我使用下面的代码来验证AAD访问令牌。
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigSettings.MicrosoftAadTenant,
TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
ValidateIssuer = false
}
});
代码正常工作,直到我切换到使用从PPE环境生成的令牌,其Iss为“https://sts.windows-ppe.net/ ...”。我在下面粘贴了错误消息。你知道怎么解决吗?
Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationMiddleware 错误:0:身份验证失败 System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10500:签名验证失败。无法解决 SecurityKeyIdentifier:'SecurityKeyIdentifier ( IsReadOnly = False, 数= 2, 条款[0] = X509ThumbprintKeyIdentifierClause(Hash = 0x871BE0E2BDD307841D01C8151AE2717D2DB9F376), Clause [1] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause )',
谢谢,