1. 首頁
  2. 問答
  3. 與UseJwtBearerAuthentication

與UseJwtBearerAuthentication

2016-01-21 37 views
4

目的options.AutomaticAuthenticate從ASP 5的β7更新代碼庫RC1-最終後,我開始從JwtBearer中間件接收到該異常與UseJwtBearerAuthentication

Unable to cast object of type 'Newtonsoft.Json.Linq.JArray' to type 'System.IConvertible'.

我可以迄今看到的決定因素似乎成爲選項的設置。自動驗證。如果是true,那麼我會得到異常,否則我不會。

什麼是AutomaticAuthenticate,爲什麼需要啓用它?

app.UseJwtBearerAuthentication(options => 
    { 
     options.AutomaticAuthenticate = true; 
    }

以下是完整的堆棧跟蹤:上根本原因

我們的代碼庫中創建NBF,EXP和IAT重複索賠

at System.Convert.ToInt32(Object value, IFormatProvider provider) 
    at System.IdentityModel.Tokens.Jwt.JwtPayload.GetIntClaim(String claimType) 
    at System.IdentityModel.Tokens.Jwt.JwtPayload.get_Nbf() 
    at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) 
    at Microsoft.AspNet.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
    at Microsoft.AspNet.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) 
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
    at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() 
    at Microsoft.AspNet.Authentication.AuthenticationHandler`1.<InitializeAsync>d__48.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) 
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
    at System.Runtime.CompilerServices.TaskAwaiter.GetResult() 
    at Microsoft.AspNet.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) 
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
    at System.Runtime.CompilerServices.TaskAwaiter.GetResult() 
    at Api.Startup.<<Configure>b__9_0>d.MoveNext() in ...\Startup.cs:line 156

更新。這解釋了爲什麼get_Nbf處於堆棧跟蹤以及關於「JArray」的投訴,因爲每個值都是數組而不是值。

來源

2016-01-21 Ken

+0

有這個完全相同的問題。我們明確地注入了nbf,exp和iat聲明,並且庫注入了另一個集合,所以它開始拋出錯誤。它應該真的檢查,看看他們是否已經在那裏:( –

回答

6

如果設置爲true,那麼中間件將在每個入站請求上運行,查找JWT令牌,如果存在JWT令牌,則驗證它,如果有效,則從中創建標識並將其添加到當前用戶。

如果它的false沒有發生,並且您需要通過在授權屬性中指定承載方案來請求中間件來設置標識。

[Authorize(AuthenticationSchemes = "YourBearerSchemeName")]

或者您在政策中設置此項;

options.AddPolicy("RequireBearer", policy => 
{ 
    policy.AuthenticationSchemes.Add("YourBearerSchemeName"); 
    policy.RequireAuthenticatedUser(); 

});

因此,通過將其設置爲false,你實際上並沒有運行承載的東西,直到你問它,你只把異常關閉,直到後來。

來源

2016-01-21 12:11:58 blowdart

+0

謝謝,這回答我的原始問題。猜猜我卡住了,是什麼改變了beta7和rc1之間的原因呢?究竟是什麼被驗證?堆棧跟蹤顯示它試圖將某些東西轉換爲int32。假設我可以嘗試通過JwtBeader源中的單元測試進行重現... – Ken

+0

@Ken看起來像您的JWT令牌格式不正確任何機會都可以共享它 – Pinpoint

+0

這是我的初始但是,JwtSecurityTokenHandler.ReadJwtToken()讀取令牌字符串就好了,它會崩潰,我會嘗試創建一個最小化的repro解決方案 – Ken

相關問題

 相關問題