dotnet核心IdentityModel将不自省第三方IDaaS发行的令牌。

Question

概述

我有一个dotnet核心web服务(即dotnet新的webapi)，我想用第三方IDaaS服务发出的引用令牌来保护它。我添加了IdentityModel.AspNetCore.OAuth2Introspection库以及ConfigureServices中必需的附加代码：

public void ConfigureServices(IServiceCollection services)
{
    services.AddControllers();
       
    services.AddAuthentication(OAuth2IntrospectionDefaults.AuthenticationScheme)
            .AddOAuth2Introspection(options =>
            {
                options.ClientId = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx";
                options.ClientSecret = "xxxxxxx";
                options.IntrospectionEndpoint = "https://demo.verify.ibm.com/v1.0/endpoint/default/introspect";
            });       
}

无论我做什么，我都会不断地得到来自WebAPI的401个未经授权的回应。事实上，我甚至没有看到web正在扩展到IDaaS来验证Bearer令牌。

下面是HTTP跟踪：

GET /WeatherForecast HTTP/1.1
> Host: localhost:5001
> User-Agent: insomnia/2021.5.3
> Cookie: PD-S-SESSION-ID=1_2_1_K7PE6XKeEDKOkwioWpJxhxT8-Gdkz3TDgKXHgRIzMCKnQxYJ
> Authorization: Bearer **REMOVED**
> Accept: */*

* Mark bundle as not supporting multiuse

< HTTP/1.1 401 Unauthorized
< Date: Thu, 21 Oct 2021 17:15:14 GMT
< Server: Kestrel
< Content-Length: 0


* Connection #47 to host localhost left intact

针对以下端点：

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;

namespace API.Controllers
{
    [ApiController]
    [Route("[controller]")]
    public class WeatherForecastController : ControllerBase
    {
        private static readonly string[] Summaries = new[]
        {
            "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
        };

        private readonly ILogger<WeatherForecastController> _logger;

        public WeatherForecastController(ILogger<WeatherForecastController> logger)
        {
            _logger = logger;
        }

        [HttpGet]
        [Authorize]
        public IEnumerable<WeatherForecast> Get()
        {
            

            var rng = new Random();
            return Enumerable.Range(1, 5).Select(index => new WeatherForecast
            {
                Date = DateTime.Now.AddDays(index),
                TemperatureC = rng.Next(-20, 55),
                Summary = Summaries[rng.Next(Summaries.Length)]
            })
            .ToArray();
        }
    }
}

我想知道是否有人有做我想做的事的经验？如有任何建议，将不胜感激。

Answer 1

问题是由于缺少管道的app.UseAuthentication();中间件注册。