[英]Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationMiddleware Warning: 0 : invalid bearer token received
每當用戶嘗試訪問受保護的api端點時,我都會收到此警告。 身份驗證工作正常,用戶似乎已通過身份驗證,但我一直無法弄清為什么此錯誤持續發生。 我在沒有啟用https / ssl的localhost開發服務器上運行此程序。 我可能會錯過一個不確定的步驟。 我實現了令牌認證以及使用自定義提供程序刷新令牌。 然后實現了用於生成令牌的自定義jwt格式。
這是應用程序輸出日志中的警告:
Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationMiddleware警告:0:收到無效的承載令牌
SimpleJWTFormat.cs :這指定jwt令牌的格式
public class SimpleJwtFormat : ISecureDataFormat<AuthenticationTicket>
{
private readonly string _issuer = string.Empty;
public SimpleJwtFormat(string issuer)
{
_issuer = issuer;
}
public string Protect(AuthenticationTicket data)
{
if (data == null)
{
throw new ArgumentNullException("data");
}
string audienceId = ConfigurationManager.AppSettings["as:AudienceId"];
string symmetricKeyAsBase64 = ConfigurationManager.AppSettings["as:AudienceSecret"];
var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64);
//var signingKey = new HmacSigningCredentials(keyByteArray);
var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(keyByteArray);
securityKey.KeyId = ConfigurationManager.AppSettings["as:AudienceId"];
var signingCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
var issued = data.Properties.IssuedUtc;
var expires = data.Properties.ExpiresUtc;
var token = new JwtSecurityToken(_issuer, audienceId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingCredentials);
//token.SigningKey = securityKey;
var handler = new JwtSecurityTokenHandler();
var jwt = handler.WriteToken(token);
return jwt;
}
public AuthenticationTicket Unprotect(string protectedText)
{
string symmetricKeyAsBase64 = ConfigurationManager.AppSettings["as:AudienceSecret"];
string audienceId = ConfigurationManager.AppSettings["as:AudienceId"];
var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64);
var signingKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(keyByteArray);
var tokenValidationParameters = new TokenValidationParameters
{
ValidAudience = audienceId,
ValidIssuer = _issuer,
IssuerSigningKey = signingKey,
ValidateLifetime = true,
ValidateAudience = true,
ValidateIssuer = true,
RequireSignedTokens = true,
RequireExpirationTime = true,
ValidateIssuerSigningKey = true
};
var handler = new JwtSecurityTokenHandler();
SecurityToken token = null;
// Unpack token
var pt = handler.ReadToken(protectedText);
string t = ((JwtSecurityToken)pt).RawData;
var principal = handler.ValidateToken(t, tokenValidationParameters, out token);
var identity = principal.Identities;
return new AuthenticationTicket(identity.First(), new AuthenticationProperties());
}
}
問題是我沒有在Startup.cs文件中調用app.UseOAuthBearerAuthentication並指定自定義令牌格式。
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
AccessTokenFormat = _tokenFormat
});
Microsoft.Owin.Security.Oauth承載令牌授權攔截
[英]Microsoft.Owin.Security.Oauth Bearer Token Authorization Interception
通過asp.net Microsoft.Owin.Security.OAuth獲取訪問令牌
[英]get access token via asp.net Microsoft.Owin.Security.OAuth
Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider - clientId 和 clientSecret 在嘗試從 Postman 生成令牌時出現 null
[英]Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider - clientId and clientSecret coming null while trying to generate token from Postman
ThinkTecture IdentityServer3與Microsoft.Owin.Security.OAuth2
[英]ThinkTecture IdentityServer3 vs Microsoft.Owin.Security.OAuth2
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.