在ASP芯2基于角色的授权与JWT令牌和身份

问题描述 投票:2回答:1

我尝试过的一些授权的例子在ASP核心2 JWT令牌和ASP的核心身份。我跟了这码https://github.com/SunilAnthony/SimpleSecureAPI并能正常工作。

问题是,基于角色的授权。我想是这样的:http://www.jerriepelser.com/blog/using-roles-with-the-jwt-middleware/

其结果是奇怪的。我的控制器方法:

[HttpGet]
[Authorize]
public IActionResult Get()
{
    IEnumerable<Claim> claims = User.Claims; // contains claim with Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" and Value = "Administrator"
    bool role = User.IsInRole("Administrator"); // true
    bool claim = User.HasClaim(ClaimTypes.Role, "Administrator"); // true

    return Ok(claims);
}

当我把这个端点只是属性[Authorize]和检查的作用/在当前用户的密码要求它似乎不错(这两种检查都如此),但是当我改变了我的授权属性[Authorize(Roles = "Administrator")]这是行不通的 - >当我把这个端点与这个属性,我会收到404我不知道问题出在哪里。我的启动类是在上面的混帐链接完全一样,我刚刚加入的的access_token然后“角色”阵列内的有效载荷串的角色名称列表:

这是硬编码,但我已经改变了我的登录方法只是这样的测试:

[HttpPost("login")]
public async Task<IActionResult> SignIn([FromBody] Credentials Credentials)
{
    if (ModelState.IsValid)
    {
        var result = await _signInManager.PasswordSignInAsync(Credentials.Email, Credentials.Password, false, false);
        if (result.Succeeded)
        {
            IdentityUser user = await _userManager.FindByEmailAsync(Credentials.Email);

            List<string> roles = new List<string>();
            roles.Add("Administrator");

            return new JsonResult(new Dictionary<string, object>
                {
                    { "access_token", GetAccessToken(Credentials.Email, roles) },
                    { "username", user.Email },
                    { "expired_on", DateTime.UtcNow.AddMinutes(_tokenLength) },
                    { "id_token", GetIdToken(user) }
                });
        }
        return new JsonResult("Unable to sign in") { StatusCode = 401 };
    }
    return new JsonResult("Unable to sign in") { StatusCode = 401 };
}

GetAccessTokenMethod

private string GetAccessToken(string Email, List<string> roles)
{
  var payload = new Dictionary<string, object>
  {
    { "sub", Email },
    { "email", Email },
    { "roles", roles },
  };
  return GetToken(payload);
}

凡与[Authorize(Roles = "Administrator")]属性的问题?

c# asp.net-core authorization jwt asp.net-core-identity
1个回答
0
投票

问题是,与要求的类型:

http://schemas.microsoft.com/ws/2008/06/identity/claims/role

不知何故,[Authorize]属性失败Roles值时工作。所以这[Authorize(Roles = "Administartor")]不起作用。你必须对role类应用转型映射声明类型只Startup

如果你有一个Owin基础的项目:

app.UseClaimsTransformation(incoming =>
            {
                // either add claims to incoming, or create new principal
                var appPrincipal = new ClaimsPrincipal(incoming);
                if (appPrincipal.HasClaim(x => x.Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"))
                {
                    var value = appPrincipal.Claims.First(x =>
                        x.Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/role").Value;

                    incoming.Identities.First().AddClaim(new Claim("role", value));
                }                

                return Task.FromResult(appPrincipal);
            });
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.