【问题标题】:C# Cannot sign JWT using certificateC# 无法使用证书签署 JWT
【发布时间】:2017-12-24 22:57:21
【问题描述】:

我正在使用 VS 2017 和 .NET 4.6.2 开发 C# Web Api MVC 项目,我想使用我的证书签署 JSON Web 令牌

这是我的代码:

using SolutionDOC_Common;
using SolutionDOC_Interface.Repository.Authentication;
using SolutionDOC_SDK.Model;
using System;
using System.Collections.Generic;
using System.Configuration;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Authentication;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using mit = Microsoft.IdentityModel.Tokens;

public string Build(Credentials credentials)
{
    string thumbprint = ConfigurationManager.AppSettings["CertificateThumbprint"];
    string tokenIssuer = ConfigurationManager.AppSettings["TokenIssuer"];
    string tokenAudience = ConfigurationManager.AppSettings["TokenAudience"];

    List<Claim> claims = new List<Claim>
    {
        new Claim(ClaimTypes.Name, credentials.Username),
        new Claim(ClaimTypes.Surname, credentials.Alias)
    };

    X509Certificate2 cert = CertificateUtility.GetCertificateByThumbprint(thumbprint);
    RSACryptoServiceProvider publicAndPrivate = (RSACryptoServiceProvider)cert.PublicKey.Key;

    JwtSecurityToken jwtToken = new JwtSecurityToken
    (
        issuer: tokenIssuer,
        audience: tokenAudience,
        claims: claims,
        signingCredentials: new mit.SigningCredentials(new mit.RsaSecurityKey(publicAndPrivate), mit.SecurityAlgorithms.RsaSha256Signature),
        expires: DateTime.Now.AddDays(30)
    );

    JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();

    // This throws the InvalidOperationException!
    string tokenString = tokenHandler.WriteToken(jwtToken);

    return tokenString;

    throw new AuthenticationException();
}

tokenHandler.WriteToken(jwtToken) 行抛出一个 InvalidOperationException 说明

'IDX10638:无法创建 SignatureProvider,'key.HasPrivateKey' 为 false,无法创建签名。密钥:Microsoft.IdentityModel.Tokens.RsaSecurityKey。'

相应证书的权限设置为 IIS_IUSRS 用户,因此它也可以读取私钥。该证书实际上是使用 IIS 生成的自签名证书,具有私钥。 指纹设置正确,因此我获得了正确的证书。 所以我正确地得到了X509Certificate2 对象。 X509Certificate2 对象的 PrivateKey 属性已填充。

为什么它不起作用?

【问题讨论】:

    标签: c# ssl rsa jwt x509certificate2


    【解决方案1】:

    好吧,即使您标记了变量publicAndPrivate,您显然也只提取了一个公钥。试试吧

    RSACryptoServiceProvider publicAndPrivate = (RSACryptoServiceProvider)cert.PrivateKey;
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2019-04-20
      • 2018-12-02
      • 2017-03-06
      • 2019-08-09
      • 2022-01-26
      相关资源
      最近更新 更多