ASP.NET Core 5 Web API returns 404 代码而不是 401 用户未经身份验证时
ASP.NET Core 5 Web API returns 404 code instead of 401 when the user is unauthenticated
我有一个基于 ASP.NET 5 框架和 Swagger UI 编写的 Web API。
当用户向任何端点发出经过身份验证的请求时,我收到 404“就像框架将用户重定向到不存在的页面一样!”如果框架由于未经授权的请求而自动重定向请求,我想将该行为更改为 return 401 json 响应。如果没有,我如何将响应代码从 404 更改为 401 作为 JSON 响应?
这是 Startup class 的样子
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddSwaggerGen(swagger =>
{
swagger.SwaggerDoc("v1", new OpenApiInfo
{
Version = "v1",
Title = "Student Athlete Wellness Tracker API",
Description = "API to provide data for the Student Athlete Wellness Trackers",
});
swagger.AddSecurityDefinition("basic", new OpenApiSecurityScheme()
{
Name = "Authorization",
Type = SecuritySchemeType.Http,
Scheme = "basic",
In = ParameterLocation.Header,
Description = "Basic Authorization header using the Bearer scheme.",
});
swagger.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "basic"
}
},
Array.Empty<string>()
}
});
});
services.AddAuthentication("BasicAuthentication")
.AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/error");
app.UseHsts();
}
app.UseSwagger();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "Student Athlete Wellness Trackers - v1"));
app.UseCors(x => x.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
我运行在同一期。
我添加了第二个选项行并解决了问题。
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
可以阅读官方文档了解更多:https://docs.microsoft.com/en-us/aspnet/core/security/authentication/?view=aspnetcore-5.0
例子:
为了解决这个问题,我改变了
services.AddAuthentication("BasicAuthentication")
.AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);
至
services.AddAuthentication(opts =>
{
opts.DefaultAuthenticateScheme = "BasicAuthentication";
opts.DefaultChallengeScheme = "BasicAuthentication";
opts.DefaultScheme = "BasicAuthentication";
opts.AddScheme<BasicAuthenticationHandler>("BasicAuthentication", null);
});
我有一个基于 ASP.NET 5 框架和 Swagger UI 编写的 Web API。
当用户向任何端点发出经过身份验证的请求时,我收到 404“就像框架将用户重定向到不存在的页面一样!”如果框架由于未经授权的请求而自动重定向请求,我想将该行为更改为 return 401 json 响应。如果没有,我如何将响应代码从 404 更改为 401 作为 JSON 响应?
这是 Startup class 的样子
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddSwaggerGen(swagger =>
{
swagger.SwaggerDoc("v1", new OpenApiInfo
{
Version = "v1",
Title = "Student Athlete Wellness Tracker API",
Description = "API to provide data for the Student Athlete Wellness Trackers",
});
swagger.AddSecurityDefinition("basic", new OpenApiSecurityScheme()
{
Name = "Authorization",
Type = SecuritySchemeType.Http,
Scheme = "basic",
In = ParameterLocation.Header,
Description = "Basic Authorization header using the Bearer scheme.",
});
swagger.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "basic"
}
},
Array.Empty<string>()
}
});
});
services.AddAuthentication("BasicAuthentication")
.AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/error");
app.UseHsts();
}
app.UseSwagger();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "Student Athlete Wellness Trackers - v1"));
app.UseCors(x => x.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
我运行在同一期。
我添加了第二个选项行并解决了问题。
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
可以阅读官方文档了解更多:https://docs.microsoft.com/en-us/aspnet/core/security/authentication/?view=aspnetcore-5.0
例子:
为了解决这个问题,我改变了
services.AddAuthentication("BasicAuthentication")
.AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);
至
services.AddAuthentication(opts =>
{
opts.DefaultAuthenticateScheme = "BasicAuthentication";
opts.DefaultChallengeScheme = "BasicAuthentication";
opts.DefaultScheme = "BasicAuthentication";
opts.AddScheme<BasicAuthenticationHandler>("BasicAuthentication", null);
});