文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
首页
学习
活动
专区
圈层
工具
MCP广场
返回腾讯云官网
社区首页 >问答首页 >使用keycloack授权dotnet核心web api时出现401错误而没有任何消息

使用keycloack授权dotnet核心web api时出现401错误而没有任何消息
EN

Stack Overflow用户
提问于 2020-05-03 23:44:25
回答 1查看 408关注 0票数 1

我正在为我的dotnet核心应用程序(3.1版)设置身份验证和授权。我设置了一个keycloak服务器作为我的身份提供者。我从keycloak获得了一个JWT令牌,并在调用api方法时使用了它。我总是收到401错误。我已经检查了几乎所有的Keycloak配置,但我无法找到问题。

我的JWT标记是

代码语言:javascript
运行
复制
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJza0dldkJuZnhieWlCSF9sOC1ZSEpxVnk2bm8yV3c0eG14a0xjeVlvMXRzIn0.eyJqdGkiOiJlNjI3NTA3MC05MTA0LTRhMGQtOGYxNC1mNzdkY2FjMjYzMDUiLCJleHAiOjE1ODg1MjMxMTcsIm5iZiI6MCwiaWF0IjoxNTg4NTE5NTE3LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvZ2FkZ2VvbiIsImF1ZCI6WyJmdHMtcG9ydGFsIiwiYWNjb3VudCJdLCJzdWIiOiJiMzIxYTA0Ny0zNzBkLTRlOTMtOWQ0MS1jZmRjYWMyN2I1ZjYiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJmdHMtcG9ydGFsIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmEzNmRiYjctMGYyOC00MDY4LWIwYmQtMDUxMmQxN2Q1MzEyIiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiZnRzLXBvcnRhbCI6eyJyb2xlcyI6WyJmdHNfYWRtaW4iXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJBZG1pbmlzdHJhdG9ycyIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJmdHNfcG9ydGFsIGVtYWlsIHByb2ZpbGUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJQcml5ZXNoIEsiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJwa2FyYXRoYSIsImdpdmVuX25hbWUiOiJQcml5ZXNoIiwiZmFtaWx5X25hbWUiOiJLIiwiZW1haWwiOiJwcml5ZXNoa2FyYXRoYUBnbWFpbC5jb20iLCJmdHMtcnVsZXMiOlsiZnRzX2FkbWluIl19.gFjqPSmyXvk78OhbPJ853upCHIHZdsAsjT1Psc7pzBqv30unH0EyCk3chTK0_87J-5bH2QAEyShKc0QVENMEL2PEhIKvgI7hdqT7oBKiTu3Ux2U5c2KbL9Dbism7nhr9FidrrkxtOsJUyR9hbZCGLnrmoHJEkNMvp3usS4HO1AxwaCSKUVXyNy3FmQJnY_R33IdSaiKsaLCJg57SIak1SexPnlUyFT6_yvbyKLjgpuL3Uk5TasQ3A8GVM2RRGVZa-s9L75rsFflkmRtAvCQca3QCRq8vHl929q6yy2TSrNlVLCeQxdK3Yapk-k_KSFS0dkoCgSQ3F5oGOECxPw-pBg

我的Startup.cs

代码语言:javascript
运行
复制
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Fts.App.Definitions;
using Fts.App.Services;
using Fts.Data.Defnitions;
using Fts.Data.Repository;
using Lbs.FtsClient;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;

namespace Fts.Api
{
    public class Startup
    {
        public Startup()
        {
            Configuration = new ConfigurationBuilder().AddJsonFile("appsettings.json").Build();
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

            }).AddJwtBearer("Bearer",o =>
            {
                o.Authority = Configuration["Jwt:Authority"];
                o.Audience = Configuration["Jwt:Audience"];
                o.RequireHttpsMetadata = false;

                o.Events = new JwtBearerEvents()
                {
                    OnAuthenticationFailed = c =>
                    {
                        c.NoResult();

                        c.Response.StatusCode = 500;
                        c.Response.ContentType = "text/plain";

                        return c.Response.WriteAsync(c.Exception.ToString());
                    }
                };
            });
            services.AddAuthorization(options =>
            {
                options.AddPolicy("apiadmin", policy => policy.RequireClaim("fts-rules", "[fts_admin]"));
            });

            services.AddTransient<IUserRepository, UserRepositiry>();
            services.AddTransient<IDbAccess, DbAccess>();
            services.AddTransient<ISiteRepository, SiteRepository>();
            services.AddTransient<IAssetRepository, AssetRepository>();
            services.AddTransient<IAssetService, AssetService>();
            services.AddTransient<IFtsWebService, FtsWebService>();
            services.AddControllers();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            app.UseCors(builder =>
                    builder.WithOrigins("http://localhost:4200").AllowAnyMethod().AllowAnyHeader());

            app.UseHttpsRedirection();

            app.UseRouting();

            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }
    }
}

我在我的控制器中添加了以下内容。

代码语言:javascript
运行
复制
[Authorize(Roles = "apiadmin")]
[ApiController]
[Route("[controller]")]

请在这个问题上提供帮助。

谢谢

keycloak
openid-connect
asp.net-core
authentication
authorization
EN

回答 1

Stack Overflow用户

发布于 2020-05-04 14:28:09

您应该将身份验证中间件添加到您的web api应用程序中,否则JWT承载身份验证将无法工作:

代码语言:javascript
运行
复制
app.UseRouting();
app.UseAuthentication();  <-- add this line 
app.UseAuthorization();
票数 2
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/61577239

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2025 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 深公网安备号 44030502008569

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号 | 京公网安备号11010802020287

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档