当我通过摇摇把令牌发送到我的api时,我仍然会受到401的未授权
content-length:0 date:Sat,06 Jun 2020 12:51:50 GMT服务器: Microsoft-IIS / 8.5严格传输安全性:max-age = 2592000 www-authenticate:Bearer错误=“ invalid_token”,error_description =“ The 签名无效” x-powered by:ASP.NET
这是我的ConfigureServices Config
services.AddSwaggerGen(c => {
c.SwaggerDoc("v1", new OpenApiInfo { Title = "App Manager - Running Buddies", Version = "v1" });
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme {
Description = "JWT Authorization header using the Bearer scheme.",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.Http,
Scheme = "bearer",
BearerFormat = "JWT"
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement{
{
new OpenApiSecurityScheme{
Reference = new OpenApiReference{
Id = "Bearer", //The name of the previously defined security scheme.
Type = ReferenceType.SecurityScheme
}
},new List<string>() }
});
});
services.AddTokenAuthentication(Configuration);
我的AddTokenAuthentication调用,它是用于配置身份验证JWT承载的扩展,当它的交换令牌失败时,可能会大摇大摆地不允许测试
public static class AddTokenAuthentications {
public static IServiceCollection AddTokenAuthentication(this IServiceCollection services, IConfiguration config) {
var secret = config.GetSection("JwtToken").GetSection("SecretKey").Value;
var keySecret = Base64UrlEncoder.DecodeBytes(secret);
var key = Encoding.ASCII.GetBytes(keySecret.ToString());
services.AddAuthentication(x => {
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x => {
{
// x.Audience = config.GetSection("JwtToken").GetSection("Audience").Value;
// x.Authority = config.GetSection("JwtToken").GetSection("Authority").Value;
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters {
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
}
});
return services;
}
如您所见,barrer令牌在curl语句中,因此应该被授权
卷曲-X GET “https://api-fitnessbuddies.net/api/BmiInformations/bmi/all” -H “接受:文本/无格式” -H “授权:承载eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1OTE0NDk5NjIsImlzcyI6Imh0dHBzOi8vYXBpLWZpdG5lc3NidWRkaWVzLm5ldCIsImF1ZCI6Imh0dHBzOi8vYXBpLWZpdG5lc3NidWRkaWVzLm5ldCJ9.txG4OUUcfOqdDSBvPWJTuMaQ0RbThbvQwPiwgAleUrk”
如果我的理解是正确的,我想您没有添加API密钥或实现操作过滤器。因此,您想测试需要使用swagger进行身份验证的API,您必须在swagger配置中添加API密钥或实现IOperationFilter,它允许您在swagger上输入JWT令牌。完成此操作后,您可以测试您的API。
这些文章供您参考: