Asp.net mvc TypeLoadException与JWT身份验证相关的AsymmetricSignatureProvider
我有一个ASP.NET 5/Core RC1 MVC(WebApi)应用程序,它与auth0接口,使用JWT令牌进行承载身份验证。应用程序使用Asp.net mvc TypeLoadException与JWT身份验证相关的AsymmetricSignatureProvider,asp.net-mvc,mono,jwt,auth0,asp.net5,Asp.net Mvc,Mono,Jwt,Auth0,Asp.net5,我有一个ASP.NET 5/Core RC1 MVC(WebApi)应用程序,它与auth0接口,使用JWT令牌进行承载身份验证。应用程序使用dnx451作为框架(由于不支持的依赖关系,因此不是CORECRL) 在Windows上运行应用程序时,它工作得非常好。 但是我想在Ubuntu上运行它,使用Mono作为dnx451的运行时。在那里,应用程序运行,但只要我向它发出请求,它就会返回内部服务器错误500 日志输出: info: Microsoft.AspNet.Hosting.Internal
dnx451
作为框架(由于不支持的依赖关系,因此不是CORECRL)
在Windows上运行应用程序时,它工作得非常好。
但是我想在Ubuntu上运行它,使用Mono作为dnx451
的运行时。在那里,应用程序运行,但只要我向它发出请求,它就会返回内部服务器错误500
日志输出:
info: Microsoft.AspNet.Hosting.Internal.HostingEngine[3]
Request finished in 0.0006ms 500
fail: Microsoft.AspNet.Server.Kestrel[13]
An unhandled exception was thrown by the application.
System.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed. Keys tried: 'System.IdentityModel.Tokens.X509SecurityKey , KeyId: MTZBREFEQ0M5NUQ2RDY3RDkzM0E0RDYwMDdCM0I4QUY1MDc3RUNDNA
'.
Exceptions caught:
'System.TypeLoadException: Could not load type 'System.IdentityModel.Tokens.AsymmetricSignatureProvider' from assembly 'System.IdentityModel.Tokens, Version=5.0.0.112, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.
at System.IdentityModel.Tokens.SignatureProviderFactory.CreateForVerifying (System.IdentityModel.Tokens.SecurityKey key, System.String algorithm) <0x4067def0 + 0x0001b> in <filename unknown>:0
at System.IdentityModel.Tokens.X509SecurityKey.GetSignatureProvider (System.String algorithm, Boolean verifyOnly) <0x4067de30 + 0x00057> in <filename unknown>:0
at System.IdentityModel.Tokens.SecurityKey.GetSignatureProviderForValidating (System.String algorithm) <0x4067de00 + 0x0001a> in <filename unknown>:0
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature (System.Byte[] encodedBytes, System.Byte[] signature, System.IdentityModel.Tokens.SecurityKey key, System.String algorithm) <0x4067dcb0 + 0x0003f> in <filename unknown>:0
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature (System.String token, System.IdentityModel.Tokens.TokenValidationParameters validationParameters) <0x40679070 + 0x004b3> in <filename unknown>:0
'.
token: '{"alg":"RS256","typ":"JWT","kid":"MTZBREFEQ0M5NUQ2RDY3RDkzM0E0RDYwMDdCM0I4QUY1MDc3RUNDNA"}.{"iss":"**********","sub":"*****************","aud":"****************","exp":1464737848,"iat":1464701848}'
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature (System.String token, System.IdentityModel.Tokens.TokenValidationParameters validationParameters) <0x40679070 + 0x0096b> in <filename unknown>:0
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken (System.String token, System.IdentityModel.Tokens.TokenValidationParameters validationParameters, System.IdentityModel.Tokens.SecurityToken& validatedToken) <0x406782f0 + 0x0021d> in <filename unknown>:0
at Microsoft.AspNet.Authentication.JwtBearer.JwtBearerHandler+<HandleAuthenticateAsync>d__1.MoveNext () <0x41f5bcf0 + 0x011c4> in <filename unknown>:0
info:Microsoft.AspNet.Hosting.Internal.HostingEngine[3]
请求在0.0006ms 500内完成
失败:Microsoft.AspNet.Server.Kestrel[13]
应用程序引发了未处理的异常。
System.IdentityModel.Tokens.SecurityTokenInvalidSignatureException:IDX10503:签名验证失败。尝试的密钥:“System.IdentityModel.Tokens.X509SecurityKey,KeyId:MTZBREFEQ0M5NUQ2RDY3RDkzM0E0RDYwMDdCM0I4QUY1MDc3RUNDNA”
'.
捕获的异常:
'System.TypeLoadException:无法从程序集'System.IdentityModel.Tokens.AsymmetricSignatureProvider',System.IdentityModel.Tokens,Version=5.0.0.112,Culture=neutral,PublicKeyToken=31bf3856ad364e35'加载类型'System.IdentityModel.Tokens.AsymmetricSignatureProvider'。
位于0中的System.IdentityModel.Tokens.SignatureProviderFactory.CreateforVerification(System.IdentityModel.Tokens.SecurityKey,System.String算法)
位于:0中的System.IdentityModel.Tokens.X509SecurityKey.GetSignatureProvider(System.String算法,仅布尔验证)
在0中的System.IdentityModel.Tokens.SecurityKey.GetSignatureProviderForValidating(System.String算法)中
位于:0中的System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(System.Byte[]encodedBytes,System.Byte[]签名,System.IdentityModel.Tokens.SecurityKey密钥,System.String算法)
位于:0中的System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(System.String token,System.IdentityModel.Tokens.TokenValidationParameters validationParameters)
'.
代币:{“alg”:“RS256”,“typ”:“JWT”,“kid”:“MTZBREFEQ0M5NUQ2RDY3RDKZM0E0RDYWMDCM0I4QUY1MDC3RUNDNA”}.{“iss”:“****************”,“sub”:“*******************”,“aud”:“*************************”,“exp”:1464737848,“iat”:146471848}
位于:0中的System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(System.String token,System.IdentityModel.Tokens.TokenValidationParameters validationParameters)
位于:0中的System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(System.String令牌、System.IdentityModel.Tokens.TokenValidationParameters validationParameters、System.IdentityModel.Tokens.SecurityToken&ValidateToken)
在Microsoft.AspNet.Authentication.JwtBearer.JwtBearerHandler+d_u1.MoveNext()中:0
这是与Mono/ASP.NET 5的普遍不兼容还是有什么办法?出现此问题的原因是
AsymmetricSignatureProvider
具有windows封送,即使您使用的是SymmetricSecurityKey
也会加载。如果您愿意使用SymmetricSecurity Key,这里有一个解决方法:
signingKey.CryptoProviderFactory = new MonoFriendlyCryptoProviderFactory(_LoggerFactory.CreateLogger<MonoFriendlyCryptoProviderFactory>());
public class MonoFriendlyCryptoProviderFactory : CryptoProviderFactory
{
private readonly ILogger _Logger;
public MonoFriendlyCryptoProviderFactory(ILogger logger)
{
_Logger = logger;
}
public override SignatureProvider CreateForSigning(SecurityKey key, string algorithm)
{
return CreateProvider(key, algorithm, true);
}
public override SignatureProvider CreateForVerifying(SecurityKey key, string algorithm)
{
return CreateProvider(key, algorithm, false);
}
private SignatureProvider CreateProvider(SecurityKey key, string algorithm, bool willCreateSignatures)
{
_Logger?.LogDebug($"Creating {algorithm} provider for {key.KeyId} for {(willCreateSignatures ? "signing" : "verifying")}");
if (key == null)
throw new ArgumentNullException(nameof(key));
if (string.IsNullOrWhiteSpace(algorithm))
throw new ArgumentNullException(nameof(algorithm));
//AsymmetricSecurityKey asymmetricSecurityKey = key as AsymmetricSecurityKey;
//if (asymmetricSecurityKey != null)
// return new AsymmetricSignatureProvider(asymmetricSecurityKey, algorithm, willCreateSignatures, this.AsymmetricAlgorithmResolver);
SymmetricSecurityKey symmetricSecurityKey = key as SymmetricSecurityKey;
if (symmetricSecurityKey != null)
return new SymmetricSignatureProvider(symmetricSecurityKey, algorithm);
JsonWebKey jsonWebKey = key as JsonWebKey;
if (jsonWebKey != null && jsonWebKey.Kty != null)
{
//if (jsonWebKey.Kty == "RSA" || jsonWebKey.Kty == "EC")
// return new AsymmetricSignatureProvider(key, algorithm, willCreateSignatures, this.AsymmetricAlgorithmResolver);
if (jsonWebKey.Kty == "oct")
return new SymmetricSignatureProvider(key, algorithm);
}
throw new ArgumentException($"{typeof(SignatureProvider)} supports: '{typeof(SecurityKey)}' of types: '{typeof(AsymmetricSecurityKey)}' or '{typeof(AsymmetricSecurityKey)}'. SecurityKey received was of type: '{key.GetType()}'.");
}
}
signingKey.CryptoProviderFactory=新的MonoFriendlyCryptoProviderFactory(_LoggerFactory.CreateLogger());
公共类MonoFriendlyCryptoProviderFactory:CryptoProviderFactory
{
专用只读ILogger\u记录器;
公共单友好型LyptoProviderFactory(ILogger记录器)
{
_记录器=记录器;
}
公共覆盖签名提供者CreateForSigning(SecurityKey,字符串算法)
{
返回CreateProvider(键、算法、true);
}
公共覆盖签名Provider CreateForVerification(安全密钥、字符串算法)
{
返回CreateProvider(键、算法、false);
}
private SignatureProvider CreateProvider(安全密钥、字符串算法、布尔willCreateSignatures)
{
_Logger?.LogDebug($“为{key.KeyId}创建{algorithm}提供程序,用于{(willCreateSignatures?“签名”:“验证”)});
if(key==null)
抛出新ArgumentNullException(nameof(key));
if(string.IsNullOrWhiteSpace(算法))
抛出新ArgumentNullException(nameof(algorithm));
//AsymmetricSecurityKey AsymmetricSecurityKey=密钥作为AsymmetricSecurityKey;
//if(asymmetricSecurityKey!=null)
//返回新的AsymmetricSignatureProvider(asymmetricSecurityKey,算法,willCreateSignatures,this.AsymmetricGorithmResolver);
SymmetricSecurityKey SymmetricSecurityKey=密钥作为SymmetricSecurityKey;
if(symmetricSecurityKey!=null)
返回新的SymmetricSignatureProvider(symmetricSecurityKey,算法);
JsonWebKey JsonWebKey=key作为JsonWebKey;
if(jsonWebKey!=null&&jsonWebKey.Kty!=null)
{
//if(jsonWebKey.Kty==“RSA”| | jsonWebKey.Kty==“EC”)
//返回新的AsymmetricSignatureProvider(密钥、算法、willCreateSignatures、this.AsymmetricGorithmResolver);
如果(jsonWebKey.Kty==“十月”)
返回新的SymmetricSignatureProvider(键、算法);
}
抛出新ArgumentException($“{typeof(SignatureProvider)}支持:{typeof(SecurityKey)}”类型:{typeof(AsymmetricSecurityKey)}或{typeof(AsymmetricSecurityKey)}。收到的SecurityKey类型为:{key.GetType()}”;
}
}
这与Microsoft.IdentityModel.Tokens的rc2版本相同,只是注释掉的部分没有功能,如果您不使用AsymmetricSecurityKey
net45x
是唯一的选项,因为dnx已经被删除,而且很多个月内各种驱动程序都不会以coreclr为目标。您使用的是什么版本的ubuntu和什么版本的mono?mono JIT编译器版本4.2.3(稳定的4.2.3.4/832de4b)
和ubuntu