【问题标题】:Can't get Signature from JwtSecurityToken无法从 JwtSecurityToken 获取签名
【发布时间】:2016-07-08 12:33:33
【问题描述】:

我正在尝试在 .NET 中使用 JWT 身份验证,我需要结果如下所示:

标题: {"alg":"HS512"}

有效载荷:

{"sub":"SomeSubject","nbf":1458315105,"exp":1458316305,"iat":1458315705}

我编写了以下代码来获取 JWT 签名令牌:

 public async Task<string> GetJWTToken(string user)
        {
            var now = DateTime.UtcNow;

            JwtHeader jwtHeader = new JwtHeader();

            jwtHeader.Add("alg", JwtAlgorithms.HMAC_SHA512);

            JwtPayload payload = new JwtPayload();
            payload.Add("sub", user);
            payload.Add("exp", ConvertToUnixTimestamp( now.AddMinutes(10)));
            payload.Add("nbf",ConvertToUnixTimestamp(now.AddMinutes(-10)));
            payload.Add("iat",ConvertToUnixTimestamp(now));

            JwtSecurityToken toekn = new JwtSecurityToken(jwtHeader, payload);
            SigningCredentials cred = new SigningCredentials(new InMemorySymmetricSecurityKey(Encoding.UTF8.GetBytes("SomeKey")), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512", "http://www.w3.org/2001/04/xmlenc#sha512");

            //what's next? 
            return finalResult;
          }

使用此代码,我只加密了 Header 和 Payload,我没有得到签名。我查看了很多地方,但找不到产生类似有效负载和标头的示例。

1- 如何将签名凭据添加到 toeken ;无法设置 SigningCredentials、SigningToken 和 SigningKeys。不确定签名凭据应该放在哪里。

2- 之后,签名是如何产生的?

【问题讨论】:

    标签: c# .net oauth jwt


    【解决方案1】:

    以下代码展示了如何创建 JWT 令牌,其中“证书”可以是自签名证书。

        public JwtTokenProvider(string authority)
        {
            _authority = authority;
        }
        public async Task<TokenResult> GetTokenAsync(string clientId, string resource)
        {
            return await Task.FromResult(new TokenResult
            {
                AccessTokenType = "Bearer",
                IdToken = CreateJwt(clientId, resource)
            });
        }
        private string CreateJwt(string clientId, string resource)
        {
            var certificate = new X509Certificate2(Resource.notification, CertPassword);
            var sub = new System.Security.Claims.Claim("sub", clientId);
            var jti = new System.Security.Claims.Claim("jti", Guid.NewGuid().ToString());
            var claims = new List<System.Security.Claims.Claim>() { sub, jti };
            var x509Key = new X509AsymmetricSecurityKey(certificate);
            var signingCredentials = new SigningCredentials(x509Key, SecurityAlgorithms.RsaSha256Signature,
                SecurityAlgorithms.Sha256Digest);
            var jwt = new JwtSecurityToken(_authority, resource, claims,
                DateTime.UtcNow,
                DateTime.UtcNow.AddMinutes(ExpirationInMinutes), signingCredentials);
            var sign = new SignatureProviderFactory();
            var provider = sign.CreateForSigning(x509Key, SecurityAlgorithms.RsaSha256Signature);
            var input = string.Join(".", new[] { jwt.EncodedHeader, jwt.EncodedPayload });
            var signed = provider.Sign(Encoding.UTF8.GetBytes(input));
            sign.ReleaseProvider(provider);
            return string.Join(".", new[] { jwt.EncodedHeader, jwt.EncodedPayload, Base64UrlEncoder.Encode(signed) });
        }
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2015-08-23
      • 2018-07-09
      • 2016-01-20
      • 2020-11-19
      • 1970-01-01
      • 2014-08-13
      • 2016-09-26
      相关资源
      最近更新 更多