C#无法使用证书签署JWT

时间:2017-07-19 15:06:08

标签: c# ssl rsa jwt x509certificate2

我正在使用VS 2017和.NET 4.6.2开发C#Web Api MVC项目,我想使用我的证书签署 JSON Web令牌

这是我的代码:

using SolutionDOC_Common;
using SolutionDOC_Interface.Repository.Authentication;
using SolutionDOC_SDK.Model;
using System;
using System.Collections.Generic;
using System.Configuration;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Authentication;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using mit = Microsoft.IdentityModel.Tokens;

public string Build(Credentials credentials)
{
    string thumbprint = ConfigurationManager.AppSettings["CertificateThumbprint"];
    string tokenIssuer = ConfigurationManager.AppSettings["TokenIssuer"];
    string tokenAudience = ConfigurationManager.AppSettings["TokenAudience"];

    List<Claim> claims = new List<Claim>
    {
        new Claim(ClaimTypes.Name, credentials.Username),
        new Claim(ClaimTypes.Surname, credentials.Alias)
    };

    X509Certificate2 cert = CertificateUtility.GetCertificateByThumbprint(thumbprint);
    RSACryptoServiceProvider publicAndPrivate = (RSACryptoServiceProvider)cert.PublicKey.Key;

    JwtSecurityToken jwtToken = new JwtSecurityToken
    (
        issuer: tokenIssuer,
        audience: tokenAudience,
        claims: claims,
        signingCredentials: new mit.SigningCredentials(new mit.RsaSecurityKey(publicAndPrivate), mit.SecurityAlgorithms.RsaSha256Signature),
        expires: DateTime.Now.AddDays(30)
    );

    JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();

    // This throws the InvalidOperationException!
    string tokenString = tokenHandler.WriteToken(jwtToken);

    return tokenString;

    throw new AuthenticationException();
}

tokenHandler.WriteToken(jwtToken)行,引发InvalidOperationException

  

'IDX10638:无法创建SignatureProvider,'key.HasPrivateKey'为false,无法创建签名。密钥:Microsoft.IdentityModel.Tokens.RsaSecurityKey。'

相应证书的权限设置为IIS_IUSRS用户,因此它也可以读取私钥。该证书实际上是使用IIS生成的自签名证书,该证书具有私钥。 指纹设置正确,因此我获得了正确的证书。 所以我正确地得到了X509Certificate2个对象。 <{1}}对象的PrivateKey属性已填充。

为什么不起作用?

1 个答案:

答案 0 :(得分:1)

好吧,即使您标记了变量publicAndPrivate,您也只是提取了一个公钥。尝试改为

RSACryptoServiceProvider publicAndPrivate = (RSACryptoServiceProvider)cert.PrivateKey;
相关问题
最新问题