如何使用 .net 核心中的 SecurityTokenDescriptor 将孩子添加到 jwt 标头

【问题标题】:How can I add kid to jwt header using SecurityTokenDescriptor in .netcore如何使用 .net 核心中的 SecurityTokenDescriptor 将孩子添加到 jwt 标头
【发布时间】:2019-03-31 17:47:18
【问题描述】:

我正在使用 .netcore 2 和 JwtSecurityToken 来生成令牌

            var jwtSecurityToken = new JwtSecurityToken(
                issuer: issuer,
                audience:issuer,
                claims: claims,
                expires: DateTime.Now.AddMinutes(5),
                signingCredentials: new SigningCredentials(key, SecurityAlgorithms.HmacSha256)
            );

            jwtSecurityToken.Header.Add("kid", requestAPIKey);

现在因为我使用 Idenity,我已从 JwtSecurityToken 切换到 Security Token Descriptor,我的代码是:

            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = new ClaimsIdentity(claims),
                Expires = DateTime.Now.AddDays(1),
                SigningCredentials = creds
            };

我的问题是如何在使用安全令牌描述符时将孩子添加到我的令牌标头?在 JwtSecurityToken 中,我使用以下代码添加它:

jwtSecurityToken.Header.Add("kid", requestAPIKey);

如何使用 SecurityTokenDescriptor 做同样的事情?谢谢你!

【问题讨论】:

  • 您找到解决方案了吗?我正在尝试做同样的事情。

标签: c# .net-core jwt asp.net-core-2.0 asp.net-core-webapi


【解决方案1】:

这是一个您可以使用的小型复制和粘贴功能:

private static string CreateJwt(IEnumerable<Claim> claims, DateTime expiresAt)
    {
        // Creating the symmetric key and signing credentials
        var veryUnsecureSecureString = "YOURSYMMETRICKEYHERE";
        var symmetricKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(veryUnsecureSecureString));
        symmetricKey.KeyId = "YourKeyId";
        var credentials = new SigningCredentials(symmetricKey, SecurityAlgorithms.HmacSha256);

        // Set security token descriptor
        var tokenDescriptor = new SecurityTokenDescriptor {
            Subject = new ClaimsIdentity(claims),
            Expires = expiresAt,
            Issuer = "your issuer",
            Audience = "your audience",
            SigningCredentials = credentials,
        };

        // Crate jwt security token handler to create the token
        var tokenHandler = new JwtSecurityTokenHandler();

        // create the jwt object
        var token = tokenHandler.CreateToken(tokenDescriptor);

        // convert to string
        return tokenHandler.WriteToken(token);
    }

这是一个生成的 JWT:

eyJhbGciOiJIUzI1NiIsImtpZCI6IllvdXJLZXlJZCIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2MTE2ODQ2NzgsImV4cCI6MTYxMTg0NjY3MywiaWF0IjoxNjExNjg0Njc4LCJpc3MiOiJ5b3VyIGlzc3VlciIsImF1ZCI6InlvdXIgYXVkaWVuY2UifQ.wHOw-PkrP1iXgLkcT0JznDr2D01KAdFpVkdL6xIo5zc

使用 JWT.io 调试器解码得到以下结果:

标题:

{
  "alg": "HS256",
  "kid": "YourKeyId",
  "typ": "JWT"
}

有效载荷:

{
  "nbf": 1611684678,
  "exp": 1611846673,
  "iat": 1611684678,
  "iss": "your issuer",
  "aud": "your audience"
}

【讨论】:

    【解决方案2】:

    这是我用过的代码 sn-p:

    var tokenHandler = new JwtSecurityTokenHandler(); 
        var key = Encoding.UTF8.GetBytes("Secret"); 
        var tokenDescriptor = new SecurityTokenDescriptor 
        { 
            Subject = new ClaimsIdentity(new Claim[] 
            { 
                new Claim(ClaimTypes.Name, UserId), 
                new Claim(name, value), 
                new Claim(name, value)
            }), 

            Expires = DateTime.UtcNow.AddMinutes(5), 
            SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) 

        }; 

        var token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor); 
        token.Header.Add("kid", ""); 

        token.Payload.Remove("iss"); 
        token.Payload.Add("iss", "your issuer"); 

        var tokenString = tokenHandler.WriteToken(token);

    【讨论】:

      【解决方案3】:

      试试这个:

      var securityKey = new SymmetricSecurityKey(Encoding.Default.GetBytes(secretKey));
securityKey.KeyId = "KID_HERE";
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);

var jwtSecurityToken = new JwtSecurityToken(
                issuer: issuer,
                audience:issuer,
                claims: claims,
                expires: DateTime.Now.AddMinutes(5),
                signingCredentials: signingCredentials 
            );

jwtSecurityToken.Header.Add("kid", requestAPIKey);

      【讨论】:

        猜你喜欢
        • 2019-06-08
        • 2017-05-19
        • 2017-04-24
        • 2018-06-14
        • 1970-01-01
        • 1970-01-01
        • 2021-07-22
        • 1970-01-01
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode