您的位置: 首页  >  技术问答  >  Net Core 2.0 API设置授权和认证

Net Core 2.0 API设置授权和认证

分类: 技术问答 2022-06-08 16:26:23
问题描述:

我有一个.net核心应用程序,我已经从1.1升级到2.0。 我遇到的问题是如何设置身份验证和授权。Net Core 2.0 API设置授权和认证

我得到当我试图打一个API端点,这个例外...

2017年8月15日15:28:12.2191 | 13 | Microsoft.AspNetCore.Server.Kestrel | ERROR | 连接标识“0HL73T7CAJGBE”,请求标识“0HL73T7CAJGBE:00000001”:应用程序抛出了 未处理的异常。否 已指定authenticationScheme,并且没有找到 DefaultChallengeScheme。

我控制器上有此属性...

[授权(策略= “Viewer3AuthPolicy”)

我startup.cs有这个方法尝试设置应有尽有起来......

public void ConfigureServices(IServiceCollection services) 
    { 
    SetCorsPolicy(services); 

    services.AddMvc(); 

    services.AddAuthentication(o => 
    { 
     o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; 
     o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; 
    }); 

    SetAuthorisationPolicy(services); 

    services.AddAuthorization(options => 
    { 
     options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme).RequireAuthenticatedUser().Build(); 
     options.AddPolicy("Viewer3AuthPolicy", 
      policy => policy.RequireClaim(Constants.AuthPolicyClaimsName, Constants.AuthPolicyClaimsValue)); 
    }); 
}

在我Configuremethod我打电话......

app.UseAuthentication();

我想我必须有一些订购错误或在设置中发出错误的电话。

有没有人有任何想法?

+0

身份发生了变化,我希望你找到答案 – docesam

+0

我想这就是你需要:https://wildermuth.com/2017/08/19/两种授权方案在ASP-NET-Core-2核心2.0中与核心2.0预览有很大区别。这里是角度作为前端植入:https://github.com/Longfld/ASPNETcoreAngularJWT –

_userManager.AddClaimsAsync解决方案。下面是我在ConfigureServices所做的更改的简化版本:

services.AddAuthorization(options => {  
    options.AddPolicy("CRM", policy => { policy.RequireClaim("department", "Sales", "Customer Service", "Marketing", "Advertising", "MIS"); }); 
});

的AccountController构造:

private readonly UserManager<ApplicationUser> _userManager; 
    private readonly SignInManager<ApplicationUser> _signInManager; 
    private readonly IEmailSender _emailSender; 
    private readonly ILogger _logger; 

    private readonly MyDB_Context _context; 

    public AccountController(
     MyDB_Context context, 
     UserManager<ApplicationUser> userManager, 
     SignInManager<ApplicationUser> signInManager, 
     IEmailSender emailSender, 
     ILogger<AccountController> logger) 
    { 
     _context = context; 
     _userManager = userManager; 
     _signInManager = signInManager; 
     _emailSender = emailSender; 
     _logger = logger; 
    }

的LogIn: (VAR VUSER是我自己的类属性名称,部门,SingIn等 ...)。下面的示例使用自定义用户表中的组合MYTABLEAspNetUserClaims表(从权利要求的类型和它们的值读)(添加的权利要求):

[HttpPost] 
[AllowAnonymous] 
[ValidateAntiForgeryToken] 
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null) 
{ 
    ViewData["ReturnUrl"] = returnUrl; 
    if (ModelState.IsValid) { 
     var vUser = _context.mytable.SingleOrDefault(m => m.Email.ToUpper() == model.Email.ToUpper()); 

     const string Issuer = "https://www.mycompany.com/"; 
     var user = _userManager.Users.Where(u => u.Email == model.Email).FirstOrDefault(); 

     ApplicationUser applicationUser = await _userManager.FindByNameAsync(user.UserName); 
     IList<Claim> allClaims = await _userManager.GetClaimsAsync(applicationUser); // get all the user claims 

     // Add claim if missing 
     if (allClaims.Where(c => c.Type == "department" && c.Value == vUser.department).ToList().Count == 0) { 
      await _userManager.AddClaimAsync(user, new Claim("department", vUser.department, ClaimValueTypes.String, Issuer)); 
     } 
     // Remove all other claim values for "department" type 
     var dept = allClaims.Where(c => c.Type == "department" && c.Value != vUser.department); 
     foreach(var claim in dept) { 
      await _userManager.RemoveClaimAsync(user, new Claim("department", claim.Value, ClaimValueTypes.String, Issuer)); 
     } 

     vUser.SignIn = DateTime.Now; _context.Update(vUser); await _context.SaveChangesAsync(); 

     // This doesn't count login failures towards account lockout 
     // To enable password failures to trigger account lockout, set lockoutOnFailure: true 
     var result = await _signInManager.PasswordSignInAsync(vUser.Name, model.Password, model.RememberMe, lockoutOnFailure: false); 
     //var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false); 
     if (result.Succeeded) { 
      _logger.LogInformation("User logged in."); 
      return RedirectToLocal(returnUrl); 
     } 
     if (result.RequiresTwoFactor) { 
      return RedirectToAction(nameof(LoginWith2fa), new { returnUrl, model.RememberMe }); 
     } 
     if (result.IsLockedOut) { 
      _logger.LogWarning("User account locked out."); 
      return RedirectToAction(nameof(Lockout)); 
     } else { 
      ModelState.AddModelError(string.Empty, "Invalid login attempt."); 
      return View(model); 
     } 
    } 

    // If we got this far, something failed, redisplay form 
    return View(model); 
}

这是我在我控制器

[Authorize(Policy = "CRM")] 
public class CRMController : Controller
+0

谢谢你。我会尽快尝试,让你知道发生了什么。 –

+0

_userManager是你自己的类还是.net类型? –

+0

它是.net类型,通过选择身份验证“个人用户帐户”生成。我用我的Controller构造函数更新了答案。 –

添加

AddJwtBearer(options => { options.RequireHttpsMetadata = false; ... });"

为我做了诡计。

[DOTNET核心2.0]在asp.net 2.0核心

相关推荐