問題描述

我有一個與 .Net Core 2.2 API 后端接口的 Angular 7 應用程序.這是與 Azure Active Directory 的接口.

I have an Angular 7 application interfacing with a .Net Core 2.2 API back-end. This is interfacing with Azure Active Directory.

在 Angular 7 方面，它正在通過 AAD 正確進行身份驗證，并且我得到了一個有效的 JWT，如 jwt.io.

On the Angular 7 side, it is authenticating properly with AAD and I am getting a valid JWT back as verified on jwt.io.

在 .Net Core API 方面，我創建了一個簡單的測試 API，其中包含 [Authorize].

On the .Net Core API side I created a simple test API that has [Authorize] on it.

當我從 Angular 調用此方法時，添加 Bearer 令牌后，我得到(如 Chrome 調試工具、網絡選項卡、標題"中所示):

When I call this method from Angular, after adding the Bearer token, I am getting (as seen in Chrome Debug Tools, Network tab, "Headers"):

WWW-Authenticate: Bearer error="invalid_token", error_description="The未找到簽名密鑰"

WWW-Authenticate: Bearer error="invalid_token", error_description="The signature key was not found"

帶有HTTP/1.1 401 Unauthorized.

簡單的測試 API 是:

The simplistic test API is:

    [Route("Secure")]
    [Authorize]
    public IActionResult Secure() => Ok("Secure works");

Angular 調用代碼也很簡單:

The Angular calling code is also as simple as I can get it:

    let params : any = {
        responseType: 'text',
        headers: new HttpHeaders({
            "Authorization": "Bearer " + token,
            "Content-Type": "application/json"
        })
    }

    this.http
        .get("https://localhost:5001/api/azureauth/secure", params)
        .subscribe(
            data => { },
            error => { console.error(error); }
        );

如果我刪除 [Authorize] 屬性并將其作為來自 Angular 的標準 GET 請求調用 它可以正常工作.

If I remove the [Authorize] attribute and just call this as a standard GET request from Angular it works fine.

我的 Startup.cs 包含:

My Startup.cs contains:

        services
            .AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureADBearer(options => this.Configuration.Bind("AzureAd", options));

所有選項都在 appsettings.json 中正確設置(例如 ClientId、TenantId 等)，并且此處的 options 按預期填充.

The options are all properly set (such as ClientId, TenantId, etc) in the appsettings.json and options here is populating as expected.

推薦答案

我也遇到了同樣的問題.我錯過了權限..確保權限和 api 名稱現在正確，啟動文件中配置服務中的這段代碼對我有用:

I was facing the same issue. i was missing the authority..make sure authority and api name is correct now this code in configure services in startup file works for me:

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
                .AddIdentityServerAuthentication( x =>
                {
                    x.Authority = "http://localhost:5000"; //idp address
                    x.RequireHttpsMetadata = false;
                    x.ApiName = "api2"; //api name
                });

這篇關于承載錯誤 - invalid_token - 未找到簽名密鑰的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！