【问题标题】:IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifierIDX10500:签名验证失败。无法解析 SecurityKeyIdentifier
【发布时间】:2015-06-04 22:06:35
【问题描述】:

尝试验证令牌时出现以下异常的原因可能是什么。

TokenValidationParameters validationParameters = new TokenValidationParameters();

validationParameters.ValidIssuers = new List<string>() { "http://www.company.com" };

validationParameters.IssuerSigningToken = new RsaSecurityToken(
  (System.Security.Cryptography.RSACryptoServiceProvider) Certificate.Get().PublicKey.Key);

SecurityToken securityToken = null;

var claimsPrincipal = 
    (FederatedAuthentication
      .FederationConfiguration
      .IdentityConfiguration
      .SecurityTokenHandlers
      .First() as JwtSecurityTokenHandler)
      .ValidateToken(tokenString, validationParameters, out securityToken);

错误

IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 
          'SecurityKeyIdentifier
    (
      IsReadOnly = False,
      Count = 2,
      Clause[0] = X509ThumbprintKeyIdentifierClause(
                    Hash = 0x6B7ACC520305BFDB4F7252DAEB2177CC091FAAE1),
    Clause[1] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause
    )
', 
token: '{"typ":"JWT","alg":"RS256","

【问题讨论】:

标签: c# .net security wcf-security jwt


【解决方案1】:

根据错误,我认为您需要添加 x509 安全密钥或凭据,如下所示:

var credentials = new X509CertificateCredentials(
    Certificate.Get(),
    new SecurityKeyIdentifier(
        new NamedKeySecurityKeyIdentifierClause(
            "kid",
            "6B7ACC520305BFDB4F7252DAEB2177CC091FAAE1")));

例如这部分:

new SecurityKeyIdentifier(
        new NamedKeySecurityKeyIdentifierClause(
            "kid",
            "6B7ACC520305BFDB4F7252DAEB2177CC091FAAE1")

另外,请确保您的证书已安装在您的根存储中。

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2020-06-23
    • 1970-01-01
    • 2018-03-15
    • 1970-01-01
    • 1970-01-01
    • 2020-03-10
    • 2018-02-19
    相关资源
    最近更新 更多