Veg*_*gar 2 .net c# sha256 jwt owin
我用JSONWebTokennpm模块生成了一个jot:
var jwt = require('jsonwebtoken');
var payload = {
"iss": "https://secure.example.com/",
"exp": 1410819380,
"http://example.com/orgnum": "987987987",
"http://example.com/user": "me@example.com"
};
var token = jwt.sign(payload, 'secret');
console.log(token);
这给了我以下输出:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlY3VyZS5leGFtcGxlLmNvbS8iLCJleHAiOjE0MTA4MTkzODAsImh0dHA6Ly9leGFtcGxlLmNvbS9vcmdudW0iOiI5ODc5ODc5ODciLCJodHRwOi8vZXhhbXBsZS5jb20vdXNlciI6Im1lQGV4YW1wbGUuY29tIiwiaWF0IjoxNDA4Mzk0Mjk2fQ.5X5LTg4wxDF2p49xtsRcG4S9Yk4qSfW1tMEU0AquBhc
由于我没有指定我想要的算法,因此它使用SHA256.
现在,我尝试在c#中验证这一点.这并不容易......
我得到一个关于密钥大小的例外:
IDX10603:'System.IdentityModel.Tokens.InMemorySymmetricSecurityKey'不能小于:'128'位.Parameternavn:key.KeySize实际大小为48.
II尝试扩展密钥,在创建对称密钥时出现新错误:
Base-64 char数组或字符串的长度无效
我认为这与我告诉.net代码关于我的密钥的方式有关.由于SymmetricKeyIssuerSecurityTokenProvider构造函数参数已命名base64Key,我尝试对我的密钥进行Base64Url编码:
var secret = Base64UrlEncoder.Encode("secret");
TokenValidationParameters validationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
IssuerSigningTokens = new SymmetricKeyIssuerSecurityTokenProvider(issuer, secret).SecurityTokens
};
那么,我在这里缺少什么?
为什么jsonwebtoken.net不能用短键生成和验证jots?
为什么.net不能接受我给它的钥匙?
这是完整的.net代码,带有用长键签名的jot:
var jwtToken =
"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlY3VyZS5leGFtcGxlLmNvbS8iLCJleHAiOjE0MTA4MTkzODAsImh0dHA6Ly9leGFtcGxlLmNvbS9vcmdudW0iOiI5ODc5ODc5ODciLCJodHRwOi8vZXhhbXBsZS5jb20vdXNlciI6Im1lQGV4YW1wbGUuY29tIiwiaWF0IjoxNDA4Mzk1NjY4fQ.ZceiiEO_Mn5_GZp5D_r68VTT33fbocn1BTTznD6u3cs";
var secret = Base64UrlEncoder.Encode("super duper secret with some more on top");
TokenValidationParameters validationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
IssuerSigningTokens = new SymmetricKeyIssuerSecurityTokenProvider("issuer", secret).SecurityTokens
};
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler()
{
Configuration = new SecurityTokenHandlerConfiguration()
{
CertificateValidationMode = X509CertificateValidationMode.None
}
};
SecurityToken validatedToken;
var claimsPrincipal = tokenHandler.ValidateToken(jwtToken, validationParameters, out validatedToken);
return claimsPrincipal.Claims;
更新:
我在这段代码中只使用了微软的东西.我使用Owin的软件包Microsoft.Owin.Security.Jwt版本2.1.0与System.IdentityModel.Tokens.Jwt版本4.0.0-RC2.
有多篇博客帖子说明你需要手动更新System.IdentityModel.Tokens.Jwt软件包.
我不确定您使用的是什么API,因为官方的Microsoft不包含您正在使用的属性.我的猜测是,你使用的是过时的版本.
我从这个Nuget包中获取了API .这是代码,对我有用:
using System;
using System.Collections.Generic;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.Security.Claims;
using System.ServiceModel.Security.Tokens;
using System.Text;
namespace SO25372035
{
class Program
{
static void Main()
{
const string tokenString = @"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlY3VyZS5leGFtcGxlLmNvbS8iLCJleHAiOjE0MTA4MTkzODAsImh0dHA6Ly9leGFtcGxlLmNvbS9vcmdudW0iOiI5ODc5ODc5ODciLCJodHRwOi8vZXhhbXBsZS5jb20vdXNlciI6Im1lQGV4YW1wbGUuY29tIiwiaWF0IjoxNDA4NDE5NTQwfQ.jW9KChUTcgXMDp5CnTiXovtQZsN4X-M-V6_4rzu8Zk8";
JwtSecurityToken tokenReceived = new JwtSecurityToken(tokenString);
byte[] keyBytes = Encoding.UTF8.GetBytes("secret");
if (keyBytes.Length < 64 && tokenReceived.SignatureAlgorithm == "HS256")
{
Array.Resize(ref keyBytes, 64);
}
TokenValidationParameters validationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
AudienceUriMode = AudienceUriMode.Never,
SigningToken = new BinarySecretSecurityToken(keyBytes),
};
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(tokenReceived, validationParameters);
IEnumerable<Claim> a = claimsPrincipal.Claims;
foreach (var claim in a)
{
Console.WriteLine(claim);
}
}
}
}
请注意,我必须调整包含密钥的数组的大小,以便密钥长度通过验证.看起来 HMAC的密钥长度总是等于块大小,SHA256的密钥长度是512位.有MinimumSymmetricKeySizeInBits静态属性限定SimmetricKey的最小长度,但它似乎它不能被设置为小于128.
| 归档时间: |
|
| 查看次数: |
14907 次 |
| 最近记录: |