Asp.net mvc 5 IDX12709:CanReadToken()返回false。JWT格式不正确-开放ID连接身份验证
我们正在使用open id connect在asp.net mvc应用程序中实现身份验证Asp.net mvc 5 IDX12709:CanReadToken()返回false。JWT格式不正确-开放ID连接身份验证,asp.net-mvc-5,azure-active-directory,openid-connect,Asp.net Mvc 5,Azure Active Directory,Openid Connect,我们正在使用open id connect在asp.net mvc应用程序中实现身份验证 app.UseKentorOwinCookieSaver(); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "Cookies", CookieManager = new Microsoft.O
app.UseKentorOwinCookieSaver();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager()
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = RedirectUri,
ResponseType = OpenIdConnectResponseType.Code,
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretkey)),
ValidateIssuer = true,
ValidIssuer = authority,
ValidateAudience = true
// ValidAudience = strAudience
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// when an auth code is received...
AuthorizationCodeReceived = (context) => {
// get the OpenID Connect code passed from Azure AD on successful auth
string code = context.Code;
var handler = new JwtSecurityTokenHandler();
var token = handler.ReadJwtToken(code);
//// successful auth
return Task.FromResult(0);
},
SecurityTokenValidated = (ctx) =>
{
// We can remove claims that are not necessary in this context, mitigating the cookie size.
var identity = ctx.AuthenticationTicket.Identity;
return Task.FromResult(0);
},
AuthenticationFailed = (context) => {
context.HandleResponse();
return Task.FromResult(0);
}
}
});
身份验证成功,我能够获得代码
我正在控制器中使用Authorize属性
使用msal,我们收到了auth令牌和id_令牌。我得到了正确的令牌,但在得到令牌之后,我得到了无限循环。我也习惯于使用KentoroWinCookieSaver。但是什么也没用。授权代码不是JWT。 您可以使用它从Azure AD的令牌端点获取JWTs 您可以为此使用MSAL(Microsoft身份验证库),也可以自己拨打电话。
谢谢,我建议msal获取身份验证令牌和身份证令牌。我得到了正确的令牌,但在得到令牌之后,我得到了无限循环。我也习惯于使用KentoroWinCookieSaver。但一切都不起作用。