Program.cs
:
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
//ValidateIssuer = true,
//ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"]))
};
});
GenTokenController
——返回具有正确值的正确标记
private string GenerateJwtToken(CurrentUserVM currentUser)
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_config.GetSection("Jwt:Key").Value);
var ExpireMinutes = _config.GetSection("Jwt:ExpireMinutes").Value;
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.NameIdentifier, currentUser.UserId.ToString()),
new Claim(ClaimTypes.GroupSid, currentUser.OrgId.ToString()),
new Claim(ClaimTypes.Role, currentUser.RoleCode)
}),
Expires = DateTime.UtcNow.AddMinutes(Convert.ToInt32(ExpireMinutes)),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key),
SecurityAlgorithms.HmacSha512Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return tokenHandler.WriteToken(token);
}
UserController
-- 尝试获取当前用户:
[HttpGet]
[Authorize(Roles ="Admin")]
public async Task<IActionResult> GetUsers()
{
var curr_user = GetCurrentUser();
var users = new List<User>();
return Ok(users);
}
private CurrentUserVM GetCurrentUser()
{
if (HttpContext == null || HttpContext.User == null)
{
return null;
}
var identity = HttpContext.User.Identity as ClaimsIdentity;
if (identity != null)
{
var userClaims = identity.Claims;
if (userClaims == null || !userClaims.Any())
{
return null;
}
return new CurrentUserVM
{
OrgId = int.Parse(userClaims.FirstOrDefault(x => x.Type == ClaimTypes.GroupSid)?.Value),
UserId = int.Parse(userClaims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier)?.Value),
RoleCode = userClaims.FirstOrDefault(x => x.Type == ClaimTypes.Role)?.Value
};
}
return null;
}
当使用
[Authorize]
属性时,此调用返回 401,但未在 GetCurrentUser()
函数中使用
var userClaims = identity.Claims;
返回 null 并且
User.Identity.IsAuthenticated
始终为 false。
我尝试添加
builder.Services.AddHttpContextAccessor();
然后使用服务提供商 - 但这也不起作用。
如果您不想验证生成令牌的服务器(ValidateIssuer = true)并验证令牌的接收者是否有权接收(ValidateAudience = true),请尝试将其设置为 false,不要注释它。
ValidateIssuer = false,
ValidateAudience = false,