使用JWT令牌时大摇大摆不允许检索

问题描述 投票:0回答:1

当我通过摇摇把令牌发送到我的api时,我仍然会受到401的未授权

content-length:0 date:Sat,06 Jun 2020 12:51:50 GMT服务器: Microsoft-IIS / 8.5严格传输安全性:max-age = 2592000 www-authenticate:Bearer错误=“ invalid_token”,error_description =“ The 签名无效” x-powered by:ASP.NET

这是我的ConfigureServices Config

 services.AddSwaggerGen(c => {
 c.SwaggerDoc("v1", new OpenApiInfo { Title = "App Manager - Running Buddies", Version = "v1" });
 c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme {
                Description = "JWT Authorization header using the Bearer scheme.",
                Name = "Authorization",
                In = ParameterLocation.Header,
                Type = SecuritySchemeType.Http,
                Scheme = "bearer",
                BearerFormat = "JWT"

            });

            c.AddSecurityRequirement(new OpenApiSecurityRequirement{
   {
    new OpenApiSecurityScheme{
        Reference = new OpenApiReference{
            Id = "Bearer", //The name of the previously defined security scheme.
            Type = ReferenceType.SecurityScheme
        }
    },new List<string>()  }
    });


        });

        services.AddTokenAuthentication(Configuration);

我的AddTokenAuthentication调用,它是用于配置身份验证JWT承载的扩展,当它的交换令牌失败时,可能会大摇大摆地不允许测试

 public static class AddTokenAuthentications {
    public static IServiceCollection AddTokenAuthentication(this IServiceCollection services, IConfiguration config) {
        var secret = config.GetSection("JwtToken").GetSection("SecretKey").Value;
        var keySecret = Base64UrlEncoder.DecodeBytes(secret);

        var key = Encoding.ASCII.GetBytes(keySecret.ToString());
        services.AddAuthentication(x => {
            x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        })
               .AddJwtBearer(x => {

                   {

              //        x.Audience = config.GetSection("JwtToken").GetSection("Audience").Value;
                    //   x.Authority = config.GetSection("JwtToken").GetSection("Authority").Value;

                       x.RequireHttpsMetadata = false;
                       x.SaveToken = true;
                       x.TokenValidationParameters = new TokenValidationParameters {
                           ValidateIssuerSigningKey = true,
                           IssuerSigningKey = new SymmetricSecurityKey(key),
                           ValidateIssuer = false,
                           ValidateAudience = false
                       };
                   }
               });

        return services;
    }

如您所见,barrer令牌在curl语句中,因此应该被授权

卷曲-X GET “https://api-fitnessbuddies.net/api/BmiInformations/bmi/all” -H “接受:文本/无格式” -H “授权:承载eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1OTE0NDk5NjIsImlzcyI6Imh0dHBzOi8vYXBpLWZpdG5lc3NidWRkaWVzLm5ldCIsImF1ZCI6Imh0dHBzOi8vYXBpLWZpdG5lc3NidWRkaWVzLm5ldCJ9.txG4OUUcfOqdDSBvPWJTuMaQ0RbThbvQwPiwgAleUrk”

c# asp.net-web-api2
1个回答
-1
投票

如果我的理解是正确的,我想您没有添加API密钥或实现操作过滤器。因此,您想测试需要使用swagger进行身份验证的API,您必须在swagger配置中添加API密钥或实现IOperationFilter,它允许您在swagger上输入JWT令牌。完成此操作后,您可以测试您的API。

这些文章供您参考:

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.