ASP.NET Core 2.0 JWT 验证失败，并显示“用户授权失败:(空)"错误

本文介绍了ASP.NET Core 2.0 JWT 验证失败，并显示“用户授权失败:(空)"错误的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我使用 ASP.NET Core 2.0 应用程序 (Web API) 作为 JWT 颁发者来生成可由移动应用程序使用的令牌.不幸的是，此令牌无法由一个控制器验证，而可以由另一个控制器验证(在同一个 asp core 2.0 应用中使用相同的验证设置).

I'm using ASP.NET Core 2.0 application (Web API) as a JWT issuer to generate a token consumable by a mobile app. Unfortunately, this token couldn't be validated by one controller while can be validated by another (using the same validation setting within the same asp core 2.0 app).

所以我有一个有效且可以解码的令牌，具有所有必需的声明和时间戳.但是一个端点接受它，而另一个端点给了我 401 错误和调试输出:

So I have a token which is valid and could be decoded, has all the required claims and timestamps. But one endpoint accepts it, while another gives me 401 error and debug output:

Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:信息:用户授权失败:(空).

Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: (null).

[40m[32minfo[39m[22m[49m: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2] Authorization failed for user: (null). Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: (null). [40m[32minfo[39m[22m[49m: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3] Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'. Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'. Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes (). [40m[32minfo[39m[22m[49m: Microsoft.AspNetCore.Mvc.ChallengeResult[1] Executing ChallengeResult with authentication schemes (). [40m[32minfo[39m[22m[49m: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[12] AuthenticationScheme: Bearer was challenged. Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: AuthenticationScheme: Bearer was challenged. [40m[32minfo[39m[22m[49m: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2] Executed action MyController.Get (WebApi) in 72.105ms Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action MyController.Get (WebApi) in 72.105ms Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 271.077ms 401 [40m[32minfo[39m[22m[49m: Microsoft.AspNetCore.Hosting.Internal.WebHost[2] Request finished in 271.077ms 401

我的验证设置如下:

var secretKey = Configuration["Authentication:OAuth:IssuerSigningKey"]; var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretKey)); var tokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = signingKey, ValidateIssuer = true, ValidIssuer = Configuration["Authentication:OAuth:Issuer"], ValidateAudience = true, ValidAudience = Configuration["Authentication:OAuth:Audience"], ValidateLifetime = true, ClockSkew = TimeSpan.Zero, }; services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(options => { options.RequireHttpsMetadata = false; options.TokenValidationParameters = tokenValidationParameters; });

这两个端点是相同的，只是位于不同的控制器中，都用 Authorize 属性标记.

These two endpoints are identical, just live in different controllers, both marked with the Authorize attribute.

这怎么可能?

推荐答案

configure 函数中 add 语句的顺序很重要.确保

The sequence of the add statements in the configure function is of importance. Make sure that

app.UseAuthentication();

先于

app.UseMvc();

这可能是问题所在吗?