Linux容器.Net Core 2.2上的JWT签名无效
我一直致力于实现基于JWT承载的身份验证。我正在尝试从身份验证服务器JWKS URL获取公钥,并将其加载到JsonWebKeySet。以下是我的ConfigureServices类代码:Linux容器.Net Core 2.2上的JWT签名无效,.net,asp.net-core,openshift,jwt-auth,.net,Asp.net Core,Openshift,Jwt Auth,我一直致力于实现基于JWT承载的身份验证。我正在尝试从身份验证服务器JWKS URL获取公钥,并将其加载到JsonWebKeySet。以下是我的ConfigureServices类代码: public void ConfigureServices(IServiceCollection services) { services.AddCors(o=> { o.AddPolicy("AllowAnyOrigin", b=> b.AllowAnyOrigin
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(o=> { o.AddPolicy("AllowAnyOrigin", b=> b.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader()); });
services.Configure<MvcOptions>(o => { o.Filters.Add(new CorsAuthorizationFilterFactory("AllowAnyOrigin")); });
var p = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
services.AddMvc(o=> {
o.Filters.Add(new AuthorizeFilter(p));
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
// configure strongly typed settings objects
var appSettingsSection = Configuration.GetSection("AppSettings");
services.Configure<AppSettings>(appSettingsSection);
// configure jwt authentication
var appSettings = appSettingsSection.Get<AppSettings>();
//var key = Encoding.ASCII.GetBytes(appSettings.Secret);
//Call Auth service URL to get public keys
var jwksJson = Helpers.GetKeyAsync(appSettings.jwksURL).GetAwaiter().GetResult();
//load keys from JWKS
var jwks = new JsonWebKeySet(jwksJson);
var issuerSigningKeys = jwks.Keys.ToList();
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKeys = issuerSigningKeys,
//IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
});
// configure DI for application services
services.AddScoped<IUserService, UserService>();
}
当我在本地机器(iisexpress)上用我的角度前端和邮递员运行API时,这段代码工作得非常好。然而,当我将这段代码部署到基于Openshift的Linux容器时,我总是收到401错误,说“签名无效”。我在本地和Openshift容器上使用相同的令牌进行身份验证。想知道是否是基于Linux的容器导致了这个问题。您是否找到了解决方案?我也在努力解决同样的问题:令牌验证在本地(Windows、Kestrel)运行良好,但在CentOS和Ubuntu(也是Kestrel)上,它表示签名无效。感谢您的帮助!你有没有找到解决办法?我也在努力解决同样的问题:令牌验证在本地(Windows、Kestrel)运行良好,但在CentOS和Ubuntu(也是Kestrel)上,它表示签名无效。感谢您的帮助!
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseCors("AllowAnyOrigin");
app.UseAuthentication();
app.UseMvc();
}