In recent customers to develop Azure DevOps Exension, the extension needs to call a function written using .NET Core 3 Web Api.
I read in the Authenticating requests to your service after I gave Web Api increased by JWT certification.
PS: I did not copy the code, the question arises ..... question arises ..... question arises .....
Postman request the Web Api, has reported 401 Unauthorized, no matter what posture I change requests, all 401 Unauthorized.
Mind what the old fire ah, the jwt.io made a check is legitimate through, just do not know for the hair Postman not through.
puzzling, degree of your mother a bit, there is a headline caught my attention - the .NET Web API Core 3 401 jwt been
looked into one, and suddenly! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
The answer turned out to be:
In app.UseAuthorization();before adding app.UseAuthentication();it.
In the hearts of one hundred thousand mud horse galloping, because these two methods signatures word too close, and I like English very poor so the words are a little too, thought it was the same there is no copy added app.UseAuthentication();.
The results Oolong took place ...
Reprinted from the following: https://www.iteye.com/blog/lucky16-2020198
The difference between certification (authentication) and authorization (authorization) of
以前一直分不清 authentication 和 authorization,其实很简单,举个例子来说:
你要登机,你需要出示你的身份证和机票,身份证是为了证明你张三确实是你张三,这就是 authentication;
而机票是为了证明你张三确实买了票可以上飞机,这就是 authorization。
在 computer science 领域再举个例子:
你要登陆论坛,输入用户名张三,密码1234,密码正确,证明你张三确实是张三,这就是 authentication;
再一check用户张三是个版主,所以有权限加精删别人帖,这就是 authorization。