Asp.net

InvalidOperationException:沒有為方案承載註冊身份驗證處理程序。

  • July 17, 2018

我正在嘗試使用 .net core 2.1 實現 Aspnet.security.openidconnect (ASOS) 我可以使用 ASOS 成功生成 access_token 和 refreshtoken 但是當我在我的任何操作上添加授權屬性並嘗試使用郵遞員呼叫該操作時,我得到了以下異常:

InvalidOperationException: No authentication handler is registered for the scheme Bearer. The registered schemes are: ASOS. Did you forget to call AddAuthentication().Add[SomeAuthHandler

這是程式碼:

services.AddAuthentication(options =>
       {
           options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
           options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
   }).AddOpenIdConnectServer(options =>
   {
       options.AuthorizationEndpointPath = "/connect/authorize";
       // Enable the token endpoint.
       options.TokenEndpointPath = "/connect/token";

       // Implement OnValidateTokenRequest to support flows using the token endpoint.
       options.Provider.OnValidateTokenRequest = context =>
       {
           // Reject token requests that don't use grant_type=password or grant_type=refresh_token.
           if (!context.Request.IsClientCredentialsGrantType() && !context.Request.IsRefreshTokenGrantType())
           {
               context.Reject(
                   error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
                   description: "Only grant_type=password and refresh_token " +
                                "requests are accepted by this server.");

               return Task.CompletedTask;
           }

           // Note: you can skip the request validation when the client_id
           // parameter is missing to support unauthenticated token requests.
           // if (string.IsNullOrEmpty(context.ClientId))
           // {
           //     context.Skip();
           // 
           //     return Task.CompletedTask;
           // }

           // Note: to mitigate brute force attacks, you SHOULD strongly consider applying
           // a key derivation function like PBKDF2 to slow down the secret validation process.
           // You SHOULD also consider using a time-constant comparer to prevent timing attacks.
           if (string.Equals(context.ClientId, "client_id", StringComparison.Ordinal) &&
               string.Equals(context.ClientSecret, "client_secret", StringComparison.Ordinal))
           {
               context.Validate();
           }

           // Note: if Validate() is not explicitly called,
           // the request is automatically rejected.
           return Task.CompletedTask;
       };

       // Implement OnHandleTokenRequest to support token requests.
       options.Provider.OnHandleTokenRequest = context =>
       {
           // Only handle grant_type=password token requests and let
           // the OpenID Connect server handle the other grant types.
           if (context.Request.IsClientCredentialsGrantType())
           {
               // Implement context.Request.Username/context.Request.Password validation here.
               // Note: you can call context Reject() to indicate that authentication failed.
               // Using password derivation and time-constant comparer is STRONGLY recommended.
               //if (!string.Equals(context.Request.Username, "Bob", StringComparison.Ordinal) ||
               //    !string.Equals(context.Request.Password, "P@ssw0rd", StringComparison.Ordinal))
               //{
               //    context.Reject(
               //        error: OpenIdConnectConstants.Errors.InvalidGrant,
               //        description: "Invalid user credentials.");

               //    return Task.CompletedTask;
               //}

               var identity = new ClaimsIdentity(context.Scheme.Name,
                   OpenIdConnectConstants.Claims.Name,
                   OpenIdConnectConstants.Claims.Role);

               // Add the mandatory subject/user identifier claim.
               identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "[unique id]");

               // By default, claims are not serialized in the access/identity tokens.
               // Use the overload taking a "destinations" parameter to make sure
               // your claims are correctly inserted in the appropriate tokens.
               identity.AddClaim("urn:customclaim", "value",
                   OpenIdConnectConstants.Destinations.AccessToken,
                   OpenIdConnectConstants.Destinations.IdentityToken);

               var ticket = new AuthenticationTicket(
                   new ClaimsPrincipal(identity),
                   new AuthenticationProperties(),
                   context.Scheme.Name);

               // Call SetScopes with the list of scopes you want to grant
               // (specify offline_access to issue a refresh token).
               ticket.SetScopes(
                   OpenIdConnectConstants.Scopes.Profile,
                   OpenIdConnectConstants.Scopes.OfflineAccess);

               context.Validate(ticket);
           }

           return Task.CompletedTask;
       };
   });

在我呼叫的配置方法中:

app.UseAuthentication();

這裡缺少什麼?謝謝

您共享的程式碼段僅生成令牌:它不會驗證它們。要啟用令牌驗證,請引用AspNet.Security.OAuth.Validation包並註冊 aspnet-contrib 驗證處理程序:

services.AddAuthentication(OAuthValidationDefaults.AuthenticationScheme)
   .AddOAuthValidation();

引用自:https://stackoverflow.com/questions/51383781

相關問答

Asp.net

ASP.NET Core 應用程序無法執行:沒有 DIST 文件夾和“找不到模組 ‘./wwwroot/dist/vendor-manifest.json’”

  • October 21, 2021
檢視問答
Asp.net

.NET Core 2 - 創建具有儲存庫的控制器類的實例

  • August 16, 2021
檢視問答
Asp.net

OpenIDConnect 響應類型混淆

  • May 12, 2021
檢視問答
Asp.net-Core

ASP.NET Core 中的 AddOpenIdConnect 和刷新令牌

  • April 1, 2021
檢視問答
Asp.net

.NET Core 2 CookieAuthentication 忽略過期時間跨度

  • December 17, 2020
檢視問答
Asp.net

如何使用 JwtSecurityTokenHandler 和 JWKS 端點驗證 JWT?

  • October 9, 2020
檢視問答