如何调试JWT和AuthorizeAttribute

Question

我正在关注 this Microsoft Docs tutorial 一切似乎都正常工作，直到我使用 Postman 使用访问令牌调用 web api。

具体来说：

我请求令牌，Azure AD 重定向我以提供用户名和密码
凭证被接受并返回令牌
我告诉 Postman 使用令牌并调用 api
我得到一个 401

如果我解码令牌，一切看起来都是正确的，即

aud

与 AD B2C 中的 Web API 注册相匹配，用户是正确的，声明等

在我的 API 中注释掉

[Authorize]

属性，数据被返回，所以我认为它在我的 API 的授权中。

我不确定如何在 ASP.NET Core Web API 中调试身份验证过程。例如，在我的控制器中放置断点是行不通的，因为我的代码甚至没有达到那么远。

更新

在 Postman 控制台中，响应标头显示：

WWW-Authenticate:"Bearer error="invalid_token", error_description="The issuer is invalid""

。发行人是

https://login.microsoftonline.com/<guid>/v2.0/

.

更新 2

令人尴尬的是，如文章中所述，一旦我将

AzureAdB2C.Instance

中的

appsettings.json

设置与邮递员

Auth Url

相匹配，

invalid_token

错误就消失了，但现在我得到了500个错误：

Unable to obtain configuration from..., Microsoft.IdentityModel.Protocols.ConfigurationManager&lt;T&gt;.GetConfigurationAsync(CancellationToken cancel)

.

砖墙

The thread 0x5c30 has exited with code 0 (0x0).
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET https://localhost:44366/api/values  
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.2.5\System.Net.Sockets.dll'. 
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.2.5\Microsoft.Win32.Primitives.dll'. 
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.2.5\System.Net.NameResolution.dll'. 
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.2.5\System.Security.Cryptography.Encoding.dll'. 
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.2.5\System.Collections.NonGeneric.dll'. 
Exception thrown: 'System.Net.Http.HttpRequestException' in System.Net.Http.dll
Exception thrown: 'System.IO.IOException' in Microsoft.IdentityModel.Protocols.dll
Exception thrown: 'System.IO.IOException' in System.Private.CoreLib.dll
Exception thrown: 'System.IO.IOException' in System.Private.CoreLib.dll
Exception thrown: 'System.InvalidOperationException' in Microsoft.IdentityModel.Protocols.dll
Exception thrown: 'System.InvalidOperationException' in System.Private.CoreLib.dll
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.2.5\System.Diagnostics.StackTrace.dll'. 
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.2.5\System.Reflection.Metadata.dll'. 
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Error: Exception occurred while processing message.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 404 (Not Found).
   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\2.2.5\Microsoft.AspNetCore.Http.Extensions.dll'. 
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 1438.8301ms 500 text/html; charset=utf-8

Answer 1

在@Sam 的最后评论和我早先实现的匹配权限域的提示下，我没有将 appsettings.json

AzureAdB2C:Instance

值与

Auth Url

的 Postman

https://login.microsoftonline.com/

值匹配，而是将 Postman

Auth Url

值与 appsettings 匹配

AzureAdB2C:Instance

的值

https://<mytenant>.b2clogin.com/

.

如何调试JWT和AuthorizeAttribute

问题描述投票：0回答：1

更新

更新 2

砖墙

1个回答

最新问题

如何调试JWT和AuthorizeAttribute

问题描述 投票：0回答：1

更新

更新 2

砖墙

1个回答

最新问题

问题描述投票：0回答：1