我在令牌使用者身上收到以下错误 . 任何解决这个问题的帮助都将非常受欢迎 . 谢谢 .
“IDX10503:签名验证失败钥匙尝试: . 'System.IdentityModel.Tokens.SymmetricSecurityKey' 例外 grab :“System.InvalidOperationException:IDX10636:SignatureProviderFactory.CreateForVerifying返回null关键: 'System.IdentityModel.Tokens.SymmetricSecurityKey',signatureAlgorithm : 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256' 在Microsoft.IdentityModel.Logging.LogHelper.Throw(字符串消息,类型exceptionType,EventLevel日志级别,异常的InnerException)在系统.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateSignature(字节[] encodedBytes,字节[]签名,SecurityKey键,字符串算法)在System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateSignature(字符串令牌,TokenValidationParameters validationParameters) '令牌:' 令牌信息是这里'”
Token Generation Code on OAuth server
using (var ctlr = new EntityController())
{
var authRepo = ctlr.GetAuthModelRepository();
string clientId;
ticket.Properties.Dictionary.TryGetValue(WebConstants.OwinContextProps.OAuthClientIdPropertyKey, out clientId);
if (string.IsNullOrWhiteSpace(clientId))
{
throw new InvalidOperationException("AuthenticationTicket.Properties does not include audience");
}
//audience record
var client = authRepo.FindAuthClientByOAuthClientID(clientId);
var issued = ticket.Properties.IssuedUtc;
var expires = ticket.Properties.ExpiresUtc;
var hmac = new HMACSHA256(Convert.FromBase64String(client.Secret));
var signingCredentials = new SigningCredentials(
new InMemorySymmetricSecurityKey(hmac.Key),
Algorithms.HmacSha256Signature, Algorithms.Sha256Digest);
TokenValidationParameters validationParams =
new TokenValidationParameters()
{
ValidAudience = clientId,
ValidIssuer = _issuer,
ValidateLifetime = true,
ValidateAudience = true,
ValidateIssuer = true,
RequireSignedTokens = true,
RequireExpirationTime = true,
ValidateIssuerSigningKey = true,
IssuerSigningToken = new BinarySecretSecurityToken(hmac.Key)
};
var jwtHandler = new JwtSecurityTokenHandler();
var jwt = new JwtSecurityToken(_issuer, clientId, ticket.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingCredentials);
jwtOnTheWire = jwtHandler.WriteToken(jwt);
SecurityToken validatedToken = null;
jwtHandler.ValidateToken(jwtOnTheWire, validationParams,out validatedToken);
if (validatedToken == null)
return "token_validation_failed";
}
return jwtOnTheWire;
Token Consumption\validation ASP.Net 5 vNext site within Owin Startup.cs
public void ConfigureServices(IServiceCollection services)
services.ConfigureOAuthBearerAuthentication(config =>
{
//oauth validation
var clientSecret = "not the real secret";
var hmac = new HMACSHA256(Convert.FromBase64String(clientSecret));
var signingCredentials = new SigningCredentials(
new SymmetricSecurityKey(hmac.Key), Algorithms.HmacSha256Signature, Algorithms.Sha256Digest);
config.TokenValidationParameters.ValidAudience = "myappname";
config.TokenValidationParameters.ValidIssuer = "mydomain.com";
config.TokenValidationParameters.RequireSignedTokens = true;
config.TokenValidationParameters.RequireExpirationTime = true;
config.TokenValidationParameters.ValidateLifetime = true;
config.TokenValidationParameters.ValidateIssuerSigningKey = true;
config.TokenValidationParameters.ValidateSignature = true;
config.TokenValidationParameters.ValidateAudience = true;
config.TokenValidationParameters.IssuerSigningKey = signingCredentials.SigningKey;
});
public void Configure(IApplicationBuilder app)
app.UseOAuthBearerAuthentication(config =>
{
config.AuthenticationScheme = "Bearer";
config.AutomaticAuthentication = true;
});
1 回答
我能够将自己的签名验证添加到TokenValidationParameters然后我将JWT的传入Raw签名与此代码中的编译签名进行比较,如果匹配则签名有效 .
为什么使用内置签名验证没有发生这种情况超出了我的想法,也许这是vNext Identity令牌框架beta 6中的一个可能的错误 .
public void ConfigureServices(IServiceCollection services)
Encode helper method