如何在 asp.net 核心 Web API 启动 class 中配置 JWT 身份验证和 Microsoft 身份验证
how to configure JWT authentication and Microsoft Authentication in asp.net core Web API startup class
我想在 asp.net 核心网络 API 启动 class 中同时配置 JWT 身份验证和 Microsoft 身份验证。当我使用下面的代码时,它显示 scheme already exist bearer error.
public void ConfigureServices(IServiceCollection 服务)
{
services.AddControllers().AddNewtonsoftJson();
var jwtTokenConfig = Configuration.GetSection("JwtToken").Get<JwtConfiguration>();
var scope = "api://4590ab01-d5b1-42af-ab22-5ad0215ad3b4";
var audience = new List<string>
{
$"{scope}"
};
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = true;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = jwtTokenConfig.Issuer,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtTokenConfig.Secret)),
ValidAudience = jwtTokenConfig.Audience,
ValidateAudience = true,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(1)
};
})
.AddJwtBearer("AzureAd", options =>
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidAudiences = audience,
ValidIssuers = new List<string>
{
$"https://sts.windows.net/eb971100-6f99-4bdc-8611-1bc8edd7f436",
$"https://sts.windows.net/eb971100-6f99-4bdc-8611-1bc8edd7f436/v2.0"
}
})
.AddMicrosoftIdentityWebApi(Configuration);
services.AddAuthorization(options =>
{
var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(
JwtBearerDefaults.AuthenticationScheme, "AzureAd");
defaultAuthorizationPolicyBuilder = defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});
这里是asp.net核心应用中JWT Auth的设置和配置。
services.AddAuthorization(options =>
{
options.AddPolicy(RoleStrings.Admin, policy => policy.RequireRole(RoleStrings.Admin));
});
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(configuration.GetSection("JWT:SecretKey").Value)),
ValidateIssuer = false,
ValidateAudience = false,
RequireExpirationTime = false,
ValidateLifetime = true
};
});
您在 services.AddAuthentication() 中添加 AddJwtBearer() 和 AddMicrosoftIdentityWebApi()。查看AddMicrosoftIdentityWebApi()的源代码,你会发现它有一个参数string jwtBearerScheme = "Bearer"。如果不改,会和AddJwtBearer()冲突,所以你只需要给它起一个新的名字:
.AddMicrosoftIdentityWebApi(Configuration, "AzureAd", "{new name}"); 它将正常工作。
“AzureAd”为默认值,无需更改。
我想在 asp.net 核心网络 API 启动 class 中同时配置 JWT 身份验证和 Microsoft 身份验证。当我使用下面的代码时,它显示 scheme already exist bearer error.
public void ConfigureServices(IServiceCollection 服务) { services.AddControllers().AddNewtonsoftJson();
var jwtTokenConfig = Configuration.GetSection("JwtToken").Get<JwtConfiguration>();
var scope = "api://4590ab01-d5b1-42af-ab22-5ad0215ad3b4";
var audience = new List<string>
{
$"{scope}"
};
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = true;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = jwtTokenConfig.Issuer,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtTokenConfig.Secret)),
ValidAudience = jwtTokenConfig.Audience,
ValidateAudience = true,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(1)
};
})
.AddJwtBearer("AzureAd", options =>
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidAudiences = audience,
ValidIssuers = new List<string>
{
$"https://sts.windows.net/eb971100-6f99-4bdc-8611-1bc8edd7f436",
$"https://sts.windows.net/eb971100-6f99-4bdc-8611-1bc8edd7f436/v2.0"
}
})
.AddMicrosoftIdentityWebApi(Configuration);
services.AddAuthorization(options =>
{
var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(
JwtBearerDefaults.AuthenticationScheme, "AzureAd");
defaultAuthorizationPolicyBuilder = defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});
这里是asp.net核心应用中JWT Auth的设置和配置。
services.AddAuthorization(options =>
{
options.AddPolicy(RoleStrings.Admin, policy => policy.RequireRole(RoleStrings.Admin));
});
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(configuration.GetSection("JWT:SecretKey").Value)),
ValidateIssuer = false,
ValidateAudience = false,
RequireExpirationTime = false,
ValidateLifetime = true
};
});
您在 services.AddAuthentication() 中添加 AddJwtBearer() 和 AddMicrosoftIdentityWebApi()。查看AddMicrosoftIdentityWebApi()的源代码,你会发现它有一个参数string jwtBearerScheme = "Bearer"。如果不改,会和AddJwtBearer()冲突,所以你只需要给它起一个新的名字:
.AddMicrosoftIdentityWebApi(Configuration, "AzureAd", "{new name}"); 它将正常工作。
“AzureAd”为默认值,无需更改。