Jwt 无法有效的发行者或受众

【问题标题】:Jwt Unable to valid issuer or audienceJwt 无法有效的发行者或受众
【发布时间】:2019-03-15 06:28:08
【问题描述】:

这是我的令牌解码器。当我尝试对其进行解码时,我的主体最终为空,从而导致此错误:

'IDX10208:无法验证受众。 validationParameters.ValidAudience 为 null 或空格,并且 validationParameters.ValidAudiences 为空。'

当我解码我的令牌进行检查时

“nbf”:1539167980,“exp”:1539168580,“iat”:1539167980,“iss”: "http://localhost:55260", "aud": "http://localhost:55260"

这也是我的令牌生成器运行的主机。为什么委托人会导致问题?

public class DecodeToken
{
    private IConfiguration configuration;
    public DecodeToken(IConfiguration configuration)
    {
        this.configuration = configuration;
    }

    public AuthenticationDto Decode(String Input)
    {
        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["JwtAuthentication:SecurityKey"]));
        var handler = new JwtSecurityTokenHandler();
        var tokenSecure = handler.ReadToken(Input) as SecurityToken;
        var validations = new TokenValidationParameters
        {
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = key,
            ValidateIssuer = true,
            ValidateAudience = true,
            ValidateLifetime = false
        };
        SecurityToken securityToken;
        var principal = handler.ValidateToken(Input, validations, out securityToken);
        var jwtSecurityToken = securityToken as JwtSecurityToken;
        if (jwtSecurityToken == null || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase))
        {
            throw new SecurityTokenException("Invalid Token");
        }
        AuthenticationDto authenticationDto = new AuthenticationDto
        {
            Email = principal.Claims.Where(c => c.Type == "Email").Select(c => c.Value).SingleOrDefault(),
            UserName = principal.Claims.Where(c => c.Type == "UserName").Select(c => c.Value).SingleOrDefault(),
            FirstName = principal.Claims.Where(c => c.Type == "FirstName").Select(c => c.Value).SingleOrDefault(),
            LastName = principal.Claims.Where(c => c.Type == "LastName").Select(c => c.Value).SingleOrDefault(),
            PhoneNumber = principal.Claims.Where(c => c.Type == "PhoneNumber").Select(c => c.Value).SingleOrDefault(),
            Id = principal.Claims.Where(c => c.Type == "Id").Select(c => c.Value).SingleOrDefault(),
            ExpiryDateTime = principal.Claims.Where(c => c.Type == "exp").Select(c => c.Value).SingleOrDefault(),
            Roles = principal.Claims.Where(c => c.Type == "Roles").Select(c => c.Value).ToList(),
        };
        return authenticationDto;
    }
}

这就是我的 Startup.cs 的样子:

services.AddAuthentication(options => {
    options.DefaultAuthenticateScheme = "Jwt";
    options.DefaultChallengeScheme = "Jwt";
})
.AddJwtBearer("Jwt", options =>
{
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuerSigningKey = true,
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtAuthentication:SecurityKey"])),

        ValidateIssuer = true,
        ValidIssuer = Configuration["JwtAuthentication:Issuer"],

        ValidateAudience = true,
        ValidAudience = Configuration["JwtAuthentication:Audience"],

        ValidateLifetime = true, //validate the expiration and not before values in the token

        ClockSkew = TimeSpan.Zero //5 minute tolerance for the expiration date
    };
    options.Events = new JwtBearerEvents
    {
        OnAuthenticationFailed = context =>
        {
            if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
            {
                context.Response.Headers.Add("Token-Expired", "true");
            }
            return Task.CompletedTask;
        }
    };
});

我是不是配置有问题?

【问题讨论】:

    标签: c# asp.net asp.net-core asp.net-core-mvc jwt


    【解决方案1】:

    您的错误似乎完全有道理。在ConfigureServices 中,您正在设置TokenValidationParameters,以便它验证您的发行人/受众,并且您正在为ValidIssuerValidAudience 提供值,但您没有做同样的事情 em> 在您的 Decode 函数中,您只设置 ValidateIssuerValidateAudience 而不设置您期望的值。您需要在Decode 中的validations 变量上配置这些,如下所示:

    var validations = new TokenValidationParameters
{
    ValidateIssuerSigningKey = true,
    IssuerSigningKey = key,
    ValidateIssuer = true,
    ValidateAudience = true,
    ValidateLifetime = false,
    // Add these...
    ValidIssuer = configuration["JwtAuthentication:Issuer"],
    ValidAudience = configuration["JwtAuthentication:Audience"]
};

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2020-06-27
      • 2023-03-14
      • 2016-12-23
      • 2017-03-13
      • 1970-01-01
      • 2021-12-28
      • 2020-12-10
      • 2018-11-15
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode