我已经在asp核心2中尝试了一些授权示例,其中包含jwt令牌和asp核心身份 . 我已经按照这个代码https://github.com/SunilAnthony/SimpleSecureAPI,它工作正常 .
问题是基于角色的授权 . 我试过这样的事情:http://www.jerriepelser.com/blog/using-roles-with-the-jwt-middleware/
结果很奇怪 . 我的控制器方法:
[HttpGet]
[Authorize]
public IActionResult Get()
{
IEnumerable<Claim> claims = User.Claims; // contains claim with Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" and Value = "Administrator"
bool role = User.IsInRole("Administrator"); // true
bool claim = User.HasClaim(ClaimTypes.Role, "Administrator"); // true
return Ok(claims);
}
当我使用属性 [Authorize] 调用此 endpoints 并在当前用户的代码中检查角色/声明时,它似乎很好(两个检查都是真的),但是当我将我的授权属性更改为 [Authorize(Roles = "Administrator")] 时它不起作用 - > when I call this endpoint with this attribute I will receive 404 . 我不知道问题出在哪里 . 我的启动类与上面的git链接完全相同,我刚刚在"roles"数组中的access_token的有效负载中添加了字符串角色名称列表:
它是硬编码但我改变了我的登录方法只是为了测试这样:
[HttpPost("login")]
public async Task<IActionResult> SignIn([FromBody] Credentials Credentials)
{
if (ModelState.IsValid)
{
var result = await _signInManager.PasswordSignInAsync(Credentials.Email, Credentials.Password, false, false);
if (result.Succeeded)
{
IdentityUser user = await _userManager.FindByEmailAsync(Credentials.Email);
List<string> roles = new List<string>();
roles.Add("Administrator");
return new JsonResult(new Dictionary<string, object>
{
{ "access_token", GetAccessToken(Credentials.Email, roles) },
{ "username", user.Email },
{ "expired_on", DateTime.UtcNow.AddMinutes(_tokenLength) },
{ "id_token", GetIdToken(user) }
});
}
return new JsonResult("Unable to sign in") { StatusCode = 401 };
}
return new JsonResult("Unable to sign in") { StatusCode = 401 };
}
并且 GetAccessTokenMethod :
private string GetAccessToken(string Email, List<string> roles)
{
var payload = new Dictionary<string, object>
{
{ "sub", Email },
{ "email", Email },
{ "roles", roles },
};
return GetToken(payload);
}
[Authorize(Roles = "Administrator")] 属性的问题在哪里?