采用双重授权时获得403（承载和基本）在.NET的核心

Question

我有我想要与承载令牌和基本身份验证这两种身份验证的情况下，但我正在逐渐禁止所有的基本使用（[授权（AuthenticationSchemes =“BasicAuthentication”））时间403。

。这是我的startup.cs：

services
    .AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

    })
    .AddJwtBearer(cfg =>
    {
        cfg.RequireHttpsMetadata = false;
        cfg.SaveToken = true;
        cfg.TokenValidationParameters = new TokenValidationParameters
        {
            ...
        };
    })
    .AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);

services.AddAuthorization(options =>
{

    options.AddPolicy("BasicAuthentication",
        authBuilder =>
        {
            authBuilder.AddAuthenticationSchemes("BasicAuthentication");
            authBuilder.RequireClaim("NameIdentifier");

        });
});

我已经添加了基本的处理程序：

public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        if (!Request.Headers.ContainsKey("Authorization"))
            return AuthenticateResult.Fail("Missing Authorization Header");

        ...

        var claims = new[] {
            new Claim(ClaimTypes.NameIdentifier, username),
            new Claim(ClaimTypes.Role, "User"),
            new Claim(ClaimTypes.Name, username)
        };

        var identity = new ClaimsIdentity(claims, Scheme.Name);

        var principal = new ClaimsPrincipal(identity);
        var ticket = new AuthenticationTicket(principal, Scheme.Name);

        return AuthenticateResult.Success(ticket);
    }
}

该处理程序返回的权利的案件成功，但仍返回403。

Answer 1

那是因为你错过了构建身份时authenticationType参数：

    var claims = new[] {
        new Claim(ClaimTypes.NameIdentifier, username),
        new Claim(ClaimTypes.Role, "User"),
        new Claim(ClaimTypes.Name, username)
    };
    var identity = new ClaimsIdentity(claims);
    var identity = new ClaimsIdentity(claims,Scheme.Name);

Answer 2

我可以通过更改设置来解决这个问题：我创建将我的政策的AuthenticationHandler扩展方法：

    public static class BasicAuthExtensions
{
    public static IServiceCollection AddBasicAuthorization(this IServiceCollection serviceCollection)
    {
        serviceCollection
        .AddAuthorization(options =>
        {
            options.AddBasicPolicy();
        })
        .AddAuthentication("BasicAuthentication")
        .AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);

        return serviceCollection;
    }

    public static AuthorizationOptions AddBasicPolicy(this AuthorizationOptions options)
    {
        var policy = new AuthorizationPolicyBuilder()
            .AddAuthenticationSchemes("BasicAuthentication")
            .RequireAuthenticatedUser()
            .Build();

        options.AddPolicy("BasicPolicy", policy);
        return options;
    }
}

然后，我添加它startup.cs：

            services
            .AddBasicAuthorization()
            .AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

            })
            .AddJwtBearer(cfg =>
            {
                cfg.RequireHttpsMetadata = false;
                cfg.SaveToken = true;
                cfg.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidIssuer = Configuration["JwtIssuer"],
                    ValidAudience = "Audience",
                    ValidateLifetime = true,
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtKey"])),
                    ValidateIssuerSigningKey = true,
                    ClockSkew = TimeSpan.Zero // remove delay of token when expire
                };
            });

采用双重授权时获得403（承载和基本）在.NET的核心

问题描述投票：1回答：2

2个回答

最新问题

采用双重授权时获得403（承载和基本）在.NET的核心

问题描述 投票：1回答：2

2个回答

最新问题

问题描述投票：1回答：2