小编jae*_*kyl的帖子

不可否认,这是建立Asp.Net Core web api项目的第一步.一个要求是支持OAuth2.Api和Identity服务器是两个独立的项目,都是从Asp.Net核心空模板开始的.

身份服务器已启动并正在运行,并且正在通过资源所有者流提供令牌.获取令牌很好,范围和相关的access_token详细信息似乎是正确的.

当我向我的资源端点发出get请求时,我首先得到以下信息......

info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 GET http://localhost:12886/v1/mystuff
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware[2]
      Successfully validated the token.
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware[3]
      HttpContext.User merged via AutomaticAuthentication from authenticationScheme: Bearer.
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware[8]
      AuthenticationScheme: Bearer was successfully authenticated.
info: IdentityModel.AspNetCore.ScopeValidation.ScopeValidationMiddleware[0]
      Scopes found on current principal: scope: stuffdetails, scope: stuffmover
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware[8]
      AuthenticationScheme: Bearer was successfully authenticated.
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[1]
      Authorization was successful for user: 939d72dd-654c-447f-a65d-d0426b1eca59.

所以,我可以告诉中间件正在验证我的令牌,读取范围以及验证令牌. 但是,在最初的成功之后,我立即获得了授权失败.

info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
      Authorization failed for user: 939d72dd-654c-447f-a65d-d0426b1eca59.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'. …

所以这是一个困扰我好几个小时的设计问题,我必须联系小组寻求帮助.我有一个包含数千个共享实体的集合,需要从两个列表中包含的三个不同属性中检索不同的管理器列表,两个管理器位于Stores列表中,一个管理器来自仓库集合.

为了简化问题,我编写了一个简单的控制台程序来突出挑战.我把它扔在一起,所以是的,我知道这是低效的,但它证明了这个问题:

    public class Program
    {
        static void Main(string[] args)
        {
            DistributionGroup d = new DistributionGroup();
            Console.WriteLine("====Store Managers====");
            foreach(Manager m in d.Stores.Select(m => m.StoreManager).Distinct())
            {
                Console.WriteLine("{0}:{1}", m.Id, m.Name);
            }

            Console.WriteLine("=====Inv. Managers=====");
            foreach (Manager m in d.Stores.Select(m => m.InventoryManager).Distinct())
            {
                Console.WriteLine("{0}:{1}", m.Id, m.Name);
            }

            Console.WriteLine("===Warehouse Managers===");
            foreach (Manager m in d.Warehouses.Select(m => m.WarehouseManager).Distinct())
            {
                Console.WriteLine("{0}:{1}", m.Id, m.Name);
            }                
        }
    }
    public class DistributionGroup
    {
        private Manager m1 = new Manager(1, "Bob Wilson");
        private Manager m2 = new Manager(2, "Chris Warren");
        private …