問題描述

我有一個與 .Net Core 2.2 API 后端接口的 Angular 7 應(yīng)用程序.這是與 Azure Active Directory 的接口.

I have an Angular 7 application interfacing with a .Net Core 2.2 API back-end. This is interfacing with Azure Active Directory.

在 Angular 7 方面，它正在通過 AAD 正確進(jìn)行身份驗(yàn)證，并且我得到了一個有效的 JWT，如 jwt.io.

On the Angular 7 side, it is authenticating properly with AAD and I am getting a valid JWT back as verified on jwt.io.

在 .Net Core API 方面，我創(chuàng)建了一個簡單的測試 API，其中包含 [Authorize].

On the .Net Core API side I created a simple test API that has [Authorize] on it.

當(dāng)我從 Angular 調(diào)用此方法時，添加 Bearer 令牌后，我得到(如 Chrome 調(diào)試工具、網(wǎng)絡(luò)選項(xiàng)卡、標(biāo)題"中所示):

When I call this method from Angular, after adding the Bearer token, I am getting (as seen in Chrome Debug Tools, Network tab, "Headers"):

WWW-Authenticate: Bearer error="invalid_token", error_description="The未找到簽名密鑰"

WWW-Authenticate: Bearer error="invalid_token", error_description="The signature key was not found"

帶有HTTP/1.1 401 Unauthorized.

簡單的測試 API 是:

The simplistic test API is:

    [Route("Secure")]
    [Authorize]
    public IActionResult Secure() => Ok("Secure works");

Angular 調(diào)用代碼也很簡單:

The Angular calling code is also as simple as I can get it:

    let params : any = {
        responseType: 'text',
        headers: new HttpHeaders({
            "Authorization": "Bearer " + token,
            "Content-Type": "application/json"
        })
    }

    this.http
        .get("https://localhost:5001/api/azureauth/secure", params)
        .subscribe(
            data => { },
            error => { console.error(error); }
        );

如果我刪除 [Authorize] 屬性并將其作為來自 Angular 的標(biāo)準(zhǔn) GET 請求調(diào)用 它可以正常工作.

If I remove the [Authorize] attribute and just call this as a standard GET request from Angular it works fine.

我的 Startup.cs 包含:

My Startup.cs contains:

        services
            .AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureADBearer(options => this.Configuration.Bind("AzureAd", options));

所有選項(xiàng)都在 appsettings.json 中正確設(shè)置(例如 ClientId、TenantId 等)，并且此處的 options 按預(yù)期填充.

The options are all properly set (such as ClientId, TenantId, etc) in the appsettings.json and options here is populating as expected.

推薦答案

我也遇到了同樣的問題.我錯過了權(quán)限..確保權(quán)限和 api 名稱現(xiàn)在正確，啟動文件中配置服務(wù)中的這段代碼對我有用:

I was facing the same issue. i was missing the authority..make sure authority and api name is correct now this code in configure services in startup file works for me:

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
                .AddIdentityServerAuthentication( x =>
                {
                    x.Authority = "http://localhost:5000"; //idp address
                    x.RequireHttpsMetadata = false;
                    x.ApiName = "api2"; //api name
                });

這篇關(guān)于承載錯誤 - invalid_token - 未找到簽名密鑰的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！