英文:
Default challenge scheme isn't working with RouteGroups?
问题
我有一个用于多个端点的路由组:
internal class EmployeeRouteGroup : RouteGroup{/// <inheritdoc />protected override string Prefix => "employees";/// <inheritdoc />protected override RouteGroupBuilder ConfigureCommonBehaviour(RouteGroupBuilder routeGroupBuilder){return routeGroupBuilder.RequireAuthorization();}/// <inheritdoc />protected override RouteGroupBuilder ConfigureRoutes(RouteGroupBuilder routeGroupBuilder){routeGroupBuilder.MapGet("/", async ([AsParameters] SearchEmployeesParametersDto getEmployeesParameters, IMediator mediator, CancellationToken cancellationToken)=> await mediator.Send(new SearchEmployeesQuery { Parameters = getEmployeesParameters }, cancellationToken));routeGroupBuilder.MapGet("/{id}", async (int id, IMediator mediator, CancellationToken cancellationToken)=> await mediator.Send(new GetEmployeeDetailsQuery { EmployeeId = id }, cancellationToken));routeGroupBuilder.MapGet("/for-salary-access-user/{id}", async (int id, IMediator mediator, CancellationToken cancellationToken)=> await mediator.Send(new SearchEmployeesForSalaryAccessUserQuery { SalaryAccessUserId = id }, cancellationToken));return routeGroupBuilder;}}
还在 Startup.cs 中设置了 DefaultChallengeScheme:
services.AddAuthentication(options =>{options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;}).AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, o => o = jwtOptions);
但每次尝试进行未授权的请求时,都会收到 404 响应而不是 401。
如果在端点内部放置 [Authorize(AuthenticationScheme = ...)] 则可以正常工作!但是,您知道,这不是一个好方法 
英文:
I have a Route Group for several endpoints:
internal class EmployeeRouteGroup : RouteGroup{/// <inheritdoc />protected override string Prefix => "employees";/// <inheritdoc />protected override RouteGroupBuilder ConfigureCommonBehaviour(RouteGroupBuilder routeGroupBuilder){return routeGroupBuilder.RequireAuthorization();}/// <inheritdoc />protected override RouteGroupBuilder ConfigureRoutes(RouteGroupBuilder routeGroupBuilder){routeGroupBuilder.MapGet("/", async ([AsParameters] SearchEmployeesParametersDto getEmployeesParameters, IMediator mediator, CancellationToken cancellationToken)=> await mediator.Send(new SearchEmployeesQuery { Parameters = getEmployeesParameters }, cancellationToken));routeGroupBuilder.MapGet("/{id}", async (int id, IMediator mediator, CancellationToken cancellationToken)=> await mediator.Send(new GetEmployeeDetailsQuery { EmployeeId = id }, cancellationToken));routeGroupBuilder.MapGet("/for-salary-access-user/{id}", async (int id, IMediator mediator, CancellationToken cancellationToken)=> await mediator.Send(new SearchEmployeesForSalaryAccessUserQuery { SalaryAccessUserId = id }, cancellationToken));return routeGroupBuilder;}}
Also in Startup.cs I've setup DefaultChallengeScheme:
services.AddAuthentication(options =>{options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;}).AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, o => o = jwtOptions);
But everytime when I'm trying to make unauthorized request I get 404 response instead of 401.
If you put [Authorize(AuthenticationScheme = ...)] within endpoint it works fine! But, you know, it's not good approach
答案1
得分: 1
问题实际上是在 Authentication 设置之后存在一个 Identity 设置。
AddIdentity<> 方法包含以下代码:
services.AddAuthentication(options =>{options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;options.DefaultSignInScheme = IdentityConstants.ExternalScheme;}).AddCookie(IdentityConstants.ApplicationScheme, o =>{o.LoginPath = new PathString("/Account/Login");o.Events = new CookieAuthenticationEvents{OnValidatePrincipal = SecurityStampValidator.ValidatePrincipalAsync};})
因此,要解决这个问题,您只需要在设置 Identity 之后设置您的身份验证。
英文:
The problem was in fact that there was an Identity setup after Authentication setup.
AddIdentity<> method contains this code:
services.AddAuthentication(options =>{options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;options.DefaultSignInScheme = IdentityConstants.ExternalScheme;}).AddCookie(IdentityConstants.ApplicationScheme, o =>{o.LoginPath = new PathString("/Account/Login");o.Events = new CookieAuthenticationEvents{OnValidatePrincipal = SecurityStampValidator.ValidatePrincipalAsync};})
So, to solve this issue you have to just setup your Authentication after Identity.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论