JWT令牌與System.IdentityModel.Tokens.Jwt版本5.1.4

Question

我正在使用以下代碼來生成JWT令牌。

 string audienceId = "099153c2625149bc8ecb3e85e03f0022"; 
     string secretKey = "IxrAjDoa2FqElO7IhrSrUJELhUckePEPVpaePlS_Xaw"; 
     var keyByteArray = TextEncodings.Base64Url.Decode(secretKey); 

     var issued = data.Properties.IssuedUtc; 
     var expires = data.Properties.ExpiresUtc; 

     IList<Claim> claimCollection = new List<Claim> 
     { 
      new Claim(ClaimTypes.Name, "Test") 
      , new Claim(ClaimTypes.Country, "Sweden") 
      , new Claim(ClaimTypes.Gender, "M") 
      , new Claim(ClaimTypes.Surname, "Nemes") 
      , new Claim(ClaimTypes.Email, "hello@me.com") 
      , new Claim(ClaimTypes.Role, "IT") 
     }; 

     var tokenDescriptor = new SecurityTokenDescriptor 
     { 
      Subject = new ClaimsIdentity(claimCollection), 
      Issuer = _issuer, 
      Audience = audienceId, 
      Expires = expires.Value.DateTime, 
      SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(keyByteArray), SecurityAlgorithms.HmacSha256) 
     }; 
     var tokenHandler = new JwtSecurityTokenHandler(); 

     var securityToken = tokenHandler.CreateToken(tokenDescriptor); 
     return tokenHandler.WriteToken(securityToken);` 

如果我在https://jwt.io/驗證所生成的代碼事實證明無效的簽名。

正在使用以下來驗證令牌。

 var token = new JwtSecurityToken(model.Token); 
     string ClientId = "099153c2625149bc8ecb3e85e03f0022"; 
     string Base64Secret = "IxrAjDoa2FqElO7IhrSrUJELhUckePEPVpaePlS_Xaw"; 
     var keyByteArray = TextEncodings.Base64Url.Decode(Base64Secret); 

     var validationParameters = new TokenValidationParameters 
     { 
      IssuerSigningKey = new SymmetricSecurityKey(keyByteArray), 
      ValidIssuer = "CBEAE4B7-A490-430A-85C7-865D051C21E6", 
      ValidAudience = ClientId 
     }; 

     var tokenHandler = new JwtSecurityTokenHandler(); 

     SecurityToken validatedToken; 
     ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(model.Token, validationParameters, out validatedToken); 

我收到異常作爲無效簽名。 最新版本的System.IdentityModel.Tokens.Jwt（版本5.1.4）的文檔非常少。請注意我也不能降級DLL。

我不知道我哪裏出錯了。感謝任何幫助。

Answer 1

嘗試使用不同解碼器對您的驗證通過虹膜here

的建議我的情況是我有一個ASP.NET JWT AuthorizationServer與ASPNET CORE JWT ResourceServer和下面的代碼爲我工作的認證需要。

public static class Base64UrlTextEncoder /*: ITextEncoder*/ 
    { 
     public static string Encode(byte[] data) 
     { 
      if (data == null) 
      { 
       throw new ArgumentNullException("data"); 
      } 

      return Convert.ToBase64String(data).TrimEnd('=').Replace('+', '-').Replace('/', '_'); 
     } 

     public static byte[] Decode(string text) 
     { 
      if (text == null) 
      { 
       throw new ArgumentNullException("text"); 
      } 

      return Convert.FromBase64String(Pad(text.Replace('-', '+').Replace('_', '/'))); 
     } 

     private static string Pad(string text) 
     { 
      var padding = 3 - ((text.Length + 3) % 4); 
      if (padding == 0) 
      { 
       return text; 
      } 
      return text + new string('=', padding); 
     } 
    } 

使用

var base64key = Base64UrlTextEncoder.Decode("IxrAjDoa2FqElO7IhrSrUJELhUckePEPVpaePlS_Xaw"); 
var issuerSigningKey = new SymmetricSecurityKey(base64key);