Core 2.0 API Auth with JWT returns unauthorized

£可爱£侵袭症+ 提交于 2020-01-04 15:54:52

问题


I'm trying to add Token Authentication with JWT to my .Net Core 2.0 app. I have a simple controller that returns a list of users for testing.

[Authorize]
[Route("api/[controller]")]
public class UsersController : Controller
{
    ...

    [HttpGet]
    [Route("api/Users/GetUsers")]
    public IEnumerable<ApplicationUser> GetUsers()
    {
        return _userManager.Users;
    }


}

I have an API Controller for Token security. It has a login method which returns a Token string result.

    [HttpPost(nameof(Login))]
    public async Task<IActionResult> Login([FromBody] LoginResource resource)
    {
        if (resource == null)
            return BadRequest("Login resource must be asssigned");

        var user = await _userManager.FindByEmailAsync(resource.Email);

        if (user == null || (!(await _signInManager.PasswordSignInAsync(user, resource.Password, false, false)).Succeeded))
            return BadRequest("Invalid credentials");

        string result = GenerateToken(user.UserName, resource.Email);

        // Token is created, we can sign out
        await _signInManager.SignOutAsync();

        return Ok(result);
    }

    private string GenerateToken(string username, string email)
    {
        var claims = new Claim[]
        {
            new Claim(ClaimTypes.Name, username),
            new Claim(ClaimTypes.Email, email),
            new Claim(JwtRegisteredClaimNames.Nbf, new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds().ToString()),
            new Claim(JwtRegisteredClaimNames.Exp, new DateTimeOffset(DateTime.Now.AddDays(1)).ToUnixTimeSeconds().ToString()),
        };

        var token = new JwtSecurityToken(
            new JwtHeader(new SigningCredentials(
                new SymmetricSecurityKey(Encoding.UTF8.GetBytes("the secret that needs to be at least 16 characeters long for HmacSha256")),
                                         SecurityAlgorithms.HmacSha256)),
            new JwtPayload(claims));

        return new JwtSecurityTokenHandler().WriteToken(token);
    }

I have a small console app just for testing the API. When I attempt to Get the Users using the jwt. I receive an immediate "unauthorized". If I remove the "[Authorize]" from the users Controller... success. It appears that my header Authorization is not recognized, but not sure why.

    private static async Task<String> GetUsers(String jwt)
    {
        var url = "https://localhost:44300/";
        var apiUrl = $"/api/Users/";

        using (var client = new HttpClient() { BaseAddress = new Uri(url) })
        {
            client.BaseAddress = new Uri(url);
            client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
            client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwt}");

            using (var response = await client.GetAsync(apiUrl))
            {
                if (response.StatusCode == System.Net.HttpStatusCode.OK)
                    return await response.Content.ReadAsStringAsync();

                else return null;
            }
        }
    }

I'm basing my attempts on the article here ... some of which might be slightly out of date.

Update - Excerpt of Startup.cs

        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = "Jwt";
            options.DefaultChallengeScheme = "Jwt";
        }).AddJwtBearer("Jwt", options =>
        {
            options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateAudience = false,
                //ValidAudience = "the audience you want to validate",
                ValidateIssuer = false,
                //ValidIssuer = "the isser you want to validate",

                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("the secret that needs to be at least 16 characeters long for HmacSha256")),

                ValidateLifetime = true, //validate the expiration and not before values in the token

                ClockSkew = TimeSpan.FromMinutes(5) //5 minute tolerance for the expiration date
            };
        });

Configure...

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseBrowserLink();
            app.UseDeveloperExceptionPage();
            app.UseDatabaseErrorPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
        }

        app.UseStaticFiles();

        app.UseAuthentication();

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=Index}/{id?}");
        });

        //app.UseJwtBearerAuthentication(
        //    new Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions
        //    );


    }

Solution:

This line was escaping the token therefore causing it to be invalid when passed in the next request:

var result = await response.Content.ReadAsStringAsync();

Replaced with:

var result = await response.Content.ReadAsAsync<string>();

Note: To use this ext method I had to "install-package Microsoft.AspNet.WebApi.Client"


回答1:


I used JWT authentication in my one of project. I would like to show my implementation, maybe this will help you. But probably you forget to add UseAuthentication(); into configure method in startup class.

startup.cs

    public void Configure(IApplicationBuilder app)
    {
        app.UseAuthentication();
        app.UseMvc();
    }

    public void ConfigureServices(IServiceCollection services)
    {
        var appSettings = Configuration.GetSection("AppSettings");

        services.AddAuthentication(options =>
                                   {
                                       options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                                       options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                                   }
                                  )
                .AddJwtBearer(options =>
                {
                    options.TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateAudience = true,
                        ValidAudience = appSettings["JwtAudience"],
                        ValidateIssuer = true,
                        ValidIssuer = appSettings["JwtIssuer"],
                        ValidateLifetime = true,
                        ValidateIssuerSigningKey = true,
                        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(appSettings["JwtSigningKey"]))
                    };
                });
    }

generateToken method

    private string GenerateToken(string email)
    {
        SecurityKey securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_appSettings.Value.JwtSigningKey));

        var token = new JwtSecurityToken(
                                         issuer: _appSettings.Value.JwtIssuer,
                                         audience: _appSettings.Value.JwtAudience,
                                         claims: new[]
                                         {
                                             new Claim(JwtRegisteredClaimNames.UniqueName, email),
                                             new Claim(JwtRegisteredClaimNames.Email, email),
                                             new Claim(JwtRegisteredClaimNames.NameId, Guid.NewGuid().ToString())
                                         },
                                         expires: DateTime.Now.AddMinutes(_appSettings.Value.JwtExpireMinute),
                                         signingCredentials: new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256)
                                        );

        return new JwtSecurityTokenHandler().WriteToken(token);
    }



回答2:


I had created a nuget package NetCore.Jwt to simplify this process recently. I didn't find it worth writing all the code each time you needed a Jwt, when you can handle cookies simply with the function SignInAsync. However, if you prefer the manual way, Celal's answer is a clear and straightforward guide for this process.

Alternatively, you can install NetCore.Jwt and use the following in your startup:

services.AddAuthentication(NetCoreJwtDefaults.SchemeName)
    .AddNetCoreJwt(options => 
        {
            // configure your token options such as secret, expiry, and issuer here
        });

In your Login function, you can use the extension function for HttpContext

string token = HttpContext.GenerateBearerToken( new Claim[]
    {
        new Claim(ClaimTypes.Name, username),
        new Claim(ClaimTypes.Email, email),
        new Claim(JwtRegisteredClaimNames.Nbf, new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds().ToString()),
        new Claim(JwtRegisteredClaimNames.Exp, new DateTimeOffset(DateTime.Now.AddDays(1)).ToUnixTimeSeconds().ToString()),
    });


来源:https://stackoverflow.com/questions/51407688/core-2-0-api-auth-with-jwt-returns-unauthorized

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!