我正在使用Swagger进行API调用,为了进行身份验证,我可以生成Bearer令牌,但之后我得到401作为响应。检查日志后,以下是错误: Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException:IDX10501:签名验证失败。无法匹配密钥: 小子:“ [PII隐藏]”, 令牌:“ [PII隐藏]” 我的ConfigureAuth方法如下:
private static void ConfigureAuth(IAppBuilder app)
{
var metadataEndpoint = string.Format(
configProvider.GetConfigValue<string>("ida:AadInstance", "AuthConfig"),
configProvider.GetConfigValue<string>("ida:Tenant", "AuthConfig"),
configProvider.GetConfigValue<string>("ida:SignInPolicy", "AuthConfig"));
string[] validAudiences = configProvider.GetConfigValue<string>("ida:Audiences", "AuthConfig").Split(',');
TokenValidationParameters tvps = new TokenValidationParameters
{
ValidAudiences = validAudiences,
AuthenticationType = configProvider.GetConfigValue<string>("ida:SignInPolicy", "AuthConfig"),
ValidateAudience = true,
ValidateIssuer = configProvider.GetConfigValue<bool>("validateIssuer", "AuthConfig"),
ValidateLifetime = true,
ValidAudience = configProvider.GetConfigValue<string>("Swagger:ClientId", "AuthConfig"),
//NameClaimType = "http://schemas.microsoft.com/identity/claims/objectidentifier",
};
//SecurityToken securityToken;
//JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
app.UseOAuthBearerAuthentication(
new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new JwtFormat(tvps, new OpenIdConnectCachingSecurityTokenProvider(metadataEndpoint)),
Provider = new OAuthBearerAuthenticationProvider()
{
OnRequestToken = (context) =>
{
if (!string.IsNullOrEmpty(context.Token))
{
}
return Task.FromResult<int>(0);
},
OnValidateIdentity = (context) =>
{
////TO DO
//// Steps to perform after identity validation
return Task.FromResult<int>(0);
}
}
});
}
答案 0 :(得分:3)
答案 1 :(得分:0)
结果表明,与发行人使用除RSA以外的算法对令牌进行签名时将报告的消息相同。显然ECDSA即将推出: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/487
答案 2 :(得分:0)
我必须将OpenIdConnectAuthenticationOptions.MetadataAddress更新为 https://login.microsoftonline.com/tfp/ {tenantId} / {policyId} /v2.0/。众所周知/ openid配置。