Net Core 2.0 API设置授权和认证
我有一个.net核心应用程序,我已经从1.1升级到2.0。 我遇到的问题是如何设置身份验证和授权。Net Core 2.0 API设置授权和认证
我得到当我试图打一个API端点,这个例外...
2017年8月15日15:28:12.2191 | 13 | Microsoft.AspNetCore.Server.Kestrel | ERROR | 连接标识“0HL73T7CAJGBE”,请求标识“0HL73T7CAJGBE:00000001”:应用程序抛出了 未处理的异常。否 已指定authenticationScheme,并且没有找到 DefaultChallengeScheme。
我控制器上有此属性...
[授权(策略= “Viewer3AuthPolicy”)
我startup.cs有这个方法尝试设置应有尽有起来......
public void ConfigureServices(IServiceCollection services)
{
SetCorsPolicy(services);
services.AddMvc();
services.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
});
SetAuthorisationPolicy(services);
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme).RequireAuthenticatedUser().Build();
options.AddPolicy("Viewer3AuthPolicy",
policy => policy.RequireClaim(Constants.AuthPolicyClaimsName, Constants.AuthPolicyClaimsValue));
});
}
在我Configuremethod我打电话......
app.UseAuthentication();
我想我必须有一些订购错误或在设置中发出错误的电话。
有没有人有任何想法?
与_userManager.AddClaimsAsync
解决方案。下面是我在ConfigureServices所做的更改的简化版本:
services.AddAuthorization(options => {
options.AddPolicy("CRM", policy => { policy.RequireClaim("department", "Sales", "Customer Service", "Marketing", "Advertising", "MIS"); });
});
的AccountController构造:
private readonly UserManager<ApplicationUser> _userManager;
private readonly SignInManager<ApplicationUser> _signInManager;
private readonly IEmailSender _emailSender;
private readonly ILogger _logger;
private readonly MyDB_Context _context;
public AccountController(
MyDB_Context context,
UserManager<ApplicationUser> userManager,
SignInManager<ApplicationUser> signInManager,
IEmailSender emailSender,
ILogger<AccountController> logger)
{
_context = context;
_userManager = userManager;
_signInManager = signInManager;
_emailSender = emailSender;
_logger = logger;
}
在的LogIn: (VAR VUSER是我自己的类属性名称,部门,SingIn等 ...)。下面的示例使用自定义用户表中的组合MYTABLE和AspNetUserClaims表(从权利要求的类型和它们的值读)(添加的权利要求):
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
ViewData["ReturnUrl"] = returnUrl;
if (ModelState.IsValid) {
var vUser = _context.mytable.SingleOrDefault(m => m.Email.ToUpper() == model.Email.ToUpper());
const string Issuer = "https://www.mycompany.com/";
var user = _userManager.Users.Where(u => u.Email == model.Email).FirstOrDefault();
ApplicationUser applicationUser = await _userManager.FindByNameAsync(user.UserName);
IList<Claim> allClaims = await _userManager.GetClaimsAsync(applicationUser); // get all the user claims
// Add claim if missing
if (allClaims.Where(c => c.Type == "department" && c.Value == vUser.department).ToList().Count == 0) {
await _userManager.AddClaimAsync(user, new Claim("department", vUser.department, ClaimValueTypes.String, Issuer));
}
// Remove all other claim values for "department" type
var dept = allClaims.Where(c => c.Type == "department" && c.Value != vUser.department);
foreach(var claim in dept) {
await _userManager.RemoveClaimAsync(user, new Claim("department", claim.Value, ClaimValueTypes.String, Issuer));
}
vUser.SignIn = DateTime.Now; _context.Update(vUser); await _context.SaveChangesAsync();
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(vUser.Name, model.Password, model.RememberMe, lockoutOnFailure: false);
//var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded) {
_logger.LogInformation("User logged in.");
return RedirectToLocal(returnUrl);
}
if (result.RequiresTwoFactor) {
return RedirectToAction(nameof(LoginWith2fa), new { returnUrl, model.RememberMe });
}
if (result.IsLockedOut) {
_logger.LogWarning("User account locked out.");
return RedirectToAction(nameof(Lockout));
} else {
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return View(model);
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
这是我在我控制器:
[Authorize(Policy = "CRM")]
public class CRMController : Controller
谢谢你。我会尽快尝试,让你知道发生了什么。 –
_userManager是你自己的类还是.net类型? –
它是.net类型,通过选择身份验证“个人用户帐户”生成。我用我的Controller构造函数更新了答案。 –
添加
AddJwtBearer(options => { options.RequireHttpsMetadata = false; ... });"
为我做了诡计。
[DOTNET核心2.0]在asp.net 2.0核心
身份发生了变化,我希望你找到答案 – docesam
我想这就是你需要:https://wildermuth.com/2017/08/19/两种授权方案在ASP-NET-Core-2核心2.0中与核心2.0预览有很大区别。这里是角度作为前端植入:https://github.com/Longfld/ASPNETcoreAngularJWT –