在将代码库从ASP 5 beta 7更新到RC1-final之后,我开始从JwtBearer中间件接收此异常
Unable to cast object of type 'Newtonsoft.Json.Linq.JArray' to type 'System.IConvertible'.
到目前为止我可以看到的决定因素似乎是选项的设置.AutomaticAuthenticate.如果是true,那么我得到例外,否则,我没有.
什么是AutomaticAuthenticate,为什么我需要启用它?
app.UseJwtBearerAuthentication(options =>
{
options.AutomaticAuthenticate = true;
}
这是完整的堆栈跟踪:
at System.Convert.ToInt32(Object value, IFormatProvider provider)
at System.IdentityModel.Tokens.Jwt.JwtPayload.GetIntClaim(String claimType)
at System.IdentityModel.Tokens.Jwt.JwtPayload.get_Nbf()
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNet.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNet.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Microsoft.AspNet.Authentication.AuthenticationHandler`1.<InitializeAsync>d__48.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.AspNet.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Api.Startup.<<Configure>b__9_0>d.MoveNext() in ...\Startup.cs:line 156
更新根本原因
我们的代码库正在为nbf,exp和iat创建重复声明.这就解释了为什么get_Nbf在堆栈跟踪中以及关于"JArray"的抱怨,因为每个值都是数组而不是值.
如果设置为true中间件将在每个入站请求上运行,则查找JWT令牌,如果存在,则将验证它,如果有效则从中创建标识并将其添加到当前用户.
如果false没有发生这种情况,您需要通过在authorize属性中指定承载方案来请求中间件设置标识.
[Authorize(AuthenticationSchemes = "YourBearerSchemeName")]
或者你在政策中设置这个;
options.AddPolicy("RequireBearer", policy =>
{
policy.AuthenticationSchemes.Add("YourBearerSchemeName");
policy.RequireAuthenticatedUser();
});
因此,通过将其设置为false,您实际上并没有运行持有者的东西,直到您要求它为止,您只是将异常关闭直到稍后.
| 归档时间: |
|
| 查看次数: |
3117 次 |
| 最近记录: |