我正在使用ASP.NET7框架制作我的第一个API.我正在使用JWT令牌.我有一个问题,Authorize标签总是返回UnAuthorize.我已经判断了来自客户端的正确访问令牌,唯一的问题是标签无法验证它.我附上了我的巴新项目的 struct .以下是My Program.cs的代码
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.EntityFrameworkCore;
using Microsoft.IdentityModel.Tokens;
using WebApi.Models;
using WebApi.Services;
using WebApi;
WebApplicationBuilder builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddControllers();
builder.Services.AddDbContext<UserContext>(opt =>
opt.UseInMemoryDatabase("UserList"));
builder.Services.AddScoped<ITokenService, TokenService>();
builder.Services.AddSingleton<IPasswordHasher, PasswordHasher>();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
builder.Services.AddAuthorization();
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => {
options.TokenValidationParameters = new TokenValidationParameters {
ValidateIssuer = true,
ValidIssuer = AuthOptions.ISSUER,
ValidateAudience = true,
ValidAudience = AuthOptions.AUDIENCE,
ValidateLifetime = true, //make true after tests
IssuerSigningKey = AuthOptions.GetSymmetricSecurityKey(),
ValidateIssuerSigningKey = true,
};
});
WebApplication app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment()) {
app.UseSwagger();
app.UseSwaggerUI();
}
//app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
现在我的 token 一代:
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
namespace WebApi.Services {
public class TokenService : ITokenService {
public string GenerateAccessToken(string username) {
List<Claim> claims = new() {
new Claim(ClaimTypes.Name, username)
};
SymmetricSecurityKey key = new(Encoding.UTF8.GetBytes(AuthOptions.SECRETKEY));
SigningCredentials creds = new(key, Security算法rithms.HmacSha256);
JwtSecurityToken token = new(
issuer: AuthOptions.ISSUER,
audience: AuthOptions.AUDIENCE,
claims: claims,
expires: DateTime.UtcNow.AddMinutes(AuthOptions.ACCESSTOKENLIFETIME),
signingCredentials: creds
);
return new JwtSecurityTokenHandler().WriteToken(token);
}
}
以及我正在try 使用[授权]的控制器中的位置
[HttpGet("{id}")]
[Authorize]
public async Task<IActionResult> GetUserById(int id) {
string username = HttpContext.User.Identity.Name;
string token = HttpContext.Request.Headers["Authorization"].FirstOrDefault()?.Replace("Bearer ", "");
_logger.LogInformation(username + " username");
_logger.LogInformation(token + " token");
User? user = await _dbContext.Users.FirstOrDefaultAsync(u => u.email == username);
if (user == null) {
return NotFound("User not found");
}
int userId = user.id;
if (userId != id) {
return Unauthorized("Unauthorized");
}
string newAccessToken = _tokenService.GenerateAccessToken(user.username);
UserInfoResponse userInfo = new() {
username = user.username,
id = user.id,
avatar = user.avatar,
accessToken = newAccessToken
};
return Ok(userInfo);
}
我try 在Program.cs中注释掉HTTPS强制(app.UseHttpsReDirection();),但没有帮助