针对Asp.net Web API的JWT承载认证问题2

2018-06-07 07:22:16

我试图通过OWIN中间件使用JWT承载认证来保护我的web api服务。

我能够生成令牌，但是如何验证它们时会被拒绝，并且服务正在发出401错误 。

这是我的代码：

启动类：

[assembly: OwinStartupAttribute(typeof(RetailerAPI.App_Start.Startup))]
namespace RetailerAPI.App_Start
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            ConfigureOAuthTokenConsumption(app);
        }

        private void ConfigureOAuthTokenConsumption(IAppBuilder app)
        {

            app.UseJwtBearerAuthentication(
              new JwtBearerAuthenticationOptions
              {
                  AllowedAudiences = new[] { "RetailerClient" },


                  TokenValidationParameters = new TokenValidationParameters
                  {
                      ValidateLifetime = false,
                      ValidateAudience = false,
                      RequireExpirationTime = false,
                      IssuerSigningKey = new InMemorySymmetricSecurityKey(Encoding.UTF8.GetBytes("Very secure key for testing purpose"))


                  },


              }
            );
        }

    }
}

控制器代码

    [HttpPost]
    [Route("")]
    public IHttpActionResult Post([FromBody] CredentialModel model)
    {
        try
        {
            if(!ModelState.IsValid)
            {
                return BadRequest("Bad request.Username and Password required");
            }

            if(model.UserName.Equals("user",StringComparison.InvariantCultureIgnoreCase)&&model.Password.Equals("password"))
            {

                var claims = BuildClaims (model);
                var signingCredentials = GenerateSignInCredentials();
                var tokenProperties = BuildTokenProperties(claims, signingCredentials);

                return Ok(new
                {
                    token=new JwtSecurityTokenHandler().WriteToken(tokenProperties),
                    expirationTime= tokenProperties.ValidTo
                });
            }
            else
            {
                return BadRequest("Invalid user name and psssword");
            }
        }
        catch(Exception ex)
        {
            return BadRequest(ex.Message);
        }
    }


    private  SigningCredentials GenerateSignInCredentials()
    {
        var key = new InMemorySymmetricSecurityKey(Encoding.UTF8.GetBytes("Very secure key for testing purpose"));

        var SigningCredentials = new SigningCredentials(
            key,
            "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256",
            "http://www.w3.org/2001/04/xmlenc#sha256");

        return SigningCredentials;
    }

    private JwtSecurityToken BuildTokenProperties (Claim[] claims,SigningCredentials signingCredentials)
    {
        var tokenProperties = new JwtSecurityToken(
                 issuer: "RetailerAPI",
                 audience: "RetailerClient",
                 claims: claims,
                 expires: DateTime.UtcNow.AddMinutes(30),
                 signingCredentials: signingCredentials
                );
        return tokenProperties;
    }

请让我知道我在这里错过了什么

链接地址: http://www.djcxy.com/p/22401.html

上一篇: Issue with JWT bearer authentication for Asp.net Web API 2

下一篇: Request Authentication in ASP.Net Web Api 2: OWIN or IAuthenticationFilter