下面是一个在IdentityServer内部共同托管受保护API的示例:

There is an example co-hosting a protected API inside IdentityServer: IdentityServerAndApi

我与他们的启动公司之间的快速比较是，他们正在调用AddJwtBearer而不是AddIdentityServerAuthentication:

I quick comparison between their startup and yours is that they are calling AddJwtBearer instead of AddIdentityServerAuthentication:

services.AddAuthentication()
 .AddJwtBearer(jwt => {
    jwt.Authority = "http://localhost:5000";
    jwt.RequireHttpsMetadata = false;
    jwt.Audience = "api1";
});

Authorize属性还设置身份验证方案:

TheAuthorize attribute also sets the authentication scheme:

[Authorize(AuthenticationSchemes = "Bearer")]