我打算使用2个ServiceStack的身份验证提供程序:一个基于CredentialsAuthProvider的自定义提供程序,称为remotecreds和内置JwtAuthProvider。 我的AppHost注册码如下所示
appHost.Plugins.Add(new AuthFeature(() => new UserSession(),
new IAuthProvider[]
{
new JwtAuthProvider(AppSettings)
{
RequireSecureConnection = false,
HashAlgorithm = "RS256",
PublicKeyXml = publicKeyXml,
Audiences = new List<string> { $"{AppSettings.GetDictionary("Auth")["Url"]}/resources" },
PopulateSessionFilter = PopulateSessionFilter
},
new RemoteCredentialsAuthProvider(AppSettings)
{
PopulateSessionFilter = PopulateSessionFilter
},
}));
当我使用自定义身份验证提供程序 ( POST /auth/remotecreds 进行身份验证时,ServiceStack 返回以下错误,尽管身份验证提供程序的代码已正确执行
{
"responseStatus": {
"errorCode": "NotSupportedException",
"message": "PrivateKey required to use: RS256",
"stackTrace": "[Authenticate: 25/04/2019 9:59:25 AM]:n[REQUEST: {provider:remotecreds,userName:admin,password:Pa$$word123}]nSystem.NotSupportedException: PrivateKey required to use: RS256rn at ServiceStack.Auth.JwtAuthProvider.GetHashAlgorithm(IRequest req) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\JwtAuthProvider.cs:line 87rn at ServiceStack.Auth.JwtAuthProvider.CreateJwtBearerToken(IRequest req, IAuthSession session, IEnumerable`1 roles, IEnumerable`1 perms) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\JwtAuthProvider.cs:line 118rn at ServiceStack.Auth.JwtAuthProvider.Execute(AuthFilterContext authContext) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\JwtAuthProvider.cs:line 57rn at ServiceStack.Auth.AuthenticateService.Post(Authenticate request) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\AuthenticateService.cs:line 253rn at ServiceStack.Host.ServiceRunner`1.ExecuteAsync(IRequest req, Object instance, TRequest requestDto) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Host\ServiceRunner.cs:line 133",
"errors": []
}
}
如果我注释掉 AppHost 中的JwtAuthProvider注册,则上面的相同调用成功。
所以在这里我很困惑为什么 ServiceStack 调用JwtAuthProvider而我清楚地针对我的自定义身份验证提供程序进行身份验证。
问题是您的JwtAuthProvider配置错误,如果要使用RSA*哈希算法,则需要使用私钥进行配置:
new JwtAuthProvider(AppSettings) {
HashAlgorithm = "RS256",
PrivateKeyXml = AppSettings.GetString("PrivateKeyXml")
}
它仍然会尝试使用您的自定义身份验证提供程序进行身份验证,但如果您注册了JwtAuthProvider,它将尝试使用 BearerToken 中的 JWT 令牌填充AuthenticateResponse,因此当用户对您的身份验证提供程序进行身份验证时,例如:
var clientnew JsonServiceClient(baseUrl);
var authResponse = client.Post(new Authenticate {
provider = "remotecreds",
UserName = username,
Password = password,
RememberMe = true,
});
他们将有权访问填充在以下位置的 JWT 令牌:
var jwt = authResponse.BearerToken;
因此,如果配置正确,它将返回填充的 JWT 令牌 BearerToken 或如果您删除JwtAuthProvider它将不会尝试填充它。