当前位置: 文江博客话题详情

C#:JWT 不记名令牌身份验证失败:未经授权

发布于 2025-01-10 10:45:39 字数 2414 浏览 0 评论 0原文

我在客户端使用证书加密 JWT,并尝试在服务器端验证该 JWT,但它总是失败。有人可以帮忙吗?

发件人

 var handler = new JwtSecurityTokenHandler();
 var tokenDescriptor = new SecurityTokenDescriptor {
       Audience = "https://you.com",
       Issuer = "https://me.com",
       Subject = new ClaimsIdentity(new List < Claim > { new Claim("sub", "MyName")),
       IssuedAt = DateTime.UtcNow,
       Expires = DateTime.UtcNow.AddMinutes(50),
       EncryptingCredentials = new X509EncryptingCredentials(new X509Certificate2("certificate.crt", "XYZ"))
       };

var JWT = handler.CreateEncodedJwt(tokenDescriptor);

测试上述 JWT 令牌以检查 cert 和 pfx 文件是否正确。

var handler = new JwtSecurityTokenHandler();
var claimsPrincipal = handler.ValidateToken(
    token,
    new TokenValidationParameters
    {
       ValidAudience = "https://you.com",
       ValidIssuer = "https://me.com",
       RequireSignedTokens = false,
       TokenDecryptionKey = new X509SecurityKey(new X509Certificate2("certificate.pfx", "XYZ"))
    },
    out SecurityToken securityToken);

securityToken 包含 JWT 令牌中传递的所有信息。所以我知道证书或 pfx 文件没有问题

在我的其余调用中将 JWT 令牌(“Bearer {token}”)作为标题

Receiver

[HttpPut("Authenticate"), Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
public async Task<IActionResult> Auth([FromBody] User user)
{
    // stuff
}

public void ConfigureServices(IServiceCollection services) {
  //...
  X509Certificate2 cert = new X509Certificate2("certificate.pfx", "XYZ");
  SecurityKey key = new X509SecurityKey(cert);
  services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => {
      options.Authority = "https://me.com";
      options.Audience = "https://you.com";
      options.SaveToken = true;
      options.RequireHttpsMetadata = false;
      options.TokenValidationParameters = new TokenValidationParameters {
        ValidateIssuer = true,
          ValidateAudience = true,
          ValidateLifetime = true,
          ValidateIssuerSigningKey = true,
          ValidIssuer = "https://me.com",
          ValidAudience = "https://you.com",
          IssuerSigningKey = key
      };
    });
}

在其余调用中 传递,我总是收到 401:未经授权的错误。 cert 和 pfx 文件看起来不错。我是否在客户端做错了什么,或者我需要在客户端做其他事情来授权 JWT 吗?

原文

I'm encrypting JWT with a cert on the client-side and trying to validate that JWT on the server-side but it is always failing. Can anyone please help?

Sender

 var handler = new JwtSecurityTokenHandler();
 var tokenDescriptor = new SecurityTokenDescriptor {
       Audience = "https://you.com",
       Issuer = "https://me.com",
       Subject = new ClaimsIdentity(new List < Claim > { new Claim("sub", "MyName")),
       IssuedAt = DateTime.UtcNow,
       Expires = DateTime.UtcNow.AddMinutes(50),
       EncryptingCredentials = new X509EncryptingCredentials(new X509Certificate2("certificate.crt", "XYZ"))
       };

var JWT = handler.CreateEncodedJwt(tokenDescriptor);

Tested the above JWT token to check if the cert and pfx file are correct.

var handler = new JwtSecurityTokenHandler();
var claimsPrincipal = handler.ValidateToken(
    token,
    new TokenValidationParameters
    {
       ValidAudience = "https://you.com",
       ValidIssuer = "https://me.com",
       RequireSignedTokens = false,
       TokenDecryptionKey = new X509SecurityKey(new X509Certificate2("certificate.pfx", "XYZ"))
    },
    out SecurityToken securityToken);

securityToken has all the info passed in the JWT token. So I know that there is no issue with cert or pfx file

Passing the JWT token ("Bearer {token}") in my rest call as header

Receiver

[HttpPut("Authenticate"), Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
public async Task<IActionResult> Auth([FromBody] User user)
{
    // stuff
}

public void ConfigureServices(IServiceCollection services) {
  //...
  X509Certificate2 cert = new X509Certificate2("certificate.pfx", "XYZ");
  SecurityKey key = new X509SecurityKey(cert);
  services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => {
      options.Authority = "https://me.com";
      options.Audience = "https://you.com";
      options.SaveToken = true;
      options.RequireHttpsMetadata = false;
      options.TokenValidationParameters = new TokenValidationParameters {
        ValidateIssuer = true,
          ValidateAudience = true,
          ValidateLifetime = true,
          ValidateIssuerSigningKey = true,
          ValidIssuer = "https://me.com",
          ValidAudience = "https://you.com",
          IssuerSigningKey = key
      };
    });
}

In the rest call, I'm always getting 401: Unauthorized error. The cert and pfx files seem fine. Am I doing something wrong on the client-side or do I need to do anything else on client side to authorize the JWT ?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

关于作者

紅太極

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

卷耳

文章 0 评论 0

佚名

文章 0 评论 0

℉服软

文章 0 评论 0

qq_2gSKZM

文章 0 评论 0

凉宸

文章 0 评论 0

gyhjy

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文