我有一个ASP.NET 5 / Core RC1 MVC(WebApi)应用程序,该应用程序使用JWT令牌与auth0连接以进行承载身份验证。应用程序使用dnx451作为框架(因为不受支持的依赖项而不是CoreCLR)。
在Windows上运行应用程序时,它可以正常运行。
但是我想在Ubuntu上使用Mono作为dnx451的运行时运行它。在那里,应用程序运行但是一旦我向它发出请求,它就会返回Internal Server Error 500。
日志输出:
info: Microsoft.AspNet.Hosting.Internal.HostingEngine[3]
Request finished in 0.0006ms 500
fail: Microsoft.AspNet.Server.Kestrel[13]
An unhandled exception was thrown by the application.
System.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed. Keys tried: 'System.IdentityModel.Tokens.X509SecurityKey , KeyId: MTZBREFEQ0M5NUQ2RDY3RDkzM0E0RDYwMDdCM0I4QUY1MDc3RUNDNA
'.
Exceptions caught:
'System.TypeLoadException: Could not load type 'System.IdentityModel.Tokens.AsymmetricSignatureProvider' from assembly 'System.IdentityModel.Tokens, Version=5.0.0.112, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.
at System.IdentityModel.Tokens.SignatureProviderFactory.CreateForVerifying (System.IdentityModel.Tokens.SecurityKey key, System.String algorithm) <0x4067def0 + 0x0001b> in <filename unknown>:0
at System.IdentityModel.Tokens.X509SecurityKey.GetSignatureProvider (System.String algorithm, Boolean verifyOnly) <0x4067de30 + 0x00057> in <filename unknown>:0
at System.IdentityModel.Tokens.SecurityKey.GetSignatureProviderForValidating (System.String algorithm) <0x4067de00 + 0x0001a> in <filename unknown>:0
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature (System.Byte[] encodedBytes, System.Byte[] signature, System.IdentityModel.Tokens.SecurityKey key, System.String algorithm) <0x4067dcb0 + 0x0003f> in <filename unknown>:0
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature (System.String token, System.IdentityModel.Tokens.TokenValidationParameters validationParameters) <0x40679070 + 0x004b3> in <filename unknown>:0
'.
token: '{"alg":"RS256","typ":"JWT","kid":"MTZBREFEQ0M5NUQ2RDY3RDkzM0E0RDYwMDdCM0I4QUY1MDc3RUNDNA"}.{"iss":"**********","sub":"*****************","aud":"****************","exp":1464737848,"iat":1464701848}'
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature (System.String token, System.IdentityModel.Tokens.TokenValidationParameters validationParameters) <0x40679070 + 0x0096b> in <filename unknown>:0
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken (System.String token, System.IdentityModel.Tokens.TokenValidationParameters validationParameters, System.IdentityModel.Tokens.SecurityToken& validatedToken) <0x406782f0 + 0x0021d> in <filename unknown>:0
at Microsoft.AspNet.Authentication.JwtBearer.JwtBearerHandler+<HandleAuthenticateAsync>d__1.MoveNext () <0x41f5bcf0 + 0x011c4> in <filename unknown>:0
这是与Mono / ASP.NET 5的一般不兼容还是有什么关系呢?
答案 0 :(得分:1)
问题只发生,因为即使您使用的是DataGrid dg = (DataGrid)sender; // Will throw an exception if not a DataGrid
string name = dg.Name;
,AsymmetricSignatureProvider也会加载Windows编组并加载。如果您愿意使用SymmetricSecurityKey,则可以采用以下解决方法:
SymmetricSecurityKey这与signingKey.CryptoProviderFactory = new MonoFriendlyCryptoProviderFactory(_LoggerFactory.CreateLogger<MonoFriendlyCryptoProviderFactory>());
public class MonoFriendlyCryptoProviderFactory : CryptoProviderFactory
{
private readonly ILogger _Logger;
public MonoFriendlyCryptoProviderFactory(ILogger logger)
{
_Logger = logger;
}
public override SignatureProvider CreateForSigning(SecurityKey key, string algorithm)
{
return CreateProvider(key, algorithm, true);
}
public override SignatureProvider CreateForVerifying(SecurityKey key, string algorithm)
{
return CreateProvider(key, algorithm, false);
}
private SignatureProvider CreateProvider(SecurityKey key, string algorithm, bool willCreateSignatures)
{
_Logger?.LogDebug($"Creating {algorithm} provider for {key.KeyId} for {(willCreateSignatures ? "signing" : "verifying")}");
if (key == null)
throw new ArgumentNullException(nameof(key));
if (string.IsNullOrWhiteSpace(algorithm))
throw new ArgumentNullException(nameof(algorithm));
//AsymmetricSecurityKey asymmetricSecurityKey = key as AsymmetricSecurityKey;
//if (asymmetricSecurityKey != null)
// return new AsymmetricSignatureProvider(asymmetricSecurityKey, algorithm, willCreateSignatures, this.AsymmetricAlgorithmResolver);
SymmetricSecurityKey symmetricSecurityKey = key as SymmetricSecurityKey;
if (symmetricSecurityKey != null)
return new SymmetricSignatureProvider(symmetricSecurityKey, algorithm);
JsonWebKey jsonWebKey = key as JsonWebKey;
if (jsonWebKey != null && jsonWebKey.Kty != null)
{
//if (jsonWebKey.Kty == "RSA" || jsonWebKey.Kty == "EC")
// return new AsymmetricSignatureProvider(key, algorithm, willCreateSignatures, this.AsymmetricAlgorithmResolver);
if (jsonWebKey.Kty == "oct")
return new SymmetricSignatureProvider(key, algorithm);
}
throw new ArgumentException($"{typeof(SignatureProvider)} supports: '{typeof(SecurityKey)}' of types: '{typeof(AsymmetricSecurityKey)}' or '{typeof(AsymmetricSecurityKey)}'. SecurityKey received was of type: '{key.GetType()}'.");
}
}
的rc2版本完全相同,除了没有函数的注释掉的部分如果你没有使用Microsoft.IdentityModel.Tokens。
AsymmetricSecurityKey是唯一的选择,因为dnx已经被删除,并且各种驱动程序还没有针对coreclr好几个月。