您需要使用相同的audienceId和受衆密碼創建不記名令牌(或jwt令牌);這兩種機器都可以正確驗證它們。
我使用,讓他們在我的web.config文件中,例如像這樣:
<add key="as:AudienceId" value="localhost" />
<add key="as:AudienceSecret" value="YVZQUXd6VTZnWkpiR28wV0ROSTZCUzl1RzRRYTRnSDE=" />
然後你可以用它們來生成您的JWT令牌:
internal class CustomJwtFormat : ISecureDataFormat<AuthenticationTicket>
{
private readonly string _audienceId = SettingsProvider.CurrentAudienceId;
private readonly string _issuer = SettingsProvider.CurrentIssuer;
private readonly string _symmetricKeyAsBase64 = SettingsProvider.CurrentAudienceSecret;
public String Protect(AuthenticationTicket data)
{
if (data == null)
{
throw new ArgumentNullException("data");
}
var keyByteArray = TextEncodings.Base64Url.Decode(_symmetricKeyAsBase64);
var signingKey = new HmacSigningCredentials(keyByteArray);
var issued = data.Properties.IssuedUtc;
var expires = data.Properties.ExpiresUtc;
var token = new JwtSecurityToken(_issuer, _audienceId, data.Identity.Claims, issued.Value.UtcDateTime,
expires.Value.UtcDateTime, signingKey);
var handler = new JwtSecurityTokenHandler();
var jwt = handler.WriteToken(token);
return jwt;
}
public AuthenticationTicket Unprotect(String protectedText)
{
throw new NotImplementedException();
}
}
其次,您需要在所有Web場機器上的web.config中使用相同的機器密鑰,如下所示:
<machineKey validationKey="9E7EB24C628533D0F2A0B8CE2E740DD524472EA4A68C21325D007D15ED22E7DF81300BBE2AC70B6259CB41F22FA95AAFECA5BE8D72D8F7A80F13FCECE49DFFC1" decryptionKey="340A7B141479D146A50B59FAF7E4DD7218D6310B8D121178FFE3CE2AC198CD34" validation="SHA1" decryption="AES" />