C# Microsoft.Owin.Security.OAuth.OAuthBeareAuthenticationMiddleware警告:0:接收到无效的承载令牌
每次用户试图访问受保护的api端点时,我都会收到此警告。身份验证工作正常,用户似乎已经通过了身份验证,但我一直无法理解为什么这个错误会不断发生。我在未启用https/ssl的本地主机开发服务器上运行此操作。我可能错过了一步,但我不太确定。我使用自定义提供程序实现了令牌身份验证以及刷新令牌。然后实现了用于生成令牌的自定义jwt格式 这是应用程序输出日志中的警告: Microsoft.Owin.Security.OAuth.OAuthBeareAuthenticationMiddleware 警告:0:接收到无效的承载令牌 SimpleJWTFormat.cs:指定jwt令牌的格式C# Microsoft.Owin.Security.OAuth.OAuthBeareAuthenticationMiddleware警告:0:接收到无效的承载令牌,c#,asp.net-web-api,oauth-2.0,jwt,asp.net-identity,C#,Asp.net Web Api,Oauth 2.0,Jwt,Asp.net Identity,每次用户试图访问受保护的api端点时,我都会收到此警告。身份验证工作正常,用户似乎已经通过了身份验证,但我一直无法理解为什么这个错误会不断发生。我在未启用https/ssl的本地主机开发服务器上运行此操作。我可能错过了一步,但我不太确定。我使用自定义提供程序实现了令牌身份验证以及刷新令牌。然后实现了用于生成令牌的自定义jwt格式 这是应用程序输出日志中的警告: Microsoft.Owin.Security.OAuth.OAuthBeareAuthenticationMiddleware 警告:
public class SimpleJwtFormat : ISecureDataFormat<AuthenticationTicket>
{
private readonly string _issuer = string.Empty;
public SimpleJwtFormat(string issuer)
{
_issuer = issuer;
}
public string Protect(AuthenticationTicket data)
{
if (data == null)
{
throw new ArgumentNullException("data");
}
string audienceId = ConfigurationManager.AppSettings["as:AudienceId"];
string symmetricKeyAsBase64 = ConfigurationManager.AppSettings["as:AudienceSecret"];
var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64);
//var signingKey = new HmacSigningCredentials(keyByteArray);
var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(keyByteArray);
securityKey.KeyId = ConfigurationManager.AppSettings["as:AudienceId"];
var signingCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
var issued = data.Properties.IssuedUtc;
var expires = data.Properties.ExpiresUtc;
var token = new JwtSecurityToken(_issuer, audienceId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingCredentials);
//token.SigningKey = securityKey;
var handler = new JwtSecurityTokenHandler();
var jwt = handler.WriteToken(token);
return jwt;
}
public AuthenticationTicket Unprotect(string protectedText)
{
string symmetricKeyAsBase64 = ConfigurationManager.AppSettings["as:AudienceSecret"];
string audienceId = ConfigurationManager.AppSettings["as:AudienceId"];
var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64);
var signingKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(keyByteArray);
var tokenValidationParameters = new TokenValidationParameters
{
ValidAudience = audienceId,
ValidIssuer = _issuer,
IssuerSigningKey = signingKey,
ValidateLifetime = true,
ValidateAudience = true,
ValidateIssuer = true,
RequireSignedTokens = true,
RequireExpirationTime = true,
ValidateIssuerSigningKey = true
};
var handler = new JwtSecurityTokenHandler();
SecurityToken token = null;
// Unpack token
var pt = handler.ReadToken(protectedText);
string t = ((JwtSecurityToken)pt).RawData;
var principal = handler.ValidateToken(t, tokenValidationParameters, out token);
var identity = principal.Identities;
return new AuthenticationTicket(identity.First(), new AuthenticationProperties());
}
}
公共类SimpleJwtFormat:ISecureDataFormat
{
私有只读字符串_issuer=string.Empty;
公共SimpleJwtFormat(字符串颁发者)
{
_发行人=发行人;
}
公共字符串保护(AuthenticationTicket数据)
{
如果(数据==null)
{
抛出新的异常(“数据”);
}
字符串audenceid=ConfigurationManager.AppSettings[“as:audenceid”];
string symmetricKeyAsBase64=ConfigurationManager.AppSettings[“as:audencescret”];
var keyByteArray=textcodings.Base64Url.Decode(symmetricKeyAsBase64);
//var signingKey=新的HmacSigningCredentials(keyByteArray);
var securityKey=new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(keyByteArray);
securityKey.KeyId=ConfigurationManager.AppSettings[“as:AudienceId”];
var signingCredentials=new Microsoft.IdentityModel.Tokens.signingCredentials(securityKey,SecurityAlgorithms.HmacSha256Signature);
发布的var=data.Properties.IssuedUtc;
var expires=data.Properties.ExpiresUtc;
var token=新的JwtSecurityToken(_发卡机构,audienceId,data.Identity.Claims,issued.Value.UtcDateTime,expires.Value.UtcDateTime,signingCredentials);
//token.SigningKey=securityKey;
var handler=新的JwtSecurityTokenHandler();
var jwt=handler.WriteToken(令牌);
返回jwt;
}
公共身份验证票证取消保护(字符串保护文本)
{
string symmetricKeyAsBase64=ConfigurationManager.AppSettings[“as:audencescret”];
字符串audenceid=ConfigurationManager.AppSettings[“as:audenceid”];
var keyByteArray=textcodings.Base64Url.Decode(symmetricKeyAsBase64);
var signingKey=new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(keyByteArray);
var tokenValidationParameters=新的tokenValidationParameters
{
Validudience=audienceId,
ValidisUser=_发行人,
IssuerSigningKey=签名密钥,
ValidateLifetime=true,
ValidateAudience=true,
validateisuer=true,
RequiredSignedTokens=真,
RequireExpirationTime=true,
ValidateSuersigningKey=true
};
var handler=新的JwtSecurityTokenHandler();
SecurityToken=null;
//解包令牌
var pt=handler.ReadToken(protectedText);
字符串t=((JwtSecurityToken)pt).RawData;
var principal=handler.ValidateToken(t,tokenValidationParameters,out-token);
var identity=主体身份;
返回新的AuthenticationTicket(identity.First(),new AuthenticationProperties());
}
}
问题是我没有调用应用程序。请在Startup.cs文件中使用OAuthBeareAuthentication,并指定自定义令牌格式
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
AccessTokenFormat = _tokenFormat
});