堆栈内存溢出
  简体   繁体   English

WOPI Token - 秘钥

[英]WOPI Token - Secret Key

 原文  2022-04-07 09:43:34       c#/ .net-core/ jwt/ secret-key/ ms-wopi

问题描述

I'm trying to implement WOPI on my application but im having a hard time to find the secret key to generate a token see below image for the sample code from github我正在尝试在我的应用程序上实施 WOPI,但我很难找到生成令牌的密钥,请参见下图 github 中的示例代码

Generate Token code:生成令牌代码:

public SecurityToken GenerateAccessToken(string userId, string resourceId)
    {
        var user = _userDatabase[userId];

        var tokenDescriptor = new SecurityTokenDescriptor
        {
            Subject = user.Identities.FirstOrDefault(),
            Expires = DateTime.UtcNow.AddHours(1), //access token ttl: https://wopi.readthedocs.io/projects/wopirest/en/latest/concepts.html#term-access-token-ttl
            SigningCredentials = new SigningCredentials(Key, SecurityAlgorithms.HmacSha256)
        };

        return _tokenHandler.CreateToken(tokenDescriptor);
    }

Get Key , the sample below is just a dummy key but there's no guide where to get it获取密钥,下面的示例只是一个虚拟密钥,但没有指南从哪里获取它

private SymmetricSecurityKey Key
    {
        get
        {
            if (_key is null)
            {
                //RandomNumberGenerator rng = RandomNumberGenerator.Create();
                //byte[] key = new byte[128];
                //rng.GetBytes(key);
                var key = Encoding.ASCII.GetBytes("secretKeysecretKeysecretKey123"/* + new Random(DateTime.Now.Millisecond).Next(1,999)*/);
                _key = new SymmetricSecurityKey(key);
            }

            return _key;
        }
    }

Im using this GitHub below for the reference https://github.com/petrsvihlik/WopiHost/blob/5a1c78a9102d56b62e8023c2c045d6f056008ed2/WopiHost.FileSystemProvider/WopiSecurityHandler.cs#L66我使用下面的 GitHub 作为参考https://github.com/petrsvihlik/WopiHost/blob/5a1c78a9102d56b62e8023c2c045d6f056008ed2/WopiHost.FileSystemProvider/WopiSecurityHandler.cs#L66

1 个解决方案

解决方案1
 0  2022-04-18 16:07:45

The implementation of the key validation is intentionally left up to the developer here.此处有意将密钥验证的实现留给开发人员。 You can use the preconfigured SecurityAlgorithms.HmacSha256 or you can swap it with an asymmetric algorithm.您可以使用预配置的SecurityAlgorithms.HmacSha256 ,也可以将其替换为非对称算法。

If you wish to continue using the symmetric key, the idea is to configure the environment with the key.如果您希望继续使用对称密钥,想法是使用密钥配置环境。 So you can put your secret key in the environment variables and replace secretKeysecretKeysecretKey123 with System.Environment.GetEnvironmentVariable("WOPI_SECRET") .因此,您可以将密钥放入环境变量中,并将secretKeysecretKeysecretKey123替换为System.Environment.GetEnvironmentVariable("WOPI_SECRET")

However, this part of the OS project is not quite finalized so it may require a little more work here and there.然而,操作系统项目的这一部分还没有完全完成,因此可能需要多做一些工作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 访问令牌密钥和秘密在DropNet中不起作用 - Access token key and secret not working in DropNet oAuth令牌认证 - 使用相同的密钥 - oAuth Token Authentication - using same secret key 任何人都可以在没有密钥的情况下解码JSON Web令牌(JWT)吗? - Can anybody decode a JSON Web Token (JWT) without a secret key? 如何从WAC Office Server生成WOPI访问令牌 - How to generate WOPI Access Token from WAC Office Server 即使具有有效的令牌凭证,桌面应用程序也需要OAuth客户端凭证(密钥+机密) - OAuth client credentials (key + secret) needed in a desktop app even with valid token credentials 为JWT生成密钥? - Generate a secret key for JWT? 使用Amazon Web Services保守秘密密钥 - Keeping a secret key secret with Amazon Web Services 从 AWS Secret Manager 访问密钥 - Access secret key from AWS Secret Manager Dropbox api“USER TOKEN”,“USER SECRET” - Dropbox api “USER TOKEN”, “USER SECRET” 可以安全地在应用程序中包含秘密令牌吗? - Can a secret token be included with an app securely?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM