我在设置TokenValidation参数时遇到问题。 VS告诉我,在x.Id的 IssuerSigningKeyResolver 的委托中,“'char'不包含'Id'”的定义。
在这种情况下,“证书”被声明并因此被Google证书加载:-
Byte[][] certBytes = getCertBytes(GOOGLE_CERTS);
Dictionary<String, X509Certificate2> certificates = new Dictionary<String, X509Certificate2>();
for (int i = 0; i < certBytes.Length; i++)
{
X509Certificate2 certificate = new X509Certificate2(certBytes[i]);
certificates.Add(certificate.Thumbprint, certificate);
}
TokenValidationParameters JWTparams = new TokenValidationParameters()
{
ValidateActor = false,
ValidateAudience = true,
ValidAudience = CLIENT_ID,
ValidateIssuer = true,
ValidIssuers = VALID_ISSUERS,
ValidateIssuerSigningKey = true,
RequireSignedTokens = true,
IssuerSigningKeyResolver = (tokenString, securityToken, identifier, parameters) =>
{
return identifier.Select(x =>
{
if (certificates.ContainsKey(x.Id.ToUpper()))
{
return new X509SecurityKey(certificates[x.Id.ToUpper()]);
}
return null;
}).First(x => x != null);
},
ValidateLifetime = true
};
我绝不是C#的专家,所以我很感谢我复制的某些代码的帮助。我的“理解”是代表收到“ identifier”作为字符串,所以为什么要使用Linq.Select,我不确定,因为我猜想它一次只能通过一个字符?
医生说“标识符”可能为空,但是“ .First(x => x!= null)”应该处理连续的呼叫吗?
“ securityToken”具有ID,但不适用于其他任何地方。
请帮助。
答案 0 :(得分:0)
看来这是一种有效且更具逻辑/可读性的方法:-
IssuerSigningKeyResolver = (token, securityToken, kid, validationParameters) =>
{
return certificates
.Where(x => x.Key.ToUpper() == kid.ToUpper())
.Select(x => new X509SecurityKey(x.Value));
},