【发布时间】:2020-05-18 13:19:58
【问题描述】:
这就是我在后端验证 JWT 不记名令牌的方式:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Authority = $"https://{Configuration["Auth0:Authority"]}";
options.Audience = Configuration["Auth0:Audience"];
});
它工作正常,因为 .Net 核心与权威机构协商以获取所需的信息(例如签名密钥)。在我的情况下,它通过 https://
问题是当我将应用程序部署在无法访问 Internet 的 Intranet 中时,我的应用程序无法与 Auth0 服务器通信。这是我得到的错误:
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://< My TENANT >.auth0.com/.well-known/openid-configuration'.
我尝试手动输入 RSA 密钥,但运气不佳,同样的错误:
AddJwtBearer(options =>
{
options.Authority = $"https://{Configuration["Auth0:Domain"]}";
options.Audience = Configuration["Auth0:Audience"];
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateLifetime = true,
RequireSignedTokens = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = GetRsaKey(),
};
});
private SecurityKey GetRsaKey()
{
byte[] modulus = Decode("r5cpJ....-fUGjJCH1QQ");
byte[] exponent = Decode("A...AB");
var rsaParameters = new RSAParameters
{
Modulus = modulus,
Exponent = exponent
};
using var rsaProvider = new RSACryptoServiceProvider();
rsaProvider.ImportParameters(rsaParameters);
return new RsaSecurityKey(rsaProvider);
}
有什么解决方法吗?
【问题讨论】:
-
使用 keycloak 开源 SSO 作为 JWT Token 验证器。简单又安全
标签: asp.net-core jwt openid-connect