JwtBearerOptions Configure 方法未执行

Question

我有 asp.net core 3.1 web api 项目，代码如下：

Startup.cs

public virtual void ConfigureServices(IServiceCollection services) =>
    services
    .AddFrameworkServices()
    .AddApplicationInsights(this.configuration)
    .AddResponseCompression()
    .AddCustomConfigureOptions();

CustomServiceCollectionExtensions.cs

public static IServiceCollection AddCustomConfigureOptions(this IServiceCollection services) =>
  services
    .ConfigureOptions<ConfigureAuthenticationOptions>();
    .ConfigureOptions<ConfigureJwtBearerOptions>();

ConfigureAuthenticationOptions.cs

public class ConfigureAuthenticationOptions : IConfigureOptions<AuthenticationOptions>
{
   public void Configure(AuthenticationOptions options) =>
      options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}

配置JwtBearerOptions

public class ConfigureJwtBearerOptions : IConfigureOptions<JwtBearerOptions>
{
    private readonly IConfiguration configuration;
    public ConfigureJwtBearerOptions(IConfiguration configuration) => this.configuration = configuration;
    public void Configure(JwtBearerOptions options)
    {
        options.Authority = configuration[C.AppKeys.AADInstance] + configuration[C.AppKeys.AADTenantID];
        options.Audience = configuration[C.AppKeys.AADAudience];
    }
}

在调试时我发现 ConfigureJwtBearerOptions.cs 文件的 Configure 方法没有被触发

谁能帮助我解决这个问题

Answer 1

我一直在研究 .NET 身份验证和授权，发现在过去的一年里，这种情况似乎发展得非常迅速。

在最新的文档中，我发现微软在这里为不同的身份验证类型推荐了不同的身份验证库：https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-v2-libraries

在我们最新的 .net 6 Web API 中使用 Microsoft.Identity.Web 并使用 services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApi(azureConfiguration, "AzureAd"); 添加我们的身份验证。我们之前用过.AddAuthentication().AddJwtBearer(options => {...})

我目前正在自己​​学习这个新的身份验证库：https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-protected-web-api-app-configuration#customizing-token-validation

希望这对您有所帮助！

Answer 2

我正在使用 .Net Core 6 并遇到同样的错误。这里的微妙之处在于 .AddJwtBearer() 使用命名选项委托。

不实现 IConfigureOptions，而是实现 IConfigureNamedOptions

ConfigureJwtBearerOptions.cs

public class ConfigureJwtBearerOptions : IConfigureNamedOptions<JwtBearerOptions>
{
    private readonly JwtOptions config;
    private readonly ILogger<ConfigureJwtBearerOptions> logger;
   
    /// <summary>
    /// Configure JWT auth
    /// </summary>
    /// <param name="jwtOptions"></param>
    /// <param name="logger"></param>
    public ConfigureJwtBearerOptions(JwtOptions jwtOptions, ILogger<ConfigureJwtBearerOptions> logger)
    {
        config = jwtOptions;
        this.logger = logger;
    }

    /// <inheritdoc/>
    public void Configure(JwtBearerOptions options)
    {
        Configure(JwtBearerDefaults.AuthenticationScheme, options);
    }

    public void Configure(string name, JwtBearerOptions options)
    {
        options.Authority = config.Authority;
        options.Audience = config.Audience;

        logger.LogInformation("OAuth authority: {0}", config.Authority);
        logger.LogInformation("OAuth audience: {0}", config.Audience);
        //...
    }
}

另外，你还需要在 Startup.cs 中调用 AddAuthentication()

Startup.cs

//...
services.AddAuthentication().AddJwtBearer();