Azure App Services在访问需要身份验证的Web api端点时获得401。但可在本地使用

问题描述 投票:0回答:1

我将Azure 7用作前端,并在Azure App Service的后端网络核心Web api上使用。

[当我调用需要身份验证的端点时,它在本地工作,但是当通过devops将其部署在azure上时,只有公共端点有效,而那些不需要身份验证的端点却不起作用。

这是我在控制台浏览器中看到的错误消息https://mysite.azurewebsites.net/api/test/private的Http错误响应:401未经授权

我对AZure的后端Angular Web api的调用

  public questsRead(quest_Id:string): Observable<IQuest_vmr>{

    const apiUrlPath = this.baseUrlBackend+'api/Quest/QuestRead';

    const obser = this.httpClient.get(apiUrlPath, {
      headers: new HttpHeaders().set('Authorization', `Bearer ${this.auth0IdToken}`),
      params: {
        "quest_Id": quest_Id,
      },
      })
      .map((response: IQuest_vmr) => response);

    return obser;
  }

这是我的网络api应用中的启动程序,用于运行auth0服务

    public static void ConfigureServices(IServiceCollection services, IConfiguration Configuration)
    {

        string auth0_Config_Domain = Configuration["Auth0:Domain"];
        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;


        }).AddJwtBearer(options =>
        {


            options.Authority = auth0_Config_Domain;
            options.Audience = Configuration["Auth0:ApiIdentifier"];

            options.TokenValidationParameters = new TokenValidationParameters()
            {

                ValidAudience = Configuration["Auth0:ValidAudience"], 
                ValidIssuer = auth0_Config_Domain

            };
        });





        services.AddAuthorization(options =>
        {
            options.AddPolicy("read:messages", policy => policy.Requirements.Add(new HasScopeRequirement("read:messages", auth0_Config_Domain)));
        });


        // register the scope authorization handler
        services.AddSingleton<IAuthorizationHandler, HasScopeHandler>();



    }

从天蓝色登录

2019-12-18 20:16:33.702 +00:00 [Information] Microsoft.AspNetCore.Hosting.Internal.WebHost: Request starting HTTP/1.1 GET https://dev-naodca-backend-webapi.azurewebsites.net/api/test/private
2019-12-18 20:16:33.702 +00:00 [Trace] Microsoft.AspNetCore.HostFiltering.HostFilteringMiddleware: All hosts are allowed.
2019-12-18 20:16:33.702 +00:00 [Warning] Microsoft.AspNetCore.Cors.Infrastructure.CorsService: The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the policy by listing individual origins if credentials needs to be supported.
2019-12-18 20:16:33.702 +00:00 [Debug] Microsoft.AspNetCore.Cors.Infrastructure.CorsService: The request has an origin header: 'https://dev-naodca-ui-angular.azurewebsites.net'.
2019-12-18 20:16:33.702 +00:00 [Information] Microsoft.AspNetCore.Cors.Infrastructure.CorsService: CORS policy execution successful.
2019-12-18 20:16:33.702 +00:00 [Debug] Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: AuthenticationScheme: Bearer was not authenticated.
2019-12-18 20:16:33.702 +00:00 [Trace] Microsoft.AspNetCore.HttpsPolicy.HstsMiddleware: Adding HSTS header to response.
2019-12-18 20:16:33.702 +00:00 [Debug] Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware: The request path /api/test/private does not match a supported file type
2019-12-18 20:16:33.702 +00:00 [Debug] Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware: The request path  does not match the path filter
2019-12-18 20:16:33.702 +00:00 [Debug] Microsoft.AspNetCore.Routing.Matching.DfaMatcher: 1 candidate(s) found for the request path '/api/test/private'
2019-12-18 20:16:33.702 +00:00 [Debug] Microsoft.AspNetCore.Routing.Matching.DfaMatcher: Endpoint 'WebApiNetCoreBaseProject.Controllers.Api.TestController.Private (WebApiNetCoreBaseProject)' with route pattern 'api/Test/private' is valid for the request path '/api/test/private'
2019-12-18 20:16:33.702 +00:00 [Debug] Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware: Request matched endpoint 'WebApiNetCoreBaseProject.Controllers.Api.TestController.Private (WebApiNetCoreBaseProject)'
2019-12-18 20:16:33.702 +00:00 [Information] Microsoft.AspNetCore.Routing.EndpointMiddleware: Executing endpoint 'WebApiNetCoreBaseProject.Controllers.Api.TestController.Private (WebApiNetCoreBaseProject)'
2019-12-18 20:16:33.702 +00:00 [Information] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Route matched with {action = "Private", controller = "Test"}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Private() on controller WebApiNetCoreBaseProject.Controllers.Api.TestController (WebApiNetCoreBaseProject).
2019-12-18 20:16:33.702 +00:00 [Debug] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Execution plan of authorization filters (in the following order): Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter
2019-12-18 20:16:33.702 +00:00 [Debug] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Execution plan of resource filters (in the following order): Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.SaveTempDataFilter
2019-12-18 20:16:33.702 +00:00 [Debug] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Execution plan of action filters (in the following order): Microsoft.AspNetCore.Mvc.ModelBinding.UnsupportedContentTypeFilter (Order: -3000), Microsoft.AspNetCore.Mvc.Infrastructure.ModelStateInvalidFilter (Order: -2000), WebApiNetCoreBaseProject.Configuration.Startup.Service_Authentication.CustomFilter_Authentication
2019-12-18 20:16:33.702 +00:00 [Debug] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Execution plan of exception filters (in the following order): WebApiNetCoreBaseProject.Startup+MyExceptionFilter
2019-12-18 20:16:33.702 +00:00 [Debug] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Execution plan of result filters (in the following order): Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.SaveTempDataFilter, Microsoft.AspNetCore.Mvc.Infrastructure.ClientErrorResultFilter (Order: -2000)
2019-12-18 20:16:33.702 +00:00 [Trace] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Authorization Filter: Before executing OnAuthorizationAsync on filter Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter.
2019-12-18 20:16:33.702 +00:00 [Information] Microsoft.AspNetCore.Authorization.DefaultAuthorizationService: Authorization failed.
2019-12-18 20:16:33.702 +00:00 [Trace] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Authorization Filter: After executing OnAuthorizationAsync on filter Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter.
2019-12-18 20:16:33.702 +00:00 [Information] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
2019-12-18 20:16:33.702 +00:00 [Trace] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Always Run Result Filter: Before executing OnResultExecuting on filter Microsoft.AspNetCore.Mvc.Infrastructure.ClientErrorResultFilter.
2019-12-18 20:16:33.702 +00:00 [Trace] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Always Run Result Filter: After executing OnResultExecuting on filter Microsoft.AspNetCore.Mvc.Infrastructure.ClientErrorResultFilter.
2019-12-18 20:16:33.702 +00:00 [Trace] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Before executing action result Microsoft.AspNetCore.Mvc.ChallengeResult.
2019-12-18 20:16:33.702 +00:00 [Information] Microsoft.AspNetCore.Mvc.ChallengeResult: Executing ChallengeResult with authentication schemes ().
2019-12-18 20:16:33.703 +00:00 [Information] Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: AuthenticationScheme: Bearer was challenged.
2019-12-18 20:16:33.703 +00:00 [Trace] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: After executing action result Microsoft.AspNetCore.Mvc.ChallengeResult.
2019-12-18 20:16:33.703 +00:00 [Trace] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Always Run Result Filter: Before executing OnResultExecuted on filter Microsoft.AspNetCore.Mvc.Infrastructure.ClientErrorResultFilter.
2019-12-18 20:16:33.703 +00:00 [Trace] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Always Run Result Filter: After executing OnResultExecuted on filter Microsoft.AspNetCore.Mvc.Infrastructure.ClientErrorResultFilter.
2019-12-18 20:16:33.703 +00:00 [Information] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Executed action WebApiNetCoreBaseProject.Controllers.Api.TestController.Private (WebApiNetCoreBaseProject) in 0.4337ms
2019-12-18 20:16:33.703 +00:00 [Information] Microsoft.AspNetCore.Routing.EndpointMiddleware: Executed endpoint 'WebApiNetCoreBaseProject.Controllers.Api.TestController.Private (WebApiNetCoreBaseProject)'
2019-12-18 20:16:33.703 +00:00 [Information] Microsoft.AspNetCore.Hosting.Internal.WebHost: Request finished in 1.3235ms 401
azure web-services authorization auth0 webapi
1个回答
1
投票

[从提琴手那里发现Auth0 JWT令牌正在从角度向wepapi发送错误的受众。

HTTP/1.1 401 Unauthorized
Date: Fri, 20 Dec 2019 10:28:18 GMT
Server: Kestrel
Content-Length: 0
Vary: Origin
WWW-Authenticate: Bearer error="invalid_token", error_description="The audience is invalid"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

此外,角度html拦截器没有在每次调用时为私有请求添加JWT令牌,因此我不得不为该特定请求以及所有其他请求手动添加它。

© www.soinside.com 2019 - 2024. All rights reserved.