为 ADFS 和 .Net Core 设置 OAuth2 JWT 令牌 [英] Setup OAuth2 JWT Token for ADFS and .Net Core

查看:24
本文介绍了为 ADFS 和 .Net Core 设置 OAuth2 JWT 令牌的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

谁能解释一下.Net Core中OAuth2 JWT令牌的生成和验证?

Can someone explain the the OAuth2 JWT token generation and verification in .Net Core?

推荐答案

首先您需要使用客户端 ID 和重定向 URL 设置 ADFS,然后从 ADFS 服务器获取 JWT 令牌.请参阅此帖子 http://blog.scottlogic.com/2015/03/09/OAUTH2-Authentication-with-ADFS-3.0.html

First You need to setup ADFS with a client id and redirect URL, then get a JWT token from ADFS server. See this post http://blog.scottlogic.com/2015/03/09/OAUTH2-Authentication-with-ADFS-3.0.html

之后,如果您使用带有 JWT Bearer Token 的 .Net Core,您需要使用以下 powershell 命令导出 ADFS 签名证书:

After that, if you are using .Net Core with JWT Bearer Token you need to export ADFS signing certificate using the following powershell commands:

$certRefs=Get-AdfsCertificate -CertificateType Token-Signing
$certBytes=$certRefs[0].Certificate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)
[System.IO.File]::WriteAllBytes("c:foo.cer", $certBytes)

然后在您的 .Net Core 应用程序启动时,您需要使用包 Microsoft.AspNetCore.Authentication.JwtBearer 并查看这篇文章 http://andrewlock.net/a-look-behind-the-jwt-Bearer-authentication-middleware-in-asp-net-core/

Then in your .Net Core application start up, you need to use package Microsoft.AspNetCore.Authentication.JwtBearer and look at this post http://andrewlock.net/a-look-behind-the-jwt-bearer-authentication-middleware-in-asp-net-core/

启动类代码:

var signingKey = new X509SecurityKey(
    new System.Security.Cryptography.X509Certificates.X509Certificate2(
        "YOUR-PATH/foo.cer"));

var tokenValidationParameters = new TokenValidationParameters
{
    // The signing key must match!
    ValidateIssuerSigningKey = true,
    IssuerSigningKey = signingKey,

    // Validate the JWT Issuer (iss) claim
    ValidateIssuer = true,
    ValidIssuer = "http://YOUR-ADFS/adfs/services/trust",

    // Validate the JWT Audience (aud) claim
    ValidateAudience = true,
    ValidAudience = "https://YOUR-AUDIENCE/",

    // Validate the token expiry
    ValidateLifetime = true,

    // If you want to allow a certain amount of clock drift, set that here:
    ClockSkew = TimeSpan.Zero
};

app.UseJwtBearerAuthentication(new JwtBearerOptions
{
    AutomaticAuthenticate = true,
    AutomaticChallenge = true,
    TokenValidationParameters = tokenValidationParameters
});

这篇关于为 ADFS 和 .Net Core 设置 OAuth2 JWT 令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆