我使用Auth0 forlogin和Asp.net core webapi身份(前端- reactjs和后端=Asp.net core webapi)和使用[authorization]属性,默认情况下,它正在进行身份验证并重定向到帐户/登录页面尽管我在配置服务
中将默认身份验证添加为JwtBearerDefaults注意:Auth0认证工作时,我使用[授权]属性在不同的解决方案没有身份,但当我实现[authorization]只对身份有效,而对Auth0无效
应该在Asp.net核心web API中默认限制URL到Account/Login使用身份,默认接受Auth0身份验证
下面的代码是为我工作没有使用asp.net核心身份
Configureservices
services.AddAuthentication(options =>
{
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Authority = "https://xxxxxx.uk.auth0.com";
options.Audience = "xxxxx";
};
控制器
[HttpGet]
[Authorize]
public IList<UserDto> Get()
{
return _userService.GetUsers();
}
期待:默认情况下,Auth0认证应该发生,即使我使用Asp.net核心web API Identity
对于Auth0认证Startup.cs应该这样管理
ConfigureServices
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Authority = "https://<Your-Domain>.auth0.com/"
options.Audience =<Client ID>
});
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseCors("AllowAnyCorsPolicy");
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseRouting();
app.UseAuthorization();
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseStaticFiles(new StaticFileOptions { RequestPath = "/build" });
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
endpoints.MapFallbackToFile("index.html", new StaticFileOptions
{
OnPrepareResponse = x =>
{
var httpContext = x.Context;
var path = httpContext.Request.RouteValues["path"];
// now you get the original request path
}
});
});
}
对于进一步的知识,请遵循以下线程
- https://learn.microsoft.com/en us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore - 7.0
- 在ASP中使用多种认证方案。. NET Core 3.1?
- ASP。. NET Core 6:添加带有多个授权策略的多个身份验证方案以及依赖注入