1. 首頁
  2. 問答
  3. 無法從securityToken創建索賠,'issuer'爲空或空c#

無法從securityToken創建索賠,'issuer'爲空或空c#

2017-04-25 18 views
1

我試圖實現JWT令牌驗證 但嘗試ClaimPrincipal獲取異常。無法從securityToken創建索賠,'issuer'爲空或空c#

無法創建securityToken要求,「發行人」爲空或空

我沒有得到究竟是錯在下面的代碼

public static string GenrateToken(string userId, string deviceId) 
      { 
       var time = DateTime.UtcNow; 
       var symmetricKey = Convert.FromBase64String(Secret); 
       var tokenHandler = new JwtSecurityTokenHandler(); 
       SecurityKey securityKey = new InMemorySymmetricSecurityKey(symmetricKey); 
       var now = DateTime.UtcNow; 
       var expiry = now.AddHours(24); 
       var tokenDescriptor = new SecurityTokenDescriptor 
       { 
        Subject = new ClaimsIdentity(new[] 
          {new Claim("userId", userId),new Claim("deviceId", deviceId),new Claim("time", time.ToString())} 
        ), 
        Lifetime = new Lifetime(now, expiry), 
        SigningCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature, "") 
       }; 

       var stoken = tokenHandler.CreateToken(tokenDescriptor); 
       var token = tokenHandler.WriteToken(stoken); 
       return token; 
      } 

      public static ClaimsPrincipal GetPrincipal(string token) 
      { 
       try 
       { 
        var tokenHandler = new JwtSecurityTokenHandler(); 
        var jwtToken = tokenHandler.ReadToken(token) as JwtSecurityToken; 

        if (jwtToken == null) 
         return null; 

        var symmetricKey = Convert.FromBase64String(Secret); 
        SecurityKey securityKey = new InMemorySymmetricSecurityKey(symmetricKey); 

        var validationParameters = new TokenValidationParameters() 
        { 
         RequireExpirationTime = true, 
         ValidateIssuer = false, 
         ValidateAudience = false, 
         IssuerSigningKey = securityKey 
        }; 

        SecurityToken securityToken; 
        var principal = tokenHandler.ValidateToken(token, validationParameters, out securityToken); 

        return principal; 
       } 

       catch (Exception ex) 
       { 
        //should write log 
        return null; 
       } 


      }

來源

2017-04-25 Arun Tyagi

回答

0

當然後來是答案操作,但只是以防萬一其他脂肪酶具有相同的問題...

你使用哪個版本的JwtSecurityTokenHandler? 顯然,有強制執行發行人的驗證,不管你的設置了一個錯誤:

ValidateIssuer =假

應固定在5.0.0版本,但也有那些我綁到其他重大更改版本4.xx

您的令牌是否有索賠? 如果不是,將其添加爲:

new Claim("iss", issuerName),

後來,設置當你的令牌驗證發行人:

var validationParameters = new TokenValidationParameters 
    { 
     RequireExpirationTime = true, 
     ValidateIssuer = false, 
     ValidIssuer = issuerName, 
     ValidAudience = false, 
     IssuerSigningKey = securityKey 
    };

凡證書中issuerName是任何字符串常量,你會不會要檢查,但你被迫使用。即使是不會也被驗證,必須存在

錯誤:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/154 (你也可以使用那裏介紹的解決方法)

來源

2017-08-23 21:28:51 zameb

相關問題

 相關問題