作者:手机用户2502883445 | 来源:互联网 | 2022-12-02 16:28
这是我的令牌解码器。当我尝试对其进行解码时,我的主体最终为空,从而导致此错误:
'IDX10208:无法验证受众。validationParameters.ValidAudience为null或空白,validationParameters.ValidAudiences为null。
当我解码令牌以进行检查时
“ nbf”:1539167980,“ exp”:1539168580,“ iat”:1539167980,“ iss”:“ http:// localhost:55260 ”,“ aud”:“ http:// localhost:55260 ”
这也是我的令牌生成器在其上运行的主机。为什么委托人引起问题?
public class DecodeToken
{
private IConfiguration configuration;
public DecodeToken(IConfiguration configuration)
{
this.cOnfiguration= configuration;
}
public AuthenticationDto Decode(String Input)
{
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["JwtAuthentication:SecurityKey"]));
var handler = new JwtSecurityTokenHandler();
var tokenSecure = handler.ReadToken(Input) as SecurityToken;
var validatiOns= new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = key,
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = false
};
SecurityToken securityToken;
var principal = handler.ValidateToken(Input, validations, out securityToken);
var jwtSecurityToken = securityToken as JwtSecurityToken;
if (jwtSecurityToken == null || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase))
{
throw new SecurityTokenException("Invalid Token");
}
AuthenticationDto authenticatiOnDto= new AuthenticationDto
{
Email = principal.Claims.Where(c => c.Type == "Email").Select(c => c.Value).SingleOrDefault(),
UserName = principal.Claims.Where(c => c.Type == "UserName").Select(c => c.Value).SingleOrDefault(),
FirstName = principal.Claims.Where(c => c.Type == "FirstName").Select(c => c.Value).SingleOrDefault(),
LastName = principal.Claims.Where(c => c.Type == "LastName").Select(c => c.Value).SingleOrDefault(),
PhOneNumber= principal.Claims.Where(c => c.Type == "PhoneNumber").Select(c => c.Value).SingleOrDefault(),
Id = principal.Claims.Where(c => c.Type == "Id").Select(c => c.Value).SingleOrDefault(),
ExpiryDateTime = principal.Claims.Where(c => c.Type == "exp").Select(c => c.Value).SingleOrDefault(),
Roles = principal.Claims.Where(c => c.Type == "Roles").Select(c => c.Value).ToList(),
};
return authenticationDto;
}
}
这是我的Startup.cs的样子:
services.AddAuthentication(optiOns=> {
options.DefaultAuthenticateScheme = "Jwt";
options.DefaultChallengeScheme = "Jwt";
})
.AddJwtBearer("Jwt", optiOns=>
{
options.TokenValidatiOnParameters= new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtAuthentication:SecurityKey"])),
ValidateIssuer = true,
ValidIssuer = Configuration["JwtAuthentication:Issuer"],
ValidateAudience = true,
ValidAudience = Configuration["JwtAuthentication:Audience"],
ValidateLifetime = true, //validate the expiration and not before values in the token
ClockSkew = TimeSpan.Zero //5 minute tolerance for the expiration date
};
options.Events = new JwtBearerEvents
{
OnAuthenticationFailed= cOntext=>
{
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return Task.CompletedTask;
}
};
});
我配置错了吗?
1> Kirk Larkin..:
您的错误似乎很合理。在ConfigureServices
,你设置了TokenValidationParameters
让她能够验证你的发行人/听众和你提供价值ValidIssuer
和ValidAudience
,但你不能做同样的在你的Decode
功能,在这里你只设置ValidateIssuer
并ValidateAudience
没有设定值,你期望。您需要在中的validations
变量上配置它们Decode
,如下所示:
var validatiOns= new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = key,
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = false,
// Add these...
ValidIssuer = configuration["JwtAuthentication:Issuer"],
ValidAudience = configuration["JwtAuthentication:Audience"]
};