AddJwtBearer + AddAzureADBearer不能协同工作
AddJwtBearer + AddAzureADBearer不能协同工作
提问于 2020-03-26 20:59:59
我正在编写一个身份验证部分(JWTCore2.1),它可以使用来自服务提供商的.Net或来自AzureAD的令牌。我已经编写了以下测试以了解所需的内容,但似乎在我使用Postman测试并通过持有者令牌发送时,似乎总是命中第一个身份验证提供者。
我在两个持有者提供程序事件上都设置了一个断点,如果我使用持有者令牌调用值控制器,即使我指定使用AuthenticationScheme "second“,它也会命中”第一个“事件。
Startup.cs
services.AddAuthentication("first")
.AddJwtBearer("first", options =>
{
options.Authority = "https://123";
options.TokenValidationParameters =
new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = true,
ValidAudiences = new[] { "123" }
};
options.Events = new JwtBearerEvents
{
OnTokenValidated = context =>
{
var accesToken = context.SecurityToken;
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
var accessToken = context.Principal;
return Task.CompletedTask;
},
};
})
.AddAzureADBearer("second",
AzureADDefaults.JwtBearerAuthenticationScheme,
options => Configuration.Bind("AzureAd", options));
// Added
services.Configure<JwtBearerOptions>(AzureADDefaults.JwtBearerAuthenticationScheme,
options =>
{
//Configuration.Bind("AzureAd", options);
//options.Authority += "/v2.0";
options.TokenValidationParameters.ValidAudiences = new[] { options.Audience, $"api://{options.Audience}" };
options.TokenValidationParameters.ValidateIssuer = true;
options.IncludeErrorDetails = true;
options.TokenValidationParameters.ValidateLifetime = false;
options.Events = new JwtBearerEvents
{
OnTokenValidated = context =>
{
var accesToken = context.SecurityToken;
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
var accessToken = context.Principal;
return Task.CompletedTask;
}
};
});ValuesController.cs
[Route("api/[controller]")]
[ApiController]
[Authorize(AuthenticationSchemes = "second")]
public class ValuesController : ControllerBase
{
// GET api/values
[HttpGet]
public ActionResult<IEnumerable<string>> Get()
{
return new string[] { "value1", "value2" };
}
}任何帮助都将不胜感激。
回答 1
Stack Overflow用户
发布于 2020-03-26 22:46:05
尝试使用策略启用AuthenticationSchemes
我们使用类似这样的代码(没有尝试运行代码)
services
.AddPolicyScheme("first", "First policy selector", options =>
{
options.ForwardDefaultSelector = context =>
{
return "first"
};
})
.AddPolicyScheme("second", "Second policy selector", options =>
{
options.ForwardDefaultSelector = context =>
{
return "second"
};
})
.AddAuthentication("first")
.AddJwtBearer("first", options =>
{
options.Authority = "https://123";
options.TokenValidationParameters =
new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = true,
ValidAudiences = new[] { "123" }
};
options.Events = new JwtBearerEvents
{
OnTokenValidated = context =>
{
var accesToken = context.SecurityToken;
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
var accessToken = context.Principal;
return Task.CompletedTask;
},
};
})
.AddAzureADBearer("second",
AzureADDefaults.JwtBearerAuthenticationScheme,
options => Configuration.Bind("AzureAd", options));
// Added
services.Configure<JwtBearerOptions>(AzureADDefaults.JwtBearerAuthenticationScheme,
options =>
{
//Configuration.Bind("AzureAd", options);
//options.Authority += "/v2.0";
options.TokenValidationParameters.ValidAudiences = new[] { options.Audience, $"api://{options.Audience}" };
options.TokenValidationParameters.ValidateIssuer = true;
options.IncludeErrorDetails = true;
options.TokenValidationParameters.ValidateLifetime = false;
options.Events = new JwtBearerEvents
{
OnTokenValidated = context =>
{
var accesToken = context.SecurityToken;
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
var accessToken = context.Principal;
return Task.CompletedTask;
}
};
});页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/60867864
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号