碼上快樂

相關內容    簡體    繁體

有效的訪問令牌仍然獲得401

本文轉載自   查看原文   2019-04-29 17:38   910    .Net Core

我在React中有一個客戶端應用程序,它使用Auth0正確驗證,收到的訪問令牌有效並包含適當的受眾(使用Auth0證書驗證了jwt.io 4中 的令牌)。服務器正在注冊一個令牌驗證事件,然后是一個消息,AuthenticationScheme: Bearer was challenged.並在401返回后不久。服務器也正確配置了適當的域和受眾。HTTP請求包含Authorization帶有Bearer方案的標頭

解碼的JWT有效載荷(有一些替代品):

{
  "iss": "https://work.eu.auth0.com/",
  "sub": "google-oauth2|XXXX",
  "aud": 
    "https://my-api.com",
    "https://work.eu.auth0.com/userinfo"
  ],
  "iat": 1507787600,
  "exp": 1507794800,
  "azp": "iqb4QobWGTA6Xmo3Ys8sIVCK1T5aPsdr",
  "scope": "openid profile my-api"
}

請求的服務器日志:

=> RequestId:0HL8GQM6G7E9T:00000001 RequestPath:/api/1.0/things => my-app.things.Controller.Get (Web)
      Authorization failed for user: (null).
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: (null).
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3]
      => RequestId:0HL8GQM6G7E9T:00000001 RequestPath:/api/1.0/things => my-app.things.Controller.Get (Web)
      Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
      => RequestId:0HL8GQM6G7E9T:00000001 RequestPath:/api/1.0/things => my-app.things.Controller.Get (Web)
      Executing ChallengeResult with authentication schemes ().
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[2]
      => RequestId:0HL8GQM6G7E9T:00000001 RequestPath:/api/1.0/things => my-app.things.Controller.Get (Web)
      Successfully validated the token.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: Successfully validated the token.
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[12]
      => RequestId:0HL8GQM6G7E9T:00000001 RequestPath:/api/1.0/things => my-app.things.Controller.Get (Web)
      AuthenticationScheme: Bearer was challenged.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: AuthenticationScheme: Bearer was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
      => RequestId:0HL8GQM6G7E9T:00000001 RequestPath:/api/1.0/things => my-app.things.Controller.Get (Web)
      Executed action my-app.things.Controller.Get (Web) in 23.2551ms
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action my-app.things.Controller.Get (Web) in 23.2551ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      => RequestId:0HL8GQM6G7E9T:00000001 RequestPath:/api/1.0/things
      Request finished in 31.3853ms 401 
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 31.3853ms 401 
The thread 4456 has exited with code 0 (0x0).

必須在MVC之前設置身份驗證的中間件。

app.UserAuthentication(); 

app.UseMvc();


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 訪問令牌 Identity Server4學習系列四之用戶名密碼獲得訪問令牌 【windows 訪問控制】一、訪問令牌 進程訪問令牌權限提升 Windows訪問令牌相關使用方法 C++ 實現提升訪問令牌權限 github配置:為命令行創建個人訪問令牌 Laravel 5.5 使用 Jwt-Auth 實現 API 用戶認證以及刷新訪問令牌 ASP.NET Core生成,校驗jwt的(accessToken)訪問令牌和(refreshToken)刷新令牌示例講解 訪問內存的有效時間
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM