将jwt令牌发送到wif wcf服务

时间:2014-12-11 15:01:58

标签: wcf wif jwt

我在发送jwt令牌时遇到问题wcf服务。

已经遵循这一点,它几乎可以工作。 Delivering a JWT SecurityToken to a WCF client

所以我发送一个GenericXmlSecurityToken,就像上面的链接一样。 并创建了以下处理程序:

public class CustomJwtSecurityTokenHandler : JwtSecurityTokenHandler
{
    public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token)
    {
        var jwtToken = (JwtSecurityToken)(token);
        SecurityToken securityToken;
        var principal = ValidateToken(jwtToken.RawData, new TokenValidationParameters(), out securityToken);
        var collection = new ReadOnlyCollection<ClaimsIdentity>(principal.Identities.ToList());
        return collection;
    }

    public override ClaimsPrincipal ValidateToken(string jwt, TokenValidationParameters validationParameters, out SecurityToken token)
    {
        validationParameters.ValidateAudience = false;
        validationParameters.ValidateIssuer = false;

        var certificateBytes = Convert.FromBase64String("long text...");

        validationParameters.IssuerSigningKey = new X509SecurityKey(new X509Certificate2(certificateBytes));

        return base.ValidateToken(jwt, validationParameters, out token);
    }
}

到目前为止,一切都符合令牌验证,但在此之后发生了一些事情。

服务器抛出

System.ServiceModel.Security.MessageSecurityException : Message security verification failed. System.IndexOutOfRangeException: The index was outside the bounds of the array.

无意义的StackTrace 

<StackTrace>
   at System.Xml.XmlBufferReader.GetChars(Int32 offset, Int32 length, Char[] chars)
   at System.Xml.XmlBufferReader.GetString(Int32 offset, Int32 length)
   at System.Xml.StringHandle.GetString()
   at System.Xml.XmlBaseReader.ReadEndElement()
   at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
   at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
   at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message&amp; message, TimeSpan timeout)
   at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message&amp; message, TimeSpan timeout)
</StackTrace>

1 个答案:

答案 0 :(得分:0)

这可能是WCF中的一个问题。

请参阅:How to use JWT tokens with WCF and WIF?

根据http://leastprivilege.com/2015/07/02/give-your-wcf-security-architecture-a-makeover-with-identityserver3/

的建议,潜在的解决方法可能是将JWT作为GenericXmlSecurityToken中的声明进行传输
相关问题
最新问题