - 如何打印与选中的复选标记关联的单元格文本?
- c# - WPF数据网格在绑定时不更新更改
- javascript - 在滚动事件上侦听的函数中未更新 React 钩子
- python-3.x - Selenium、Python 和 InvalidArgumentException:无效参数:值必须是非负整数
- c - 破解项目欧拉问题3,我的解决方案正确吗?
- php - 如何替换数组中的数据
- sql-server - DQS - 检测无效国家名称的正则表达式