我正在尝试使用 .NET 4.7 生成由 .NET CORE 3.1 网站读取的 JWT 令牌。我在 CORE 中加密和解密令牌工作正常,但无法弄清楚如何在 .NET 4.7 中以编程方式处理相同的主题。
这是示例 CORE 端的加密代码(我知道它在没有“asdfasdf”的情况下也能工作):
var keyBytes = Encoding.ASCII.GetBytes(customerJwtEncryptionKey);
var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(keyBytes),
SecurityAlgorithms.Aes256KW, SecurityAlgorithms.Aes256CbcHmacSha512);
// get signing credentials
var privateSigningKey = "asdfasdf";
using RSA rsa = RSA.Create(4096);
rsa.ImportRSAPrivateKey(Convert.FromBase64String(privateSigningKey), out _);
var signingCredentials = new SigningCredentials(new RsaSecurityKey(rsa), SecurityAlgorithms.RsaSha512)
{
CryptoProviderFactory = new CryptoProviderFactory { CacheSignatureProviders = false }
};
var jwtIssuer = "www.test.com";
var tokenDescriptor = new SecurityTokenDescriptor
{
Issuer = jwtIssuer,
Subject = CreateClaimsIdentity(request),
Expires = tokenExpirationTime,
SigningCredentials = signingCredentials,
EncryptingCredentials = encryptingCredentials
};
这是我目前使用 .NET 4.7 和 C# 所获得的:
var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(keyBytes),
SecurityAlgorithms.Aes256KW, SecurityAlgorithms.Aes256CbcHmacSha512);
// get signing credentials
var privateSigningKey = JwtPrivateSigningKey;
//RSA rsa = RSA.Create();
byte[] privateKeyBytes = Convert.FromBase64String(privateSigningKey);
//RsaSecurityKey securityKey = new RsaSecurityKey();
CspParameters cspParameters = new CspParameters { };
RSACryptoServiceProvider myRSA = new RSACryptoServiceProvider(4096);
RSAParameters publicKey = myRSA.ExportParameters(true);
var signingCredentials = new SigningCredentials(new RsaSecurityKey(rsa), SecurityAlgorithms.RsaSha512)
{
CryptoProviderFactory = new CryptoProviderFactory { CacheSignatureProviders = false }
};
var jwtIssuer = "http://demosite.com";
var tokenDescriptor = new SecurityTokenDescriptor
{
Issuer = jwtIssuer,
Subject = CreateClaimsIdentity(),
Expires = tokenExpirationTime,
SigningCredentials = signingCredentials,
EncryptingCredentials = encryptingCredentials
};
我编写的代码适用于加密凭据,但我不知道如何将私钥导入 RsaSecurityKey 并将其用作 SecurityTokenDescriptor 的签名凭据。如果有人知道如何做到这一点,请联系。谢谢!
哦,How to sign a JWT using RS256 with RSA private key 使用 BouncyCastle,而不是普通的 .NET。