Asp.net core ASP.NET核心JWT身份验证是否支持多个对称签名密钥?
有些库支持多个对称签名密钥的概念Asp.net core ASP.NET核心JWT身份验证是否支持多个对称签名密钥?,asp.net-core,jwt,Asp.net Core,Jwt,有些库支持多个对称签名密钥的概念 如果可能的话,我想使用微软提供的微软.AspNetCore.Authentication.JwtBearer实现。该实现是否支持多个对称签名密钥 该类似乎只支持一个键 多次调用jwtbeareExtensions.AddJwtBearer引发异常:InvalidOperationException:方案已存在:Bearer 想要支持多个签名密钥的原因是为了支持滚动密钥方案。TokenValidationParameters中的自定义issueSignin
jwtbeareExtensions.AddJwtBearer
引发异常:InvalidOperationException:方案已存在:Bearer
想要支持多个签名密钥的原因是为了支持滚动密钥方案。
TokenValidationParameters
中的自定义issueSigningKeyResolver
可用于提供多个密钥:
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKeyResolver = (string token, SecurityToken securityToken, string kid, TokenValidationParameters validationParameters) =>
{
List<SecurityKey> keys = new List<SecurityKey>();
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("yourFirstkey"));
keys.Add(signingKey);
var signingKey1 = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("yourSecondkey"));
keys.Add(signingKey1);
return keys;
},
ValidateIssuer = false,
ValidateAudience = false
};
});
services.AddAuthentication(x=>
{
x、 DefaultAuthenticateScheme=JwtBearerDefaults.AuthenticationScheme;
x、 DefaultChallengeScheme=JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x=>
{
x、 RequireHttpsMetadata=false;
x、 SaveToken=true;
x、 TokenValidationParameters=新的TokenValidationParameters
{
ValidateSuersigningKey=true,
IssuerSigningKeyResolver=(string token、SecurityToken SecurityToken、string kid、TokenValidationParameters validationParameters)=>
{
列表键=新列表();
var-signingKey=new-SymmetricSecurityKey(Encoding.ASCII.GetBytes(“yourFirstkey”);
密钥。添加(签名密钥);
var signingKey1=新的SymmetricSecurityKey(Encoding.ASCII.GetBytes(“yourSecondkey”);
密钥。添加(签名密钥1);
返回键;
},
validateisuer=false,
ValidateAudience=false
};
});
JWTBeareOptions令牌验证参数
属性包含一个IssuerSigningKeys
属性,允许您提供多个安全密钥
services
.AddAuthentication("Bearer")
.AddJwtBearer("Bearer", options =>
{
options.TokenValidationParameters = new TokenValidationParameters()
{
IssuerSigningKeys = new[]
{
new RsaSecurityKey(signingKey01),
new RsaSecurityKey(signingKey02),
},
};
});