尝试对 ASP.NET Core 3.1 使用多个身份验证方案时出现异常

Posted 2023-03-10

技术标签:

【中文标题】尝试对 ASP.NET Core 3.1 使用多个身份验证方案时出现异常【英文标题】：Exceptions when trying to use multiple authentication schemes with ASP.NET Core 3.1 【发布时间】：2021-07-07 23:22:16 【问题描述】：

我正在尝试使用 ASP.NET Core 3.1 添加多个身份验证方案，并在尝试向服务器发送不记名令牌时遇到此问题：

System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.CspMiddleware.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)

以下是相关代码：

            services.AddAuthentication(options =>
            
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
            )
            .AddJwtBearer("Custom", options =>
            
                options.SaveToken = true;
                options.RequireHttpsMetadata = true;
                options.TokenValidationParameters = new TokenValidationParameters
                
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = key,
                    ValidateAudience = false,
                    ValidateIssuer = false
                ;
            )
            .AddJwtBearer("Keycloak", options =>
            
                options.Authority = "http://localhost:8080/auth/realms/test";
                options.SaveToken = true;
                options.RequireHttpsMetadata = false;
                options.TokenValidationParameters = new TokenValidationParameters
                
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = key,
                    ValidateAudience = false,
                    ValidateIssuer = false
                ;
            );

            services.AddAuthorization(options =>
            
                var authorizationPolicy = new AuthorizationPolicyBuilder()
                  .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Custom", "Keycloak")
                  .RequireAuthenticatedUser().Build();
                options.AddPolicy("Bearer", authorizationPolicy);
            );

任何人都能够看到我在这里做错了什么？如果我只使用一个，这两种方案都可以单独工作。

【问题讨论】：

【参考方案1】：

我找到了解决办法。

我需要添加

    [Authorize(AuthenticationSchemes = "Custom, Keycloak")]

在我的基本控制器中。

【讨论】：

以上是关于尝试对 ASP.NET Core 3.1 使用多个身份验证方案时出现异常的主要内容，如果未能解决你的问题，请参考以下文章