我有两个不同的 jwt auth 令牌来自我的 api 接受的两个不同的提供者,设置如下:
services.AddAuthentication()
.AddJwtBearer("auth provider1", options =>
{
options.Audience = authSettings.Audience1;
options.Authority = authSettings.Authority1;
options.ClaimsIssuer = authSettings.Issuer1;
})
.AddJwtBearer("auth provider2", options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ClockSkew = TimeSpan.FromMinutes(5),
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authSettings.SymmetricKey)),
RequireSignedTokens = true,
RequireExpirationTime = true,
ValidateLifetime = true,
ValidateAudience = true,
ValidAudience = authSettings.Audience2,
ValidateIssuer = true,
ValidIssuer = authSettings.Issuer2
};
});
这些身份验证提供程序可以访问不同的 API,因此当访问令牌尝试访问 API 时,不允许我抛出 403。我通过以下策略设置来完成此操作
services.AddAuthorization(options =>
{
// Blocks auth provider 2 tokens by returning 403 because …c# authentication bearer-token asp.net-core-mvc asp.net-core-webapi