我有.Net Core WebApi应用程序与身份 . 使用JWT进行授权效果很好,但在添加基于角色的授权后[Authorize(Roles =“Admin”)]抛出404.我的GenerateJwtToken方法是:

private async Task<object> GenerateJwtToken(string login, IdentityUser user)
    {
        var claims = new List<Claim>
        {
            new Claim(JwtRegisteredClaimNames.Sub, login),
            new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
            new Claim(ClaimTypes.NameIdentifier, user.Id)
        };

        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration.GetSection("JWTSettings:SecretKey").Value));
        var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

        var iss = _configuration.GetSection("JWTSettings:Issuer").Value;

        var token = new JwtSecurityToken(
            issuer: _configuration.GetSection("JWTSettings:Issuer").Value,
            audience: _configuration.GetSection("JWTSettings:Audience").Value,
            claims: claims, 
            signingCredentials: creds
            );

        return new JwtSecurityTokenHandler().WriteToken(token);
    }

Startup.cs中的ConfigureService如下所示:

public void ConfigureServices(IServiceCollection services)
    {
        services.AddDbContext<PaszoDbContext>(options =>
            options.UseSqlite("Data Source=PaszoDataBase.db"));


        services.AddIdentity<IdentityPaszoUser, IdentityRole>(o => {
            o.Password.RequireDigit = false;
            o.Password.RequiredLength = 1;
            o.Password.RequireLowercase = false;
            o.Password.RequireUppercase = false;
            o.Password.RequireNonAlphanumeric = false;

        })
            .AddEntityFrameworkStores<PaszoDbContext>()
            .AddDefaultTokenProviders();


        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); // => remove default claims
        services
            .AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;

            })
            .AddJwtBearer(options =>
            {
                options.RequireHttpsMetadata = false;
                options.SaveToken = true;
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration.GetSection("JWTSettings:SecretKey").Value)),
                    ValidateIssuer = true,
                    ValidIssuer = Configuration.GetSection("JWTSettings:Issuer").Value,
                    ValidateAudience = true,
                    ValidAudience = Configuration.GetSection("JWTSettings:Audience").Value,
                    ValidateLifetime = false,

                };
            });
        services.AddMvc();
    }

当我测试UserManager是否在控制器中重新获取有关用户和角色的信息时,它可以正常工作:

[Authorize]//(Roles = "Admin")]
    [HttpGet]
    public List<PaszoUser> GetPaszoUsers()
    {
        var user =  _userManager.GetUserAsync(HttpContext.User).Result;
        var role =_userManager.GetRolesAsync(user).Result;
        ....

要改变什么使它工作?

asp.net-identity asp.net-core-2.0 user-roles