1. 首頁
  2. 問答
  3. Net Core 2.0 API設置授權和認證

Net Core 2.0 API設置授權和認證

2017-08-15 49 views
3

我有一個.net核心應用程序,我已經從1.1升級到2.0。 我遇到的問題是如何設置身份驗證和授權。Net Core 2.0 API設置授權和認證

我得到當我試圖打一個API端點,這個例外...

2017年8月15日15:28:12.2191 | 13 | Microsoft.AspNetCore.Server.Kestrel | ERROR | 連接標識「0HL73T7CAJGBE」,請求標識「0HL73T7CAJGBE:00000001」:應用程序拋出了 未處理的異常。否 已指定authenticationScheme,並且沒有找到 DefaultChallengeScheme。

我控制器上有此屬性...

[授權(策略= 「Viewer3AuthPolicy」)

我startup.cs有這個方法嘗試設置應有盡有起來......

public void ConfigureServices(IServiceCollection services) 
    { 
    SetCorsPolicy(services); 

    services.AddMvc(); 

    services.AddAuthentication(o => 
    { 
     o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; 
     o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; 
    }); 

    SetAuthorisationPolicy(services); 

    services.AddAuthorization(options => 
    { 
     options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme).RequireAuthenticatedUser().Build(); 
     options.AddPolicy("Viewer3AuthPolicy", 
      policy => policy.RequireClaim(Constants.AuthPolicyClaimsName, Constants.AuthPolicyClaimsValue)); 
    }); 
}

在我Configuremethod我打電話......

app.UseAuthentication();

我想我必須有一些訂購錯誤或在設置中發出錯誤的電話。

有沒有人有任何想法?

來源

2017-08-15 Ben Cameron

+0

身份發生了變化,我希望你找到答案 – docesam

+0

我想這就是你需要:https://wildermuth.com/2017/08/19/兩種授權方案在ASP-NET-Core-2核心2.0中與核心2.0預覽有很大區別。這裏是角度作爲前端植入:https://github.com/Longfld/ASPNETcoreAngularJWT –

回答

2

_userManager.AddClaimsAsync解決方案。下面是我在ConfigureServices所做的更改的簡化版本:

services.AddAuthorization(options => {  
    options.AddPolicy("CRM", policy => { policy.RequireClaim("department", "Sales", "Customer Service", "Marketing", "Advertising", "MIS"); }); 
});

的AccountController構造:

private readonly UserManager<ApplicationUser> _userManager; 
    private readonly SignInManager<ApplicationUser> _signInManager; 
    private readonly IEmailSender _emailSender; 
    private readonly ILogger _logger; 

    private readonly MyDB_Context _context; 

    public AccountController(
     MyDB_Context context, 
     UserManager<ApplicationUser> userManager, 
     SignInManager<ApplicationUser> signInManager, 
     IEmailSender emailSender, 
     ILogger<AccountController> logger) 
    { 
     _context = context; 
     _userManager = userManager; 
     _signInManager = signInManager; 
     _emailSender = emailSender; 
     _logger = logger; 
    }

的LogIn: (VAR VUSER是我自己的類屬性名稱,部門,SingIn等 ...)。下面的示例使用自定義用戶表中的組合MYTABLEAspNetUserClaims表(從權利要求的類型和它們的值讀)(添加的權利要求):

[HttpPost] 
[AllowAnonymous] 
[ValidateAntiForgeryToken] 
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null) 
{ 
    ViewData["ReturnUrl"] = returnUrl; 
    if (ModelState.IsValid) { 
     var vUser = _context.mytable.SingleOrDefault(m => m.Email.ToUpper() == model.Email.ToUpper()); 

     const string Issuer = "https://www.mycompany.com/"; 
     var user = _userManager.Users.Where(u => u.Email == model.Email).FirstOrDefault(); 

     ApplicationUser applicationUser = await _userManager.FindByNameAsync(user.UserName); 
     IList<Claim> allClaims = await _userManager.GetClaimsAsync(applicationUser); // get all the user claims 

     // Add claim if missing 
     if (allClaims.Where(c => c.Type == "department" && c.Value == vUser.department).ToList().Count == 0) { 
      await _userManager.AddClaimAsync(user, new Claim("department", vUser.department, ClaimValueTypes.String, Issuer)); 
     } 
     // Remove all other claim values for "department" type 
     var dept = allClaims.Where(c => c.Type == "department" && c.Value != vUser.department); 
     foreach(var claim in dept) { 
      await _userManager.RemoveClaimAsync(user, new Claim("department", claim.Value, ClaimValueTypes.String, Issuer)); 
     } 

     vUser.SignIn = DateTime.Now; _context.Update(vUser); await _context.SaveChangesAsync(); 

     // This doesn't count login failures towards account lockout 
     // To enable password failures to trigger account lockout, set lockoutOnFailure: true 
     var result = await _signInManager.PasswordSignInAsync(vUser.Name, model.Password, model.RememberMe, lockoutOnFailure: false); 
     //var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false); 
     if (result.Succeeded) { 
      _logger.LogInformation("User logged in."); 
      return RedirectToLocal(returnUrl); 
     } 
     if (result.RequiresTwoFactor) { 
      return RedirectToAction(nameof(LoginWith2fa), new { returnUrl, model.RememberMe }); 
     } 
     if (result.IsLockedOut) { 
      _logger.LogWarning("User account locked out."); 
      return RedirectToAction(nameof(Lockout)); 
     } else { 
      ModelState.AddModelError(string.Empty, "Invalid login attempt."); 
      return View(model); 
     } 
    } 

    // If we got this far, something failed, redisplay form 
    return View(model); 
}

這是我在我控制器

[Authorize(Policy = "CRM")] 
public class CRMController : Controller

來源

2017-08-17 18:23:00

+0

謝謝你。我會盡快嘗試,讓你知道發生了什麼。 –

+0

_userManager是你自己的類還是.net類型? –

+0

它是.net類型,通過選擇身份驗證「個人用戶帳戶」生成。我用我的Controller構造函數更新了答案。 –

1

添加

AddJwtBearer(options => { options.RequireHttpsMetadata = false; ... });"

爲我做了詭計。

[DOTNET核心2.0]在asp.net 2.0核心

來源

2017-10-30 19:25:29

相關問題

 相關問題