我有一个项目,其中包括一个Chrome扩展作为前端和ASP.NET Core 7 Web API作为后端.该项目正在对OAuth使用Azure Entra ID.
使用该扩展,我能够成功检索承载令牌并将其传递给API.API似乎完全验证了令牌,但是来自控制器的所有响应都是401状态.
以下是与身份验证/授权相关的Program.cs
代码:
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAd"));
app.UseHttpsRedirection();
app.UseCors();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
下面是我设置的一个基本控制器,用于try 和测试身份验证:
[Authorize]
[ApiController]
[Route("controller")]
public class WeatherForecastController : ControllerBase
{
public WeatherForecastController()
{
}
[HttpGet]
public ActionResult<string> Test()
{
return "Hello";
}
}
以下是日志(log)的输出(删除了令牌):
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter\[0\]
Microsoft.IdentityModel Version: 6.32.3.0. Date 10/06/2023 10:56:55. PII logging is ON, do not use in production. See https://aka.ms/IdentityModel/PII for details.
IDX10242: Security token: '{}' has a valid signature.
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter\[0\]
IDX10239: Lifetime of the token is valid.
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter\[0\]
IDX10234: Audience Validated.Audience: ''
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter\[0\]
IDX10245: Creating claims identity from the validated token: '{}'.
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter\[0\]
IDX10241: Security token validated. token: '{}'.