【发布时间】:2019-07-17 13:41:39
【问题描述】:
我正在使用 JWT 在我的 Asp.net Web Api 中处理身份验证/授权。我用 [Authorize] 装饰了我的差异控制器。每次我拨打电话时,此消息都是 Send :Authorization has been denied for this request。
这是我的一个控制器的示例:
[System.Web.Http.Route("api/MyParticipations")]
[System.Web.Http.HttpGet]
[System.Web.Http.ActionName("XAMARIN_SelectMyEvent")]
[Authorize]
public HttpResponseMessage Xamarin_SelectMyEvents()
{
string token = Request.Headers.Authorization.ToString();
string resultToken = Utils.Util.ValidateToken(token);
if (resultToken == null)
{
return Request.CreateResponse(HttpStatusCode.NotFound, "Your session has expired");
}
int userId = Int32.Parse(resultToken);
var MyEvents = db.getMyEvents(userId);
if (MyEvents == null)
{
return Request.CreateResponse(HttpStatusCode.NotFound, "No Events available");
}
else
{
return Request.CreateResponse(HttpStatusCode.Accepted, MyEvents);
}
}
这是我的启动类:
public IConfiguration _Configuration { get; }
public Startup(IConfiguration configuration)
{
_Configuration = configuration;
}
public Startup()
{
}
public void Configuration(IAppBuilder app)
{
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseAuthentication();
app.UseMvc();
}
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(_Configuration[System.Web.Configuration.WebConfigurationManager.AppSettings["JWTKEY"]]))
};
});
services.AddMvc();
}
我没有成功修复的一个小问题是启动类中的空构造函数。如果我删除它,我会收到一条错误消息:“no constructor without parameters defined for this object owin”。
这是我生成和验证 JWT 的代码:
private static string Secret = System.Web.Configuration.WebConfigurationManager.AppSettings["JWTKEY"];
public static string GenerateToken(int userId)
{
byte[] key = Convert.FromBase64String(Secret);
SymmetricSecurityKey securityKey = new SymmetricSecurityKey(key);
SecurityTokenDescriptor descriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[] {
new Claim(ClaimTypes.PrimarySid, userId.ToString())}),
Expires = DateTime.UtcNow.AddDays(3),
SigningCredentials = new SigningCredentials(securityKey,
SecurityAlgorithms.HmacSha256Signature)
};
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
JwtSecurityToken token = handler.CreateJwtSecurityToken(descriptor);
return handler.WriteToken(token);
}
public static ClaimsPrincipal GetPrincipal(string token)
{
try
{
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken jwtToken = (JwtSecurityToken)tokenHandler.ReadToken(token);
if (jwtToken == null)
return null;
byte[] key = Convert.FromBase64String(Secret);
TokenValidationParameters parameters = new TokenValidationParameters()
{
RequireExpirationTime = true,
ValidateIssuer = false,
ValidateAudience = false,
IssuerSigningKey = new SymmetricSecurityKey(key)
};
SecurityToken securityToken;
ClaimsPrincipal principal = tokenHandler.ValidateToken(token,
parameters, out securityToken);
return principal;
}
catch (Exception e)
{
return null;
}
}
public static string ValidateToken(string token)
{
string userId = null;
ClaimsPrincipal principal = GetPrincipal(token);
if (principal == null)
return null;
ClaimsIdentity identity = null;
try
{
identity = (ClaimsIdentity)principal.Identity;
}
catch (NullReferenceException)
{
return null;
}
Claim usernameClaim = identity.FindFirst(ClaimTypes.PrimarySid);
userId = usernameClaim.Value;
return userId;
}
谁能看出这段代码有什么问题?我查看了其他主题,但没有一个给我解决方案。
感谢阅读,
一个绝望的学生
【问题讨论】:
-
令牌生成了吗?如果是,请分享。
-
是的,令牌已生成,我将编辑我的帖子以分享代码!
-
这是配置部分(我觉得不错)。但是您实际上是如何登录的?
-
是的,我猜这是StartUp类中的配置部分,你说的登录是什么意思?我有一个用户控制器,用于检查用户是否在数据库中,然后生成 JWT。
-
我忘了说我的项目是一个asp.net web api(不是asp.Net core)。我不知道它是否改变了什么!
标签: c# asp.net jwt owin bearer-token