有人可以解释.Net Core中的OAuth2 JWT令牌生成和验证吗?
答案 0 :(得分:2)
首先您需要使用客户端ID和重定向URL设置ADFS,然后从ADFS服务器获取JWT令牌。请参阅此帖子http://blog.scottlogic.com/2015/03/09/OAUTH2-Authentication-with-ADFS-3.0.html
之后,如果您使用.Net Core和JWT Bearer Token,则需要 使用以下powershell命令导出ADFS签名证书:
$certRefs=Get-AdfsCertificate -CertificateType Token-Signing
$certBytes=$certRefs[0].Certificate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)
[System.IO.File]::WriteAllBytes("c:\foo.cer", $certBytes)
然后在你的.Net Core应用程序启动时,你需要使用包 Microsoft.AspNetCore.Authentication.JwtBearer 并查看这篇文章http://andrewlock.net/a-look-behind-the-jwt-bearer-authentication-middleware-in-asp-net-core/
启动课程中的代码:
var signingKey = new X509SecurityKey(
new System.Security.Cryptography.X509Certificates.X509Certificate2(
"YOUR-PATH/foo.cer"));
var tokenValidationParameters = new TokenValidationParameters
{
// The signing key must match!
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
// Validate the JWT Issuer (iss) claim
ValidateIssuer = true,
ValidIssuer = "http://YOUR-ADFS/adfs/services/trust",
// Validate the JWT Audience (aud) claim
ValidateAudience = true,
ValidAudience = "https://YOUR-AUDIENCE/",
// Validate the token expiry
ValidateLifetime = true,
// If you want to allow a certain amount of clock drift, set that here:
ClockSkew = TimeSpan.Zero
};
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = tokenValidationParameters
});
答案 1 :(得分:0)
请检查以下链接有用,但程序相同。
https://www.codeproject.com/Articles/1080899/How-to-get-Jwt-token-for-Logged-On-User-or-Applica
OAuth2授权提供程序1.0.0 nuget包具有方法(ValidateToken)来验证给定的jwt令牌,但它具有证书依赖性(提供者)。
在本地计算机受信任的根目录下安装证书,这是您的adfs证书。
Nuget包将根据SubjectKeyIdentifier标识已安装的证书。