asp.net Micorosf Entra IDX10503:签名验证失败,托肯没有孩子Keys尝试:'System.Text.StringBuilder'

hk8txs48  于 2023-10-21  发布在  .NET
关注(0)|答案(1)|浏览(573)

我正在尝试使用Owin通过ASP NET应用程序实现Azure AD身份验证。
我使用的代码如下:

  1. app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
  3.             app.UseCookieAuthentication(new CookieAuthenticationOptions());
  4.             app.UseOpenIdConnectAuthentication(
  5.                 new OpenIdConnectAuthenticationOptions
  6.                 {
  7.                     ClientId = clientId,
  8.                     Authority = authority,
  9.                     RedirectUri = redirectUri,
  10.                     PostLogoutRedirectUri = redirectUri,
  11.                     Scope = OpenIdConnectScope.OpenId,
  12.                     ResponseType = OpenIdConnectResponseType.CodeIdToken,
  13.                     Notifications = new OpenIdConnectAuthenticationNotifications
  14.                     {
  15.                         AuthenticationFailed = OnAuthenticationFailed,
  16.                         AuthorizationCodeReceived = OnAuthorizationCodeReceived,
  17.                     }
  19.                 }
  20.             );

我得到以下错误:IDX10503: Signature validation failed. Token does not have a kid. Keys tried: 'System.Text.StringBuilder'
我检查了代币,孩子在里面。根据:https://learn.microsoft.com/en-us/azure/active-directory/develop/signing-key-rollover,NET OWIN OpenID Connect已经具有自动处理密钥翻转的必要逻辑。

asp.net

1条答案

按热度按时间
fdbelqdn

fdbelqdn1#

错误消息IDX10503: Signature validation failed. Token does not have a kid. Keys tried: 'System.Text.StringBuilder'表示正在验证的JSON Web Token(JWT)缺少kid(密钥标识符)声明,这对于标识用于签名JWT的密钥至关重要。
要解决这个问题,可以使用OpenIdConnectAuthenticationOptions类,它的特点是在令牌验证后触发SecurityTokenValidated事件。在事件处理程序中,您可以使用其他声明(如ClaimTypes.Name声明)来增强标识。

  1. app.UseOpenIdConnectAuthentication(
  2.   new OpenIdConnectAuthenticationOptions
  3.       {
  4.           ClientId = clientId,
  5.           Authority = authority,
  6.           PostLogoutRedirectUri = postLogoutRedirectUri,
  7.            Notifications = new OpenIdConnectAuthenticationNotifications()
  8.            {
  9.             SecurityTokenValidated = (context) =>
  10.              {
  11.                string name = context.AuthenticationTicket.Identity.FindFirst("preferred_username").Value;
  12.                 context.AuthenticationTicket.Identity.AddClaim(new Claim(ClaimTypes.Name, name, string.Empty));
  13.                 return System.Threading.Tasks.Task.FromResult(0);
  14.                     }
  15.                 }
  16.          });
  17.                  
  18.  }

请确保您已安装以下软件包

  1. Install-Package Microsoft.Owin  
  2. Install-Package Microsoft.Owin.Security.OpenIdConnect  
  3. Install-Package Microsoft.Owin.Security.Cookies  
  4. Install-Package Microsoft.Owin.Host.SystemWeb  
  5. Install-Package Microsoft.IdentityModel.Protocol.Extensions  
  6. Install-Package System.IdentityModel.Tokens.Jwt

结果

展开查看全部
赞(0)分享  回复(0)举报  2023-10-21
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com