使用带有JSON Web令牌处理程序的.Net

时间:2016-03-07 15:57:49

标签: c# .net jwt

我正在开始一项新任务,我必须从JWT处理指纹。我们使用JSON Web Token Handler用于Microsoft .Net Framework。已经有一个实现用于测试,生成JWT而不在头文件中提交x5t。它看起来像这样:

var handler = new JwtSecurityTokenHandler();
      var securityKey = new InMemorySymmetricSecurityKey(Any.Array<byte>(1024));
      var desc = new SecurityTokenDescriptor
      {
        TokenIssuerName = "MSI",
        Lifetime = new Lifetime(null, DateTime.UtcNow.AddDays(10)),
        SigningCredentials = new SigningCredentials(securityKey, "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256"),
      };

      var identity = new ClaimsIdentity();
      identity.AddClaim(new Claim("scope", "msi_unsapi_presence.watch"));
      identity.AddClaim(new Claim("scope", "msi_unsapi_location.watch"));
      identity.AddClaim(new Claim("scope", "msi_unsapi_groupmgt.read"));
      identity.AddClaim(new Claim("scope", "msi_unsapi_groupmgt.write"));
      var jwtToken = handler.CreateToken(desc);
      return jwtToken;

它产生的令牌:{"typ":"JWT","alg":"HS256"}.{"scope":["msi_unsapi_presence.watch","msi_unsapi_location.watch","msi_unsapi_groupmgt.read","msi_unsapi_groupmgt.write"]}我尝试将SecurityTokenDescriptor的AttachedReference属性设置为以下AttachedReference = new X509ThumbprintKeyIdentifierClause(Any.Array<byte>(1024)),以便在令牌中填充x5t字段(我不关心确切的值) ,我只需要它存在于令牌中以供测试目的)但是生成的令牌仍然没有设置此字段。如何生成标头中没有空x5t的令牌,最好修改现有代码?

1 个答案:

答案 0 :(得分:2)

这里是customJsonWebTokenFormat的实现:

你可以使用payload.add()实际添加任何内容。

          public class yourJsonWebTokenFormat: ISecureDataFormat<AuthenticationTicket>
            {
                public string Protect(AuthenticationTicket data)
                {
                DateTime notBefore = DateTime.UtcNow;
                DateTime expires = notBefore + TimeSpan.FromHours(1); //validity timer.

         SigningCredentials cred= new SigningCredentials(); // your signing credentials.
                    JwtHeader header = new JwtHeader(cred);
header.add("x5t","your value");
                    JwtPayload payload = newJwtPayload(ConfigurationManager.AppSettings["Issuer"],data.Properties.Dictionary["audience"], data.Identity.Claims, notBefore, expires);
        payload.add("x5t","your x5t to json property");

                    var jwtToken = new JwtSecurityToken(header, payload);
                    var handler = new JwtSecurityTokenHandler();
                    var jwt = handler.WriteToken(jwtToken);
                    return jwt;
                }
    }

然后在你的OAuth配置中:

     OAuthAuthorizationServerOptions OAuthServerOptions = new 

    OAuthAuthorizationServerOptions()
                {
    // provider configuration, token authentication expiracy, etc...
Provider = new SampleAuthorizationServerProvider()
                    AccessTokenFormat = new JsonWebTokenFormat()
                };

请求令牌现在将调用yourJsonWebTokenFormat.protect()方法。

您应该在自己的OAuthAuthorizationServerProvider中的AuthenticationTicket中设置您在示例中构建的身份。

类似的东西:

        public class SampleAuthorizationServerProvider : OAuthAuthorizationServerProvider, IOAuthAuthorizationServerProvider
        {
           public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
                {
        // do AD check or other stuff needed to validate the user here
            var ticket = new AuthenticationTicket(identity, props); // props here is a AuthenticationProperties Dictionnary with other stuff that you want in your JwtToken
    context.Validated(ticket);
        }

        public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
        {
//do some check...
context.Validated();
}
    }

所以你最终需要实现2个课程:ISecureDataFormat<AuthenticationTicket>

OAuthAuthorizationServerProvider, IOAuthAuthorizationServerProvider