ASP.netcorewebAPI中的授权验证不起作用
-
首先,确保你在Startup.cs文件中添加了以下代码: services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ValidateIssuerSigningKey = true, ValidIssuer = Configuration["Jwt:Issuer"], ValidAudience = Configuration["Jwt:Audience"], IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:SecretKey"])) }; });
-
然后,在你的Controller中添加[Authorize]注解,以确保只有经过身份验证的用户才能够访问特定的API方法。例如:
[HttpGet] [Authorize] public async Task
-
最后,为用户提供有效的JWT令牌。例如:
var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, username), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), };
var token = new JwtSecurityToken ( issuer: Configuration["Jwt:Issuer"], audience: Configuration["Jwt:Audience"], claims: claims, expires: DateTime.UtcNow.AddDays(7), notBefore: DateTime.UtcNow, signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:SecretKey"])), SecurityAlgorithms.HmacSha256) );
return new JwtSecurityTokenHandler().WriteToken(token);
现在,你的授权验证就应该能够正常工作了。