Azure b2c 错误:IDX10501:签名验证失败。 无法匹配密钥:孩子:'gLv****************'
[英]Azure b2c error: IDX10501: Signature validation failed. Unable to match key: kid: 'gLv****************'
问题描述
I am authenticating asp.net mvc app against azure b2c, following startup.cs file code details:
我正在针对 azure b2c 验证 asp.net mvc 应用程序,遵循 startup.cs 文件代码详细信息:
public void ConfigureAuth(IAppBuilder app)
{
IdentityModelEventSource.ShowPII = true;
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// Generate the metadata address using the tenant and policy information
MetadataAddress = String.Format(Globals.WellKnownMetadata, Globals.Tenant, Globals.DefaultPolicy),
// These are standard OpenID Connect parameters, with values pulled from web.config
ClientId = Globals.ClientId,
RedirectUri = Globals.RedirectUri,
PostLogoutRedirectUri = Globals.RedirectUri,
// Specify the callbacks for each type of notifications
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
AuthorizationCodeReceived = OnAuthorizationCodeReceived,
AuthenticationFailed = OnAuthenticationFailed,
},
// Specify the claim type that specifies the Name property.
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
ValidateIssuer = false
},
// Specify the scope by appending all of the scopes requested into one string (separated by a blank space)
Scope = $"openid profile offline_access {Globals.ReadTasksScope} {Globals.WriteTasksScope}"
});
}
Its giving below error when using custom policy: IDX10501: Signature validation failed.使用自定义策略时出现以下错误:IDX10501:签名验证失败。 Unable to match key: kid: 'gL****************'.无法匹配密钥:kid:'gL****************'。 Exceptions caught: ''.捕获的异常:''。 token: typ":"JWT","alg":"RS256","kid":"gL****************"}. {"exp":1599625561,"nbf":1599621961,"ver":"1.0","iss":......................}令牌:typ":"JWT","alg":"RS256","kid":"gL****************"}。{"exp":1599625561," nbf":1599621961,"ver":"1.0","iss":................................}
I have verified this key and token exactly same as I am getting from https://jwt.ms .我已验证此密钥和令牌与我从https://jwt.ms获得的完全相同。 Its only throwing error while I am using custom policy, if I use built in policy its working as expected.当我使用自定义策略时,它唯一的抛出错误,如果我使用内置策略,它会按预期工作。
Any help what is missing here?任何帮助这里缺少什么?
Thanks.谢谢。
2 个解决方案
解决方案1
0 已采纳 2020-09-13 12:43:03
As confirmed, it was problem with Signing key and Encryption key in your custom policy.经确认,您的自定义策略中的签名密钥和加密密钥存在问题。 Creating both correctly fixed the issue. 创建两者都正确解决了问题。
Create the signing key
- Select Policy Keys and then select Add.
- For Options, choose Generate.
- In Name, enter TokenSigningKeyContainer.
- For Key type, select RSA.
- For Key usage, select Signature.
- Select Create.
Create the encryption key
- Select Policy Keys and then select Add.
- For Options, choose Generate.
- In Name, enter TokenEncryptionKeyContainer.
- For Key type, select RSA.
- For Key usage, select Encryption.
- Select Create.
解决方案2
0 2021-11-19 03:18:46
我不得不重新创建我的签名密钥,出于某种原因,现有的密钥不适用于新政策(它仍然适用于现有政策)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.