如何使用 .net 核心中的 SecurityTokenDescriptor 将孩子添加到 jwt 标头
Posted
技术标签:
【中文标题】如何使用 .net 核心中的 SecurityTokenDescriptor 将孩子添加到 jwt 标头【英文标题】:How can I add kid to jwt header using SecurityTokenDescriptor in .netcore 【发布时间】:2019-03-31 17:47:18 【问题描述】:我正在使用 .netcore 2 和 JwtSecurityToken 来生成令牌
var jwtSecurityToken = new JwtSecurityToken(
issuer: issuer,
audience:issuer,
claims: claims,
expires: DateTime.Now.AddMinutes(5),
signingCredentials: new SigningCredentials(key, SecurityAlgorithms.HmacSha256)
);
jwtSecurityToken.Header.Add("kid", requestAPIKey);
现在因为我使用 Idenity,我已从 JwtSecurityToken 切换到 Security Token Descriptor,我的代码是:
var tokenDescriptor = new SecurityTokenDescriptor
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddDays(1),
SigningCredentials = creds
;
我的问题是如何在使用安全令牌描述符时将孩子添加到我的令牌标头?在 JwtSecurityToken 中,我使用以下代码添加它:
jwtSecurityToken.Header.Add("kid", requestAPIKey);
如何使用 SecurityTokenDescriptor 做同样的事情?谢谢你!
【问题讨论】:
您找到解决方案了吗?我正在尝试做同样的事情。 【参考方案1】:这是一个您可以使用的小型复制和粘贴功能:
private static string CreateJwt(IEnumerable<Claim> claims, DateTime expiresAt)
// Creating the symmetric key and signing credentials
var veryUnsecureSecureString = "YOURSYMMETRICKEYHERE";
var symmetricKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(veryUnsecureSecureString));
symmetricKey.KeyId = "YourKeyId";
var credentials = new SigningCredentials(symmetricKey, SecurityAlgorithms.HmacSha256);
// Set security token descriptor
var tokenDescriptor = new SecurityTokenDescriptor
Subject = new ClaimsIdentity(claims),
Expires = expiresAt,
Issuer = "your issuer",
Audience = "your audience",
SigningCredentials = credentials,
;
// Crate jwt security token handler to create the token
var tokenHandler = new JwtSecurityTokenHandler();
// create the jwt object
var token = tokenHandler.CreateToken(tokenDescriptor);
// convert to string
return tokenHandler.WriteToken(token);
这是一个生成的 JWT:
eyJhbGciOiJIUzI1NiIsImtpZCI6IllvdXJLZXlJZCIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2MTE2ODQ2NzgsImV4cCI6MTYxMTg0NjY3MywiaWF0IjoxNjExNjg0Njc4LCJpc3MiOiJ5b3VyIGlzc3VlciIsImF1ZCI6InlvdXIgYXVkaWVuY2UifQ.wHOw-PkrP1iXgLkcT0JznDr2D01KAdFpVkdL6xIo5zc
使用 JWT.io 调试器解码得到以下结果:
标题:
"alg": "HS256",
"kid": "YourKeyId",
"typ": "JWT"
有效载荷:
"nbf": 1611684678,
"exp": 1611846673,
"iat": 1611684678,
"iss": "your issuer",
"aud": "your audience"
【讨论】:
【参考方案2】:这是我用过的代码 sn-p:
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.UTF8.GetBytes("Secret");
var tokenDescriptor = new SecurityTokenDescriptor
Subject = new ClaimsIdentity(new Claim[]
new Claim(ClaimTypes.Name, UserId),
new Claim(name, value),
new Claim(name, value)
),
Expires = DateTime.UtcNow.AddMinutes(5),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
;
var token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor);
token.Header.Add("kid", "");
token.Payload.Remove("iss");
token.Payload.Add("iss", "your issuer");
var tokenString = tokenHandler.WriteToken(token);
【讨论】:
【参考方案3】:试试这个:
var securityKey = new SymmetricSecurityKey(Encoding.Default.GetBytes(secretKey));
securityKey.KeyId = "KID_HERE";
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
var jwtSecurityToken = new JwtSecurityToken(
issuer: issuer,
audience:issuer,
claims: claims,
expires: DateTime.Now.AddMinutes(5),
signingCredentials: signingCredentials
);
jwtSecurityToken.Header.Add("kid", requestAPIKey);
【讨论】:
以上是关于如何使用 .net 核心中的 SecurityTokenDescriptor 将孩子添加到 jwt 标头的主要内容,如果未能解决你的问题,请参考以下文章
如何从 DBContext(实体框架核心)中的 App.config(不是 .net 核心应用程序)读取值