Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/301.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# ASP.NET核心:验证Auth0';s JWT令牌_C#_.net Core_Jwt_Token_Auth0 - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# ASP.NET核心:验证Auth0';s JWT令牌

C# ASP.NET核心:验证Auth0';s JWT令牌

c# .net-core jwt

C# ASP.NET核心:验证Auth0';s JWT令牌,c#,.net-core,jwt,token,auth0,C#,.net Core,Jwt,Token,Auth0,我正在使用Auth0并解析其idToken服务器端,如下所示: var tokenHandler = new JwtSecurityTokenHandler(); var jwtToken = tokenHandler.ReadJwtToken(idToken); // idToken comes from client using auth0.js var sub = jwtToken.Claims.First(claim => claim.Type == "su

我正在使用Auth0并解析其
idToken
服务器端,如下所示:

    var tokenHandler = new JwtSecurityTokenHandler();
    var jwtToken = tokenHandler.ReadJwtToken(idToken); // idToken comes from client using auth0.js
    var sub = jwtToken.Claims.First(claim => claim.Type == "sub").Value;

var securityToken = (JwtSecurityToken)validatedToken;
var userId = user.Claims.First(c => c.Type == ClaimTypes.NameIdentifier).Value;
上述代码运行良好,我能够成功解析
idToken
,但我想在信任
idToken
之前验证它,因此我尝试了以下方法:

        string clientSecret = "{client_secret}"; // comes from Auth0 application's client secret
        var validations = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidateAudience = true,
            ValidateIssuerSigningKey = true,
            ValidIssuer = "some value", // used "iss" from here: https://jwt.io/
            ValidAudience = "some value", // used "aud" from here: https://jwt.io/
            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(clientSecret)),
        };

        var principal = tokenHandler.ValidateToken(idToken, validations, out var validatedToken);
尝试验证令牌时,会导致以下异常:

Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException
  HResult=0x80131500
  Message=IDX10501: Signature validation failed. Unable to match key: 
kid: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'
我通过解析这里的一个标记抓取了颁发者和受众值:。客户端密码是我的应用程序在Auth0的客户端密码

如何使用JwtSecurityTokenHandler验证Auth0的
idToken

要手动验证Auth0的JWT令牌,您需要以下两个Nuget包:

System.IdentityModel.Tokens.Jwt
Microsoft.IdentityModel.Protocols.OpenIdConnect
然后从Auth0的应用程序设置中获取这些值

string auth0Domain = ""; // Note: if your Domain is foo.auth0.com, this needs to be https://foo.auth0.com/
string auth0ClientId = "";
验证Auth0的令牌,如下所示:

IConfigurationManager<OpenIdConnectConfiguration> configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>($"{auth0Domain}.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
OpenIdConnectConfiguration openIdConfig = await configurationManager.GetConfigurationAsync(CancellationToken.None);

var validations = new TokenValidationParameters
{
    ValidIssuer = auth0Domain,
    ValidAudiences = new[] { auth0ClientId },
    IssuerSigningKeys = openIdConfig.SigningKeys
};

var user = tokenHandler.ValidateToken(idToken, validations, out var validatedToken);
资料来源:

信贷:@Nkosi

这里有一篇有趣的文章@Nkosi这正是我想要的。你能把那个链接贴出来作为答案吗?我会把它标为正确的。谢谢我建议您添加自己的答案,并参考本文,以帮助将来可能遇到此问题的其他人。@JohnnyOshika-如果您能更新您解决此问题的方法,我将非常高兴。据我所知,您应该找到一种方法来设置Auth0的“issuerSigningKey”,然后设置“ValidateIssuerSigningKey”应该work@TGN12请看下面我的答案…为什么手动操作而不使用“ValidateSuersigningKey”?这可以追溯到一年前,但我认为这是因为我无法使用
ValidateSuersigningKey
。见上面我的原始问题。