Asp.net web api web api中的Json web令牌在其到期后未验证刷新令牌
我正在使用OAuth 2对WEB API使用JWT身份验证。我正在使用刷新令牌机制。我能够在到期之前生成刷新令牌并从中调用API服务。一旦令牌过期,我将调用服务以使用刷新令牌id发布新令牌。但在我的CustomJWTFormat类UnProtect方法中,由于它没有实现任何逻辑,所以它的给定错误。我不知道要实现什么逻辑来重新发布JWT刷新令牌 配置serviec以使用JSON web令牌格式的示例代码:Asp.net web api web api中的Json web令牌在其到期后未验证刷新令牌,asp.net-web-api,oauth-2.0,owin,access-token,jwt,Asp.net Web Api,Oauth 2.0,Owin,Access Token,Jwt,我正在使用OAuth 2对WEB API使用JWT身份验证。我正在使用刷新令牌机制。我能够在到期之前生成刷新令牌并从中调用API服务。一旦令牌过期,我将调用服务以使用刷新令牌id发布新令牌。但在我的CustomJWTFormat类UnProtect方法中,由于它没有实现任何逻辑,所以它的给定错误。我不知道要实现什么逻辑来重新发布JWT刷新令牌 配置serviec以使用JSON web令牌格式的示例代码: OAuthAuthorizationServerOptions OAuthServerOpt
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(5),
Provider = new SimpleAuthorizationServerProvider(),
RefreshTokenProvider = new SimpleRefreshTokenProvider(),
AccessTokenFormat = new CustomJwtFormat(<issuer>),
RefreshTokenFormat = new CustomJwtFormat(<issuer>)
};
OAuthAuthorizationServerOptions OAuthServerOptions=new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp=true,
TokenEndpointPath=新路径字符串(“/token”),
AccessTokenExpireTimeSpan=TimeSpan.FromMinutes(5),
Provider=新的SimpleAuthorizationServerProvider(),
RefreshTokenProvider=新的SimpleRefreshTokenProvider(),
AccessTokenFormat=新的CustomJwtFormat(),
RefreshTokenFormat=新的CustomJwtFormat()
};
public class CustomJwtFormat : ISecureDataFormat<AuthenticationTicket>
{
private const string AudiencePropertyKey = "as:client_id";
private readonly string _issuer = string.Empty;
private string symmetricKeyAsBase64 = string.Empty;
public CustomJwtFormat(string issuer)
{
_issuer = issuer;
}
public string Protect(AuthenticationTicket data)
{
if (data == null)
{
throw new ArgumentNullException("data");
}
string audienceId = data.Properties.Dictionary.ContainsKey(AudiencePropertyKey) ? data.Properties.Dictionary[AudiencePropertyKey] : null;
if (string.IsNullOrWhiteSpace(audienceId))
{
audienceId = <audience>;
symmetricKeyAsBase64 = <secret key>;
}
else
{
using (AuthRepository _repo = new AuthRepository())
{
var audience = _repo.FindClient(audienceId);
symmetricKeyAsBase64 = audience.Secret;
}
}
var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64);
var signingKey = new HmacSigningCredentials(keyByteArray);
var issued = data.Properties.IssuedUtc;
var expires = data.Properties.ExpiresUtc;
var token = new JwtSecurityToken(_issuer, audienceId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey);
var handler = new JwtSecurityTokenHandler();
var jwt = handler.WriteToken(token);
return jwt;
}
///Need logic for this method. Its calling when service is called to generated new token for refresh id
public AuthenticationTicket Unprotect(string protectedText)
{
throw NotImplementedException();
}
}
公共类CustomJwtFormat:ISecureDataFormat
{
private const string audencePropertyKey=“as:client\u id”;
私有只读字符串_issuer=string.Empty;
私有字符串symmetricKeyAsBase64=string.Empty;
公共自定义JWTFormat(字符串颁发者)
{
_发行人=发行人;
}
公共字符串保护(AuthenticationTicket数据)
{
如果(数据==null)
{
抛出新的异常(“数据”);
}
字符串audenceId=data.Properties.Dictionary.ContainsKey(audencePropertyKey)?data.Properties.Dictionary[audencePropertyKey]:null;
if(string.IsNullOrWhiteSpace(audienceId))
{
audenceid=;
symmetricKeyAsBase64=;
}
其他的
{
使用(AuthRepository\u repo=new AuthRepository())
{
var受众=_repo.FindClient(audienceId);
symmetricKeyAsBase64=观众。秘密;
}
}
var keyByteArray=textcodings.Base64Url.Decode(symmetricKeyAsBase64);
var signingKey=新的HmacSigningCredentials(keyByteArray);
发布的var=data.Properties.IssuedUtc;
var expires=data.Properties.ExpiresUtc;
var token=新的JwtSecurityToken(_发卡机构,audienceId,data.Identity.Claims,issued.Value.UtcDateTime,expires.Value.UtcDateTime,signingKey);
var handler=新的JwtSecurityTokenHandler();
var jwt=handler.WriteToken(令牌);
返回jwt;
}
///此方法需要逻辑。在调用服务以生成刷新id的新令牌时调用此方法
公共身份验证票证取消保护(字符串保护文本)
{
抛出NotImplementedException();
}
}
任何帮助都将不胜感激 看看这个示例,让您了解如何验证令牌 特别是Global.asax.cs