我们正在开发具有JWT承载认证的.Net Core 2.1 Web API.应用程序本身将生成并分发要发送到后端的令牌.
虽然我们已经启动并运行了一切,即我们可以从Angular发送持有者令牌并使用Postman进行测试,但Swagger不会发送持有者令牌.我们已经添加了Swagger配置以使用SecurityDefinition,我将发布完整的ConfigureServices方法:
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMvc();
services.AddCors(options =>
{
options.AddPolicy("AllowAllOrigins",
policy => policy.WithOrigins("*").AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod());
});
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new CorsAuthorizationFilterFactory("AllowAllOrigins"));
});
ServiceInstaller.Install(services, Configuration);
// api user claim policy
services.AddAuthorization(options =>
{
var authorizationPolicy = new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().Build();
options.AddPolicy("Bearer", authorizationPolicy);
});
// add identity
var builder = services.AddIdentityCore<AppUser>(o =>
{
// configure identity options
o.Password.RequireDigit = false;
o.Password.RequireLowercase = false;
o.Password.RequireUppercase = false;
o.Password.RequireNonAlphanumeric = false;
o.Password.RequiredLength = 6;
});
builder …