如何解决具有多种方案的Dotnet核心授权
我有一个使用Azure AD和Api密钥身份验证的dotnet core v3 Web api。我想在大多数控制器方法上使用承载令牌,但有些需要api键访问。承载令牌认证和授权工作正常。但是我无法获得api密钥身份验证。
启动
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(Configuration,"AzureAd")
.EnableTokenAcquisitionToCallDownstreamApi()
.AddInMemoryTokenCaches();
services.AddAuthentication()
.AddScheme<AuthenticationSchemeOptions,ApiKeyAuthenticationHandler>("Api-Key",null);
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder(
JwtBearerDefaults.AuthenticationScheme,"Api-Key")
.RequireAuthenticatedUser()
.Build();
options.AddPolicy("RequireAdministratorRole",policy => policy.RequireRole("Administrator"));
options.AddPolicy("RequireApiKeyRole",policy => policy.RequireRole("ApiKeyRole"));
});
}
public void Configure(IApplicationBuilder app,IWebHostEnvironment env)
{
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers().RequireAuthorization();
});
}
api密钥身份验证处理程序
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
var authorizationHeaders = Request.Headers["Authorization"];
var apiKeyHeader = authorizationHeaders.FirstOrDefault(
header => header.StartsWith(Scheme.Name,StringComparison.OrdinalIgnoreCase));
string apiKey = apiKeyHeader.Substring(Scheme.Name.Length).Trim();
var claims = new List<Claim>
{
new Claim(ClaimTypes.Role,"ApiKeyRole")
};
var identity = new ClaimsIdentity(claims,Scheme.Name);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal,Scheme.Name);
return Task.FromResult(AuthenticateResult.Success(ticket));
}
控制器
[Route("api/[controller]")]
[ApiController]
public class ValuesController : ControllerBase
{
[HttpGet]
[Authorize(Policy = "RequireApiKeyRole")]
public ActionResult Get()
{
return Ok("Success");
}
}
这不起作用。我正在通过身份验证,并且角色已设置。但是我收到了403响应。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。