无法从 JwtSecurityToken 获取签名
Can't get Signature from JwtSecurityToken
我正在尝试在 .NET 中使用 JWT 身份验证,我需要的结果如下所示:
Header:
{"alg":"HS512"}
有效载荷:
{"sub":"SomeSubject","nbf":1458315105,"exp":1458316305,"iat":1458315705}
我编写了以下代码来获取 JWT 签名令牌:
public async Task<string> GetJWTToken(string user)
{
var now = DateTime.UtcNow;
JwtHeader jwtHeader = new JwtHeader();
jwtHeader.Add("alg", JwtAlgorithms.HMAC_SHA512);
JwtPayload payload = new JwtPayload();
payload.Add("sub", user);
payload.Add("exp", ConvertToUnixTimestamp( now.AddMinutes(10)));
payload.Add("nbf",ConvertToUnixTimestamp(now.AddMinutes(-10)));
payload.Add("iat",ConvertToUnixTimestamp(now));
JwtSecurityToken toekn = new JwtSecurityToken(jwtHeader, payload);
SigningCredentials cred = new SigningCredentials(new InMemorySymmetricSecurityKey(Encoding.UTF8.GetBytes("SomeKey")), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512", "http://www.w3.org/2001/04/xmlenc#sha512");
//what's next?
return finalResult;
}
使用此代码,我只得到 Header 和有效载荷加密,我没有得到签名。我看了很多地方,但找不到产生类似有效负载和 header 的示例。
1- 如何将签名凭证添加到 toeken ;无法设置 SigningCredentials、SigningToken 和 SigningKeys。不确定签名凭据应该放在哪里。
2-之后Signature是怎么产生的?
以下代码展示了如何创建 JWT 令牌,其中 "Certificate" 可以是自签名证书。
public JwtTokenProvider(string authority)
{
_authority = authority;
}
public async Task<TokenResult> GetTokenAsync(string clientId, string resource)
{
return await Task.FromResult(new TokenResult
{
AccessTokenType = "Bearer",
IdToken = CreateJwt(clientId, resource)
});
}
private string CreateJwt(string clientId, string resource)
{
var certificate = new X509Certificate2(Resource.notification, CertPassword);
var sub = new System.Security.Claims.Claim("sub", clientId);
var jti = new System.Security.Claims.Claim("jti", Guid.NewGuid().ToString());
var claims = new List<System.Security.Claims.Claim>() { sub, jti };
var x509Key = new X509AsymmetricSecurityKey(certificate);
var signingCredentials = new SigningCredentials(x509Key, SecurityAlgorithms.RsaSha256Signature,
SecurityAlgorithms.Sha256Digest);
var jwt = new JwtSecurityToken(_authority, resource, claims,
DateTime.UtcNow,
DateTime.UtcNow.AddMinutes(ExpirationInMinutes), signingCredentials);
var sign = new SignatureProviderFactory();
var provider = sign.CreateForSigning(x509Key, SecurityAlgorithms.RsaSha256Signature);
var input = string.Join(".", new[] { jwt.EncodedHeader, jwt.EncodedPayload });
var signed = provider.Sign(Encoding.UTF8.GetBytes(input));
sign.ReleaseProvider(provider);
return string.Join(".", new[] { jwt.EncodedHeader, jwt.EncodedPayload, Base64UrlEncoder.Encode(signed) });
}
我正在尝试在 .NET 中使用 JWT 身份验证,我需要的结果如下所示:
Header:
{"alg":"HS512"}
有效载荷:
{"sub":"SomeSubject","nbf":1458315105,"exp":1458316305,"iat":1458315705}
我编写了以下代码来获取 JWT 签名令牌:
public async Task<string> GetJWTToken(string user)
{
var now = DateTime.UtcNow;
JwtHeader jwtHeader = new JwtHeader();
jwtHeader.Add("alg", JwtAlgorithms.HMAC_SHA512);
JwtPayload payload = new JwtPayload();
payload.Add("sub", user);
payload.Add("exp", ConvertToUnixTimestamp( now.AddMinutes(10)));
payload.Add("nbf",ConvertToUnixTimestamp(now.AddMinutes(-10)));
payload.Add("iat",ConvertToUnixTimestamp(now));
JwtSecurityToken toekn = new JwtSecurityToken(jwtHeader, payload);
SigningCredentials cred = new SigningCredentials(new InMemorySymmetricSecurityKey(Encoding.UTF8.GetBytes("SomeKey")), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512", "http://www.w3.org/2001/04/xmlenc#sha512");
//what's next?
return finalResult;
}
使用此代码,我只得到 Header 和有效载荷加密,我没有得到签名。我看了很多地方,但找不到产生类似有效负载和 header 的示例。
1- 如何将签名凭证添加到 toeken ;无法设置 SigningCredentials、SigningToken 和 SigningKeys。不确定签名凭据应该放在哪里。
2-之后Signature是怎么产生的?
以下代码展示了如何创建 JWT 令牌,其中 "Certificate" 可以是自签名证书。
public JwtTokenProvider(string authority)
{
_authority = authority;
}
public async Task<TokenResult> GetTokenAsync(string clientId, string resource)
{
return await Task.FromResult(new TokenResult
{
AccessTokenType = "Bearer",
IdToken = CreateJwt(clientId, resource)
});
}
private string CreateJwt(string clientId, string resource)
{
var certificate = new X509Certificate2(Resource.notification, CertPassword);
var sub = new System.Security.Claims.Claim("sub", clientId);
var jti = new System.Security.Claims.Claim("jti", Guid.NewGuid().ToString());
var claims = new List<System.Security.Claims.Claim>() { sub, jti };
var x509Key = new X509AsymmetricSecurityKey(certificate);
var signingCredentials = new SigningCredentials(x509Key, SecurityAlgorithms.RsaSha256Signature,
SecurityAlgorithms.Sha256Digest);
var jwt = new JwtSecurityToken(_authority, resource, claims,
DateTime.UtcNow,
DateTime.UtcNow.AddMinutes(ExpirationInMinutes), signingCredentials);
var sign = new SignatureProviderFactory();
var provider = sign.CreateForSigning(x509Key, SecurityAlgorithms.RsaSha256Signature);
var input = string.Join(".", new[] { jwt.EncodedHeader, jwt.EncodedPayload });
var signed = provider.Sign(Encoding.UTF8.GetBytes(input));
sign.ReleaseProvider(provider);
return string.Join(".", new[] { jwt.EncodedHeader, jwt.EncodedPayload, Base64UrlEncoder.Encode(signed) });
}