当用户未经身份验证时,ASP.NET Core 5 Web API 返回 404 代码而不是 401
Posted
技术标签:
【中文标题】当用户未经身份验证时,ASP.NET Core 5 Web API 返回 404 代码而不是 401【英文标题】:ASP.NET Core 5 Web API returns 404 code instead of 401 when the user is unauthenticated 【发布时间】:2021-11-09 03:18:09 【问题描述】:我有一个基于 ASP.NET 5 框架和 Swagger UI 编写的 Web API。
当用户向任何端点发出经过身份验证的请求时,我得到 404“就像框架将用户重定向到不存在的页面一样!”如果框架由于未经授权的请求而自动重定向请求,我想更改该行为以返回 401 json 响应。如果没有,如何将响应代码从 404 更改为 401 作为 JSON 响应?
这是 Startup 类的样子
public void ConfigureServices(IServiceCollection services)
services.AddControllers();
services.AddSwaggerGen(swagger =>
swagger.SwaggerDoc("v1", new OpenApiInfo
Version = "v1",
Title = "Student Athlete Wellness Tracker API",
Description = "API to provide data for the Student Athlete Wellness Trackers",
);
swagger.AddSecurityDefinition("basic", new OpenApiSecurityScheme()
Name = "Authorization",
Type = SecuritySchemeType.Http,
Scheme = "basic",
In = ParameterLocation.Header,
Description = "Basic Authorization header using the Bearer scheme.",
);
swagger.AddSecurityRequirement(new OpenApiSecurityRequirement
new OpenApiSecurityScheme
Reference = new OpenApiReference
Type = ReferenceType.SecurityScheme,
Id = "basic"
,
Array.Empty<string>()
);
);
services.AddAuthentication("BasicAuthentication")
.AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
if (env.IsDevelopment())
app.UseDeveloperExceptionPage();
else
app.UseExceptionHandler("/error");
app.UseHsts();
app.UseSwagger();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "Student Athlete Wellness Trackers - v1"));
app.UseCors(x => x.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
endpoints.MapControllers();
);
【问题讨论】:
【参考方案1】:为了解决这个问题,我改变了
services.AddAuthentication("BasicAuthentication")
.AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);
到
services.AddAuthentication(opts =>
opts.DefaultAuthenticateScheme = "BasicAuthentication";
opts.DefaultChallengeScheme = "BasicAuthentication";
opts.DefaultScheme = "BasicAuthentication";
opts.AddScheme<BasicAuthenticationHandler>("BasicAuthentication", null);
);
【讨论】:
【参考方案2】:我遇到了同样的问题。
我添加了第二个选项行并解决了问题。
services.AddAuthentication(options =>
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
)
您可以阅读官方文档了解更多:https://docs.microsoft.com/en-us/aspnet/core/security/authentication/?view=aspnetcore-5.0
例子:Web api core returns 404 when adding Authorize attribute
【讨论】:
以上是关于当用户未经身份验证时,ASP.NET Core 5 Web API 返回 404 代码而不是 401的主要内容,如果未能解决你的问题,请参考以下文章
ASP.NET Core 5 JWT 身份验证失败,响应代码为 401
Asp.net core 3.1 保护 API 和 Web 应用程序
为啥我在 Asp.Net CORE 中使用 JWT 获得 401 未经授权?