【发布时间】:2019-06-16 08:30:40
【问题描述】:
最近在 Piranha 项目中为 api 设置 JWT。我可以在没有 Piranha 劫持请求的情况下点击登录端点(匿名)。
当我使用 [Authorize] 属性到达 API 端点(成功验证并接收 JWT 后)时,Piranha 总是会拾取它。它试图将我重定向到 CMS 登录。
由于这是一个 API,重定向到网页是不可接受的行为。无论如何要纠正这种行为?
var appSettingsSection = config.GetSection("AppSettings");
services.Configure<AppSettings> (appSettingsSection);
// configure jwt authentication
var appSettings = appSettingsSection.Get<AppSettings> ();
var key = Encoding.UTF8.GetBytes (appSettings.Secret); // todo - UTF8 vs ASCII?!
services.AddAuthentication (x => {
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer (x => {
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters {
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey (key),
ValidateIssuer = false,
ValidateAudience = false
};
});
services.AddPiranhaApplication ();
services.AddPiranhaFileStorage ();
services.AddPiranhaImageSharp ();
services.AddPiranhaEF (options =>
options.UseSqlite ("Filename=./piranha.db"));
services.AddPiranhaIdentityWithSeed<IdentitySQLiteDb> (options =>
options.UseSqlite ("Filename=./piranha.db"));
}
services.AddPiranhaManager ();
services.AddPiranhaMemCache ();
services.AddMvc (config => {
config.ModelBinderProviders.Insert (0,
new Piranha.Manager.Binders.AbstractModelBinderProvider ());
}).SetCompatibilityVersion (CompatibilityVersion.Version_2_1);
--------- 更新 --------- 在@hakan 的帮助下,以下属性起作用:
[ApiController]
[Route ("api/v1/")]
[Produces("application/json")]
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
public class ApiController : ControllerBase {
【问题讨论】: