IdentityServer4 的 JWT 授权
JWT Authorization with IdentityServer4
我在使用 JWT 令牌的邮递员中收到授权错误。请查看以下详细信息
身份服务器中的代码
services.AddIdentityServer() .AddAspNetIdentity() .AddConfigurationStore(options => { options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, opt => opt.MigrationsAssembly(migrationAssembly ))); }) .AddOperationalStore(options => { options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, opt => opt.MigrationsAssembly(migrationAssembly)); }) .AddSigningCredential(certificate);
API
中的代码
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(选项 => { options.Authority = "localhost:44339"; });
生成的令牌是:
eyJhbGciOiJSUzI1NiIsImtpZCI6IjgyRTlFNTUwRkY4MTM2ODRDRDRFRjNEQ0MyMzVBMjQyMTZFNkU1Q0NSUzI1NiIsInR5cCI6ImF0K2p3dCIsIng1dCI6Imd1bmxVUC1CTm9UTlR2UGN3aldpUWhibTVjdyJ9.eyJuYmYiOjE2NDEwNjMzMTYsImV4cCI6MTY0MTA2NjkxNiwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzMzkiLCJhdWQiOiJwb2xpY3lzZXJ2aWNlIiwiY2xpZW50X2lkIjoieWNvbXBhbnlhbmd1bGFyY2xpZW50Iiwic3ViIjoiYzk2OTNjMTUtYzU4OS00OGE4LThjMDctYjE1ODQzODMwNjMzIiwiYXV0aF90aW1lIjoxNjQxMDYzMjkwLCJpZHAiOiJsb2NhbCIsIlVzZXJJRCI6ImM5NjkzYzE1LWM1ODktNDhhOC04YzA3LWIxNTg0MzgzMDYzMyIsIlJvbGUiOiJBZG1pbiIsImp0aSI6IjYxRTU1RTg2OTZGMURDRUE2QjJFNUNDREUyMjgwQzkwIiwiaWF0IjoxNjQxMDYzMzE2LCJzY29wZSI6WyJwb2xpY3lzZXJ2aWNlc2NvcGUiXSwiYW1yIjpbInB3ZCJdfQ.e8Uj7P6RCv0ZY0Fg-xeZT558uCJhyyvY0SbOsiFNSJYeDxJ42jK4b_pOG90kMRKHI_ENIbMllHizbAOWetJhWxFLzApP_qCmvKIs1CJNiE8g5B9XH5l3lWsmIDnfgVLu98KLjKOg7F0gVMVyq4NooNVD1DKcmflddBHzGtN4QD3kzOhHPcL4EeJHq7dxL_y6t-AUYD4oDeAf_kGtv-XLaVIyyahqUdJykEguG8GG7A0RKzHSlVSFsBQzMoBSsp-KvhAutKcfK53bACgZLQ2jlMBFLSofCuCBdwrStKFss6yPtq2qQqhh-bOa22bgGlcF_wjzlvHUO96CDHkLKOz-9A
它也包含角色。
API 控制器的代码
[HttpGet(Name = "GetWeatherForecast")]
[Authorize(Roles ="Admin")]
public IEnumerable<WeatherForecast> Get()
{
return Enumerable.Range(1, 5).Select(index => new WeatherForecast
{
Date = DateTime.Now.AddDays(index),
TemperatureC = Random.Shared.Next(-20, 55),
Summary = Summaries[Random.Shared.Next(Summaries.Length)]
})
.ToArray();
}
其实我得到了答案。
我把new Claim("Role","Admin")改成了new Claim(ClaimTypes.Role, "Admin")
我在使用 JWT 令牌的邮递员中收到授权错误。请查看以下详细信息
身份服务器中的代码
services.AddIdentityServer() .AddAspNetIdentity() .AddConfigurationStore(options => { options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, opt => opt.MigrationsAssembly(migrationAssembly ))); }) .AddOperationalStore(options => { options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, opt => opt.MigrationsAssembly(migrationAssembly)); }) .AddSigningCredential(certificate);
API
中的代码builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(选项 => { options.Authority = "localhost:44339"; });
生成的令牌是:
eyJhbGciOiJSUzI1NiIsImtpZCI6IjgyRTlFNTUwRkY4MTM2ODRDRDRFRjNEQ0MyMzVBMjQyMTZFNkU1Q0NSUzI1NiIsInR5cCI6ImF0K2p3dCIsIng1dCI6Imd1bmxVUC1CTm9UTlR2UGN3aldpUWhibTVjdyJ9.eyJuYmYiOjE2NDEwNjMzMTYsImV4cCI6MTY0MTA2NjkxNiwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzMzkiLCJhdWQiOiJwb2xpY3lzZXJ2aWNlIiwiY2xpZW50X2lkIjoieWNvbXBhbnlhbmd1bGFyY2xpZW50Iiwic3ViIjoiYzk2OTNjMTUtYzU4OS00OGE4LThjMDctYjE1ODQzODMwNjMzIiwiYXV0aF90aW1lIjoxNjQxMDYzMjkwLCJpZHAiOiJsb2NhbCIsIlVzZXJJRCI6ImM5NjkzYzE1LWM1ODktNDhhOC04YzA3LWIxNTg0MzgzMDYzMyIsIlJvbGUiOiJBZG1pbiIsImp0aSI6IjYxRTU1RTg2OTZGMURDRUE2QjJFNUNDREUyMjgwQzkwIiwiaWF0IjoxNjQxMDYzMzE2LCJzY29wZSI6WyJwb2xpY3lzZXJ2aWNlc2NvcGUiXSwiYW1yIjpbInB3ZCJdfQ.e8Uj7P6RCv0ZY0Fg-xeZT558uCJhyyvY0SbOsiFNSJYeDxJ42jK4b_pOG90kMRKHI_ENIbMllHizbAOWetJhWxFLzApP_qCmvKIs1CJNiE8g5B9XH5l3lWsmIDnfgVLu98KLjKOg7F0gVMVyq4NooNVD1DKcmflddBHzGtN4QD3kzOhHPcL4EeJHq7dxL_y6t-AUYD4oDeAf_kGtv-XLaVIyyahqUdJykEguG8GG7A0RKzHSlVSFsBQzMoBSsp-KvhAutKcfK53bACgZLQ2jlMBFLSofCuCBdwrStKFss6yPtq2qQqhh-bOa22bgGlcF_wjzlvHUO96CDHkLKOz-9A
它也包含角色。
API 控制器的代码
[HttpGet(Name = "GetWeatherForecast")]
[Authorize(Roles ="Admin")]
public IEnumerable<WeatherForecast> Get()
{
return Enumerable.Range(1, 5).Select(index => new WeatherForecast
{
Date = DateTime.Now.AddDays(index),
TemperatureC = Random.Shared.Next(-20, 55),
Summary = Summaries[Random.Shared.Next(Summaries.Length)]
})
.ToArray();
}
其实我得到了答案。
我把new Claim("Role","Admin")改成了new Claim(ClaimTypes.Role, "Admin")