C# 验证JWT是否得到一个奇怪的“;无法匹配密钥kid”;错误
我试图使用下面的代码验证一个有效的JWT,但遇到了一个奇怪的错误C# 验证JWT是否得到一个奇怪的“;无法匹配密钥kid”;错误,c#,oauth-2.0,jwt,owin,claims-based-identity,C#,Oauth 2.0,Jwt,Owin,Claims Based Identity,我试图使用下面的代码验证一个有效的JWT,但遇到了一个奇怪的错误 "IDX10501: Signature validation failed. Unable to match key: kid: 'System.String'. Exceptions caught: 'System.Text.StringBuilder'. token: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'." 这是我的验证方法 Cl
"IDX10501: Signature validation failed. Unable to match key:
kid: 'System.String'.
Exceptions caught:
'System.Text.StringBuilder'.
token: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'."
ClaimsPrincipal principal = null;
var token = "JWT GOES HERE"
try
{
string sec = "000uVmTXj5EzRjlnqruWF78JQZMT";
var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(sec));
var now = DateTime.UtcNow;
SecurityToken securityToken;
string tokenIssuer = "https://MyIssuer.com";
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
ValidIssuer = tokenIssuer,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = securityKey
};
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
principal = handler.ValidateToken(token, validationParameters, out securityToken); <---Errors here
}
IDX10501: Signature validation failed. Unable to match key:
kid: 'dev'.
Exceptions caught:
'System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'RS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.SymmetricSecurityKey, KeyId: '', InternalId: 'TdfWgWjCVeM60F3C5TOogJuka1aR5FA_xchwhY9MHH4'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures, Boolean cacheProvider)
尝试使用SecurityAlgorithms.HmacSha256 颁发令牌时的示例:
Users user=\u context.Users.FirstOrDefault(c=>c.UserName==UserName&&c.Password==Password);
if(user==null)
{
未经授权返回();
}
索赔[]索赔=新索赔[]
{
新声明(“Id”,user.Id.ToString()),
新索赔(“名称”,用户名),
新索赔(“电子邮件”,user.Email),
};
var securityKey=new SymmetricSecurityKey(Encoding.UTF8.GetBytes(“000uVmTXj5EzRjlnqruWF78JQZMT”);
var signingCredentials=新的signingCredentials(securityKey,SecurityAlgorithms.HmacSha256);
var令牌=新
JwtSecurityToken(
“我的项目”,
“我的客户”,
声称,
过期:DateTime.Now.AddMinutes(30),
签名凭证:签名凭证);
返回Ok(新的JwtSecurityTokenHandler().WriteToken(令牌));
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(选项=>
{
options.RequireHttpsMetadata=false;
options.SaveToken=true;
options.TokenValidationParameters=新的TokenValidationParameters()
{
validateisuer=true,
ValidateAudience=true,
ValidAudience=“MyClient”,
validisuser=“MyProject”,
IssuerSigningKey=new SymmetricSecurityKey(Encoding.UTF8.GetBytes(“000uVmTXj5EzRjlnqruWF78JQZMT”))
};
});
app.UseAuthentication();
app.UseAuthorization();
尝试改用对称算法,如HS256(HMAC-SHA256)。嘿,SymetricSecurityKey编码不应该是ASCII```新的SymetricSecurityKey(encoding.ASCII.GetBytes(sec))```我不太确定它应该是什么,这就是为什么我在指定使用的密钥ID时询问它的帮助
var securityKey=new-SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(sec)){KeyId=“dev”}IDX10501: Signature validation failed. Unable to match key:
kid: 'dev'.
Exceptions caught:
'System.NotSupportedException: IDX10634: Unable to create the SignatureProvider.
Algorithm: 'RS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.SymmetricSecurityKey, KeyId: '', InternalId: 'TdfWgWjCVeM60F3C5TOogJuka1aR5FA_xchwhY9MHH4'.'
is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures, Boolean cacheProvider)