[英]JWT Authentication in Web API using System.IdentityModel.Tokens.Jwt
I am trying to implement JWT token based authentication in Web API using System.IdentityModel.Tokens.Jwt and Identity. 我正在尝试使用System.IdentityModel.Tokens.Jwt和Identity在Web API中实现基于JWT令牌的身份验证。
Web.config Web.config文件
<appSettings>
<add key="issuer" value="http://localhost/" />
<add key="secret" value="IxrAjDoa2FqElO7IhrSrUJELhUckePEPVpaePlS_Xaw" />
</appSettings>
Though I was able to successfully able to implement and run the application with authentication, I am not sure what these settings are for. 尽管我能够成功地通过身份验证来实现和运行该应用程序,但是我不确定这些设置是做什么的。 What ever I given in issuer, still the application works as expected. 我在发卡行中给出的内容仍然可以按预期运行。 Can someone please provide some insights on issuer and secret? 有人可以提供一些有关发行人和机密的见解吗?
I am using postman to test the token and the API 我正在使用邮递员测试令牌和API
From the same site that you followed the tutorial ( Create a RESTful API with authentication using Web API and Jwt ) he says about the properties: 在与教程相同的站点( 使用Web API和Jwt创建具有身份验证的RESTful API )中,他谈到了这些属性:
Issuer - a unique identifier for the entity that issued the token (not to be confused with Entity Framework's entities) Secret - a secret key used to secure the token and prevent tampering 发行者-发行令牌的实体的唯一标识符(不要与Entity Framework的实体混淆)机密-用于保护令牌并防止篡改的密钥
But to try and explain this a little more precise: The issuer is basically the server or site or whatever that issues the token to the client. 但是要尝试更精确地解释一下:发行者基本上是服务器或站点,或者是向客户端发行令牌的任何人。 And the secret is something that the server (or whatever) knows about. 而秘密是服务器(或其他任何东西)知道的东西。 The secret can be used to create a signature that can verify that messages hasn't been altered on the way. 该机密可用于创建签名,以验证消息在途中没有被更改。 More on that on jwt.io JWT Secret : 有关jwt.io JWT Secret的更多信息:
To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. 要创建签名部分,您必须获取编码的标头,编码的有效载荷,机密,标头中指定的算法,并对其进行签名。
Hope this helps! 希望这可以帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.