【发布时间】:2018-01-01 07:38:12
【问题描述】:
我正在尝试使用 JWT 令牌实现 WebApi 授权。但无论我尝试做什么 - 它总是返回401。这是它的样子。
WebApiConfig.cs
public static void Register(HttpConfiguration config)
{
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
Startup.cs
public void Configuration(IAppBuilder app)
{
HttpConfiguration config = new HttpConfiguration();
ConfigureOAuth(app);
WebApiConfig.Register(config);
app.UseWebApi(config);
}
private void ConfigureOAuth(IAppBuilder app)
{
var issuer = "http://localhost:59640/";
var audience = "099153c2625149bc8ecb3e85e03f0022";
var secret = TextEncodings.Base64.Decode("IxrAjDoa2FqElO7IhrSrUJELhUckePEPVpaePlS_Xaw");
// Api controllers with an [Authorize] attribute will be validated with JWT
app.UseJwtBearerAuthentication(
new JwtBearerAuthenticationOptions
{
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
AllowedAudiences = new[] { audience },
IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
{
new SymmetricKeyIssuerSecurityTokenProvider(issuer, secret)
}
});
}
已安装 NuGet 包
<package id="Microsoft.AspNet.WebApi" version="5.2.3" targetFramework="net461" />
<package id="Microsoft.AspNet.WebApi.Client" version="5.2.3" targetFramework="net461" />
<package id="Microsoft.AspNet.WebApi.Client.ru" version="5.2.3" targetFramework="net461" />
<package id="Microsoft.AspNet.WebApi.Core" version="5.2.3" targetFramework="net461" />
<package id="Microsoft.AspNet.WebApi.Core.ru" version="5.2.3" targetFramework="net461" />
<package id="Microsoft.AspNet.WebApi.Owin" version="5.2.3" targetFramework="net461" />
<package id="Microsoft.AspNet.WebApi.WebHost" version="5.2.3" targetFramework="net461" />
<package id="Microsoft.AspNet.WebApi.WebHost.ru" version="5.2.3" targetFramework="net461" />
<package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="1.0.0" targetFramework="net461" />
<package id="Microsoft.IdentityModel.Logging" version="1.1.4" targetFramework="net461" />
<package id="Microsoft.IdentityModel.Tokens" version="5.1.4" targetFramework="net461" />
<package id="Microsoft.Net.Compilers" version="1.0.0" targetFramework="net461" developmentDependency="true" />
<package id="Microsoft.Owin" version="3.1.0" targetFramework="net461" />
<package id="Microsoft.Owin.Host.SystemWeb" version="3.1.0" targetFramework="net461" />
<package id="Microsoft.Owin.Security" version="3.1.0" targetFramework="net461" />
<package id="Microsoft.Owin.Security.Jwt" version="3.1.0" targetFramework="net461" />
<package id="Microsoft.Owin.Security.OAuth" version="3.1.0" targetFramework="net461" />
<package id="Newtonsoft.Json" version="9.0.1" targetFramework="net461" />
<package id="Owin" version="1.0" targetFramework="net461" />
<package id="System.IdentityModel.Tokens.Jwt" version="4.0.3.308261200" targetFramework="net461" />
401 回答中的标题
Cache-Control →no-cache
Content-Length →90
Content-Type →application/json; charset=utf-8
Date →Wed, 26 Jul 2017 05:20:21 GMT
Expires →-1
Pragma →no-cache
Server →Microsoft-IIS/10.0
WWW-Authenticate →Bearer
X-AspNet-Version →4.0.30319
X-Powered-By →ASP.NET
X-SourceFiles →=?UTF-8?B?RDpcRGV2XGFncm9tYXNoXFRlc3RcYXBpXHRlc3Q=?=
请求标头
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1bmlxdWVfbmFtZSI6ImFuZHJleS5zaGVka29AZ21haWwuY29tIiwic3ViIjoiYW5kcmV5LnNoZWRrb0BnbWFpbC5jb20iLCJyb2xlIjoiQWRtaW4iLCJpc3MiOiJhZ3JvbWFzaC5hcGkiLCJhdWQiOiIwOTkxNTNjMjYyNTE0OWJjOGVjYjNlODVlMDNmMDAyMiIsImV4cCI6MTUwMTA0ODA2NiwibmJmIjoxNTAxMDQ2MjY2fQ.XkHk38NWcVXokzettDrngoL9BFiP_gEzswQaEYxVK10
Accept:application/json
Content-Type:application/json
有趣的是 - 当我将 Authorize 属性更改为自定义授权属性时,它甚至没有在自定义授权属性中命中断点,而是返回 401。我已经花了几天时间试图解决这个问题。你能告诉我 - 我做错了什么吗?
P.S. 我在 jwt.io 上验证了 JWT 令牌,看起来没问题。
【问题讨论】:
-
你也可以从请求中添加标头吗?
-
@hotzu 我刚刚更新了我的问题。
-
我检查了你的 jwt 令牌。如果我是对的,那么您的“exp”时间已经过去,因此您的令牌可能已被时间失效。你检查了吗?
-
@hotzu,这只是一个例子,但让我再检查一下。
-
@hotzu,看来你是对的。
标签: asp.net-web-api owin jwt authorize