Rob*_*ert 20 .net c# security wcf-security jwt
在尝试验证令牌时,我得到以下异常的原因是什么?
TokenValidationParameters validationParameters = new TokenValidationParameters();
validationParameters.ValidIssuers = new List<string>() { "http://www.company.com" };
validationParameters.IssuerSigningToken = new RsaSecurityToken(
(System.Security.Cryptography.RSACryptoServiceProvider) Certificate.Get().PublicKey.Key);
SecurityToken securityToken = null;
var claimsPrincipal =
(FederatedAuthentication
.FederationConfiguration
.IdentityConfiguration
.SecurityTokenHandlers
.First() as JwtSecurityTokenHandler)
.ValidateToken(tokenString, validationParameters, out securityToken);
错误:
IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier:
'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 2,
Clause[0] = X509ThumbprintKeyIdentifierClause(
Hash = 0x6B7ACC520305BFDB4F7252DAEB2177CC091FAAE1),
Clause[1] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause
)
',
token: '{"typ":"JWT","alg":"RS256","
根据错误,我认为您需要添加 x509 安全密钥或凭据,如下所示:
var credentials = new X509CertificateCredentials(
Certificate.Get(),
new SecurityKeyIdentifier(
new NamedKeySecurityKeyIdentifierClause(
"kid",
"6B7ACC520305BFDB4F7252DAEB2177CC091FAAE1")));
例如这部分:
new SecurityKeyIdentifier(
new NamedKeySecurityKeyIdentifierClause(
"kid",
"6B7ACC520305BFDB4F7252DAEB2177CC091FAAE1")
另外,请确保您的证书已安装在根存储中。