为ADFS和.Net Core设置OAuth2 JWT令牌 [英] Setup OAuth2 JWT Token for ADFS and .Net Core

问题描述

有人可以解释.Net Core中OAuth2 JWT令牌的生成和验证吗?

Can someone explain the the OAuth2 JWT token generation and verification in .Net Core?

推荐答案

首先，您需要使用客户端ID和重定向URL设置ADFS，然后从ADFS服务器获取JWT令牌.请参阅此帖子 http://blog.scottlogic .com/2015/03/09/OAUTH2-Authentication-with-ADFS-3.0.html

First You need to setup ADFS with a client id and redirect URL, then get a JWT token from ADFS server. See this post http://blog.scottlogic.com/2015/03/09/OAUTH2-Authentication-with-ADFS-3.0.html

在那之后，如果您将.Net Core与JWT Bearer令牌一起使用，则需要 使用以下powershell命令导出ADFS签名证书:

After that, if you are using .Net Core with JWT Bearer Token you need to export ADFS signing certificate using the following powershell commands:

$certRefs=Get-AdfsCertificate -CertificateType Token-Signing
$certBytes=$certRefs[0].Certificate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)
[System.IO.File]::WriteAllBytes("c:\foo.cer", $certBytes)

然后，在您的.Net Core应用程序启动时，您需要使用包 Microsoft.AspNetCore.Authentication.JwtBearer ，并查看此帖子 http://andrewlock.net/a-look-behind-the-jwt-承载身份验证中间件在asp-net-core/

Then in your .Net Core application start up, you need to use package Microsoft.AspNetCore.Authentication.JwtBearer and look at this post http://andrewlock.net/a-look-behind-the-jwt-bearer-authentication-middleware-in-asp-net-core/

启动课程中的代码:

var signingKey = new X509SecurityKey(
    new System.Security.Cryptography.X509Certificates.X509Certificate2(
        "YOUR-PATH/foo.cer"));

var tokenValidationParameters = new TokenValidationParameters
{
    // The signing key must match!
    ValidateIssuerSigningKey = true,
    IssuerSigningKey = signingKey,

    // Validate the JWT Issuer (iss) claim
    ValidateIssuer = true,
    ValidIssuer = "http://YOUR-ADFS/adfs/services/trust",

    // Validate the JWT Audience (aud) claim
    ValidateAudience = true,
    ValidAudience = "https://YOUR-AUDIENCE/",

    // Validate the token expiry
    ValidateLifetime = true,

    // If you want to allow a certain amount of clock drift, set that here:
    ClockSkew = TimeSpan.Zero
};

app.UseJwtBearerAuthentication(new JwtBearerOptions
{
    AutomaticAuthenticate = true,
    AutomaticChallenge = true,
    TokenValidationParameters = tokenValidationParameters
});

这篇关于为ADFS和.Net Core设置OAuth2 JWT令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！