堆栈内存溢出
  简体   繁体   English

.NET 生成无效的 JWT 令牌

[英].NET generating invalid JWT tokens

 原文  2020-01-22 12:48:54       c#/ asp.net-mvc/ jwt/ asp.net-apicontroller/ identitymodel

问题描述

I am generating a JWT token in my WindowsService using IdentityModel.Tokens.Jwt, like so:我正在使用 IdentityModel.Tokens.Jwt 在我的 WindowsService 中生成一个 JWT 令牌,如下所示:

private JwtSecurityToken GetJwtToken()
    {
        var symmetricSecurityKey = new SymmetricSecurityKey(Convert.FromBase64String(_secretKey));
        var signingCredentials = new SigningCredentials(symmetricSecurityKey, SecurityAlgorithms.HmacSha256Signature);
        return new JwtSecurityToken(
            "myIssuer",
            expires: DateTime.Now.AddMinutes(15),
            signingCredentials: signingCredentials
        );
    }

Then, I am writing that token with JwtSecurityTokenHandler and sending it in a request to a WebAPI controller:然后,我使用JwtSecurityTokenHandler编写该令牌并将其发送到 WebAPI 控制器的请求中:

//some code...
// _tokenHandler below is a JwtSecurityTokenHandler
_httpClient.DefaultRequestHeaders.Add("jwtToken", _tokenHandler.WriteToken(GetJwtToken()));
HttpResponseMessage response = await _httpClient.GetAsync(url);
//...

And on the API side, I am trying to validate the token:在 API 方面,我正在尝试验证令牌:

public bool Authenticate(string token)
    {
        if (string.IsNullOrEmpty(token))
            throw new ArgumentEmptyException(nameof(token));

        TokenValidationParameters parameters = new TokenValidationParameters
        {
            ValidIssuer = "myIssuer",
            ValidateIssuer = true,
            ValidateLifetime = true,
            IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(SecretKey))
        };

        try
        {
            new JwtSecurityTokenHandler().ValidateToken(token, parameters, out SecurityToken validatedToken);
            return true;
        }
        catch (SecurityTokenException)
        {
            return false;
        }
    }
}

This throws an error below:这会引发以下错误:

IDX12741: JWT: '[PII is hidden. IDX12741:JWT:'[PII 已隐藏。 For more details, see https://aka.ms/IdentityModel/PII.] ' must have three segments (JWS) or five segments (JWE).'有关更多详细信息,请参阅https://aka.ms/IdentityModel/PII。] ' 必须具有三段 (JWS) 或五段 (JWE)。

And an example of a generated token, which actually looks like two tokens sent at once, which is baffling me:还有一个生成令牌的例子,它实际上看起来像一次发送两个令牌,这让我感到困惑:

eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNobWFjLXNoYTI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1Nzk2OTc3NzUsImlzcyI6Im15SXNzdWVyIn0.g9Mw7FijNzAzGofll5E44B8cJtOozln3nUjHKgnkdTs,

eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNobWFjLXNoYTI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1Nzk2OTc3ODAsImlzcyI6Im15SXNzdWVyIn0.Noc3lC0h_ryH6axlQJ2Kk2a8wcp5eQ0QhBqidfjuujo

Any advice?有什么建议吗?

1 个解决方案

解决方案1
 1 已采纳  2020-01-24 12:39:12

The JWT token was generated correctly, the problem was in a shared instance of HttpClient. JWT 令牌生成正确,问题出在 HttpClient 的共享实例中。 Each consecutive call added to the DefaultRequestHeaders jwtToken value.每个连续调用都添加到 DefaultRequestHeaders jwtToken 值中。

When I added logic to reset the value before adding new token, it worked:当我在添加新令牌之前添加逻辑来重置值时,它起作用了:

_httpClient.DefaultRequestHeaders.Remove("jwtToken"); // new
_httpClient.DefaultRequestHeaders.Add("jwtToken", _tokenHandler.WriteToken(GetJwtToken()));

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 C# .NET 中创建和验证 JWT 令牌 - Creating And Validating JWT Tokens In C# .NET 天冬氨酸。 净5. Jwt令牌撤销 - Asp. Net 5. Jwt tokens revocation .NET JWT 接受过期令牌的实现 - .NET JWT Implementation accepting expired tokens 在基于 .Net 4.0 的应用程序中解码 JWT 令牌 - Decode JWT tokens in .Net 4.0 based Application .net 框架,OWIN 并获得 JWT 令牌 - .net Framework, OWIN and getting JWT tokens JWT .NET 库中的无效签名 - JWT Invalid Signatures in .NET libraries 无法在.net mvc和angular中生成csrf令牌 - Trouble generating csrf tokens in .net mvc and angular ASP NET核心JWT身份验证允许过期的令牌 - ASP NET Core JWT authentication allows expired tokens ASP.NET 核心 API 使用 JWT 不记名令牌进行身份验证 - ASP.NET Core API authenticate using JWT bearer tokens 如何在 .NET Core 中为 JWT 令牌设计自定义验证器? - How to design a custom validator for JWT tokens in .NET Core?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM