Migrating web api authentication from .NET Core 1.1 to 2.0

问题

I'm trying to convert my old authentication to .NET 2.0. I had the following code:

app.UseJwtBearerAuthentication(new JwtBearerOptions
{
    AutomaticAuthenticate = true,
    IncludeErrorDetails = true,
    Authority = "https://securetoken.google.com/xxxxx",
    TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidIssuer = "https://securetoken.google.com/xxxxxx",
        ValidateAudience = true,
        ValidAudience = "xxxx",
        ValidateLifetime = true,
    },
});

My new code is the following:

public void Configure(...)
{
    ...
    app.UseAuthentication();
    ...
}

public void ConfigureServices(IServiceCollection services)
{
    ...
    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(options =>
        {
            options.RequireHttpsMetadata = false;
            options.IncludeErrorDetails = true;
            options.Authority = "https://securetoken.google.com/xxxxxx";
            options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = true,
                ValidIssuer = "https://securetoken.google.com/xxxxx",
                ValidateAudience = true,
                ValidAudience = "xxxxxx",
                ValidateLifetime = true,
            };
        }); 
    ...
    services.AddMvc();
    services.AddAuthorization(......);
}

But in 2.0 I'm getting a 404 response. If I remove the [Authorize] attribute from my endpoint, it works. My output window shows this:

Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:62423/api/users/info
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: (null). Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'. Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().

Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information: AuthenticationScheme: Identity.Application was challenged. Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action SORTE.API.ContentManager.Controllers.UsersController.Info (SORTE.API.ContentManager) in 24.0837ms Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 35.2446ms 302 Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:62423/Account/Login?ReturnUrl=%2Fapi%2Fusers%2Finfo
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 5.8149ms 404

From the log errors, it seems that it's trying to redirect me to /Account/Login, but I don't have such endpoint, my project is a Web API.

Am I missing some configuration?

回答1:

I was facing the same problem, until i read this.

When we use the Authorize attribute, it actually binds to the first authentication system by default.

The solution was especify wich scheme to use (JwtBearer):

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme, Policy = "PoliceName")]

Now i can get status 200 (with valid token) and 401 (unauthorized - invalid token)

来源：https://stackoverflow.com/questions/45778244/migrating-web-api-authentication-from-net-core-1-1-to-2-0