Bro*_*Lee 2 c# jwt asp.net-core blazor blazor-server-side
我遇到以下情况,非常感谢任何帮助:
我在用户界面(Blazor 服务器应用程序)中使用 JSON Web 令牌 (jwtbearer) 进行身份验证和授权,以访问我的 Web API (Asp.net core 5.0)。
我尝试从通过 UserId 过滤的 API 返回数据(在创建令牌时我也将其添加为 NameIdentifier)。ClaimsPrincipal然后我注意到,点击控制器时返回的声明ControllerBase.User与我的令牌不同。
我有两项NameIdentifier索赔,但缺少“sub”。相反,看起来 sub 已更改为第二个NameIdentifier。
但是,当我随请求发送时,令牌的有效负载看起来是正确的。这是我的令牌的有效负载:
{
"sub": "admin@caliprog.com",
"jti": "15c23576-9f5b-4f81-a985-ab236830c7b5",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "9b437d6c-8fb8-455d-87f5-986d36b26dcf",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/role": "Administrator",
"exp": 1625472724,
"iss": "test.com",
"aud": "test.com"
}
显然我在某个地方犯了错误,但我不知道错误出在哪里。如果有人能指出我的方向,那就太好了。我很高兴自己做更多研究,但我不知道从哪里开始。
以下是一些可能相关的代码部分,如果我遗漏了任何重要的内容,请告诉我:
我的 GetRequest(它有效,但我很想替换this.User.Claims.ToList()[2].Value为var userId = this.User.FindFirst(ClaimTypes.NameIdentifier).Value;)
[HttpGet]
public async Task<IActionResult> GetWorkouts()
{
try
{
_logger.LogInfo(LogMessages.AttemptMsg, ControllerContext);
var userId = this.User.Claims.ToList()[2].Value;
var workouts = await _workoutRepository.FindAllByUser(userId);
var response = _mapper.Map<IList<WorkoutDTO>>(workouts);
_logger.LogInfo(LogMessages.SuccessActionMsg,ControllerContext);
return Ok(response);
}
catch (Exception e)
{
return _logger.LogInternalErrorResult(e, ControllerContext);
}
}
UsersController -> 登录并生成令牌:
[Route("login")]
[AllowAnonymous]
[HttpPost]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status401Unauthorized)]
[ProducesResponseType(StatusCodes.Status500InternalServerError)]
public async Task<IActionResult> Login([FromBody] UserDTO userDTO)
{
try
{
var username = userDTO.EmailAddress;
var password = userDTO.Password;
_logger.LogInfo(string.Concat(LogMessages.AttemptMsg, $"With username: {username}."), ControllerContext);
var result = await _signInManager.PasswordSignInAsync(username, password, false, false);
if (result.Succeeded)
{
var user = await _userManager.FindByNameAsync(username);
var tokenstring = await GenerateJSONWebToken(user);
_logger.LogInfo(LogMessages.SuccessActionMsg, ControllerContext);
return Ok(new { token = tokenstring});
}
_logger.LogInfo(string.Concat($"{username}: ", LogMessages.NotAuthenticated), ControllerContext);
return Unauthorized(userDTO);
}
catch (Exception e)
{
return _logger.LogInternalErrorResult(e, ControllerContext);
}
}
private async Task<string> GenerateJSONWebToken(IdentityUser user)
{
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var claims = new List<Claim>
{
new Claim(JwtRegisteredClaimNames.Sub,user.Email),
new Claim(JwtRegisteredClaimNames.Jti,Guid.NewGuid().ToString()),
new Claim(ClaimTypes.NameIdentifier,user.Id)
};
var roles = await _userManager.GetRolesAsync(user);
claims.AddRange(roles.Select(r => new Claim(ClaimsIdentity.DefaultRoleClaimType, r)));
var token = new JwtSecurityToken(
_config["Jwt:Issuer"],
_config["Jwt:Issuer"],
claims,
null,
expires: DateTime.Now.AddHours(2),
signingCredentials: credentials);
return new JwtSecurityTokenHandler().WriteToken(token);
}
}
UI基础存储库
public async Task<IList<T>> Get(string url)
{
var request = new HttpRequestMessage(HttpMethod.Get, url);
var client = _client.CreateClient();
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("bearer", await GetBearerToken());
HttpResponseMessage response = await client.SendAsync(request);
if (response.StatusCode == System.Net.HttpStatusCode.OK)
{
var content = await response.Content.ReadAsStringAsync();
return JsonConvert.DeserializeObject<List<T>>(content);
}
return null;
}
private async Task<string> GetBearerToken()
{
return await _localStorage.GetItemAsync<string>("authToken");
}
API 身份验证状态提供者
public async Task LoggedIn()
{
var savedToken = await _localStorage.GetItemAsync<string>("authToken");
var tokenContent = _tokenHandler.ReadJwtToken(savedToken);
var claims = ParseClaims(tokenContent);
var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "jwt"));
var authState = Task.FromResult(new AuthenticationState(user));
NotifyAuthenticationStateChanged(authState);
}
public void LoggedOut()
{
var nobody = new ClaimsPrincipal(new ClaimsIdentity());
var authState = Task.FromResult(new AuthenticationState(nobody));
NotifyAuthenticationStateChanged(authState);
}
private static IList<Claim> ParseClaims(JwtSecurityToken tokenContent)
{
var claims = tokenContent.Claims.ToList();
claims.Add(new Claim(ClaimTypes.Name, tokenContent.Subject));
return claims;
}
以下是一些项目细节供参考:
API
Microsoft.AspNetCore.Authentication.JwtBearer 版本=“5.0.5”
Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore 版本=“5.0.5”
Microsoft.AspNetCore.Identity.EntityFrameworkCore 版本=“5.0.5”
Microsoft.AspNetCore.Identity.UI版本 =“5.0.4”
Microsoft.AspNetCore.Mvc.NewtonsoftJson 版本 =“5.0.6”
UI
Blazored.LocalStorage 版本 =“4.0.0”
Newtonsoft.Json 版本 =“13.0.1”
System.IdentityModel.Tokens.Jwt 版本=“6.11.0”
Kev*_*ith 10
在您的Startup.cs文件中,您需要更改您的ConfigureServices方法。
services.AddAuthentication(auth =>
{
auth.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
auth.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(token =>
{
// ... Your extra options
// Don't map the in bound claims.
token.MapInboundClaims = false;
});
这将保留所有进入您的 API 的声明。
| 归档时间: |
|
| 查看次数: |
2561 次 |
| 最近记录: |