【发布时间】:2017-12-24 22:57:21
【问题描述】:
我正在使用 VS 2017 和 .NET 4.6.2 开发 C# Web Api MVC 项目,我想使用我的证书签署 JSON Web 令牌。
这是我的代码:
using SolutionDOC_Common;
using SolutionDOC_Interface.Repository.Authentication;
using SolutionDOC_SDK.Model;
using System;
using System.Collections.Generic;
using System.Configuration;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Authentication;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using mit = Microsoft.IdentityModel.Tokens;
public string Build(Credentials credentials)
{
string thumbprint = ConfigurationManager.AppSettings["CertificateThumbprint"];
string tokenIssuer = ConfigurationManager.AppSettings["TokenIssuer"];
string tokenAudience = ConfigurationManager.AppSettings["TokenAudience"];
List<Claim> claims = new List<Claim>
{
new Claim(ClaimTypes.Name, credentials.Username),
new Claim(ClaimTypes.Surname, credentials.Alias)
};
X509Certificate2 cert = CertificateUtility.GetCertificateByThumbprint(thumbprint);
RSACryptoServiceProvider publicAndPrivate = (RSACryptoServiceProvider)cert.PublicKey.Key;
JwtSecurityToken jwtToken = new JwtSecurityToken
(
issuer: tokenIssuer,
audience: tokenAudience,
claims: claims,
signingCredentials: new mit.SigningCredentials(new mit.RsaSecurityKey(publicAndPrivate), mit.SecurityAlgorithms.RsaSha256Signature),
expires: DateTime.Now.AddDays(30)
);
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
// This throws the InvalidOperationException!
string tokenString = tokenHandler.WriteToken(jwtToken);
return tokenString;
throw new AuthenticationException();
}
tokenHandler.WriteToken(jwtToken) 行抛出一个 InvalidOperationException 说明
'IDX10638:无法创建 SignatureProvider,'key.HasPrivateKey' 为 false,无法创建签名。密钥:Microsoft.IdentityModel.Tokens.RsaSecurityKey。'
相应证书的权限设置为 IIS_IUSRS 用户,因此它也可以读取私钥。该证书实际上是使用 IIS 生成的自签名证书,具有私钥。
指纹设置正确,因此我获得了正确的证书。
所以我正确地得到了X509Certificate2 对象。 X509Certificate2 对象的 PrivateKey 属性已填充。
为什么它不起作用?
【问题讨论】:
标签: c# ssl rsa jwt x509certificate2