Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
4.8k views
in Technique[技术] by (71.8m points)

authentication - Authenticate API in .net core using ping identity OAuth2.0

Problem Statement : I want to secure APIs using ping identity OAuth 2.0. I am following this blog but I get 401.

I have configured in postman tool with OAuth2.0 with details provided by ping identity team and I'm able to generate the token but the same token when I copy paste and send it as Bearer, I get 401 in the API.

I doubt if I'm giving the wrong callback URL. If my API URL is say http://web.abc.com/_api/home/userinfo then what should be my callback URL?

NOTE : I am not using this solution in the browser and directly trying to secure the APIs. May be my approach itself is not correct. Let me know if any better solution.

EDIT :

Startup.cs looks like this :

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {

        string x509PublicCert = @"XXXXXXXXXXX";

        var byteCert = Convert.FromBase64String(x509PublicCert);
        var x509Cert = new X509Certificate2(byteCert);
        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options =>
            {
                options.Audience = "http://localhost:65180/";//Configuration["Audience"]; //"http://localhost:9000/";
                options.Authority = "https://myloginqa.xyz.com:8080/"; //Configuration["Authority"]; // "https://idp.yourcompany.com:5000/";
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    // Validate the JWT Audience
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = new X509SecurityKey(x509Cert),
                    ValidateIssuer = true,
                    ValidIssuer = "myloginqa.xyz.com",//Configuration["Issuer"], //idp.yourcompany.com
                    ValidateAudience = false,
                    ValidateLifetime = true,
                    // If you want to allow a certain amount of clock drift, set that here:
                    ClockSkew = TimeSpan.Zero
                };
            });

        services.AddControllersWithViews();

        // In production, the React files will be served from this directory
        services.AddSpaStaticFiles(configuration =>
        {
            configuration.RootPath = "ClientApp/build";
        });
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Error");
        }

        app.UseStaticFiles();
        app.UseSpaStaticFiles();
        
        
        app.UseRouting();
        
        app.UseCookiePolicy();
        app.UseAuthentication();
        app.UseAuthorization();
        app.UseCors("CorsApi");
        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller}/{action=Index}/{id?}");

          
        });

        app.UseSpa(spa =>
        {
            spa.Options.SourcePath = "ClientApp";

            if (env.IsDevelopment())
            {
                spa.UseReactDevelopmentServer(npmScript: "start");
            }
        });
    }
}

Controller looks like this :

    [EnableCors("CorsApi")]
//[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[Authorize]
[ApiController]
[Route("[controller]")]

public class WeatherForecastController : ControllerBase

enter image description here


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
等待大神答复

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...