JwtSecurityToken 理解与异常 [英] JwtSecurityToken understanding and exception

问题描述

我对 JwtSecurityTokens 还很陌生，我试图了解它的不同方面，以及整个 claimsidentity 和 claimprincipal，但那是另一回事了.

我尝试使用以下代码在 C# 中生成令牌:

private const string SECRET_KEY = "abcdef";私有静态只读 SymmetricSecurityKey SIGNING_KEY = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(SECRET_KEY));公共静态字符串 GenerateToken(string someName){var token = new JwtSecurityToken(索赔:新索赔[]{新声明(ClaimTypes.Name，someName)，},notBefore: 新的 DateTimeOffset(DateTime.Now).DateTime,过期:新的 DateTimeOffset(DateTime.Now.AddMinutes(60)).DateTime,签名证书:新的签名证书(SIGNING_KEY，SecurityAlgorithms.HmacSha256));返回新的 JwtSecurityTokenHandler().WriteToken(token);}

<块引用>

我遵循了 Youtube 上的教程，但我不确定我是否理解JwtSecurityToken 中的不同部分.另外，当我执行通过控制器的代码只是为了尝试返回一个令牌，它返回一个错误，说:IDX10603:解密失败.密钥尝试:'[PII 被隐藏]'".

感谢任何帮助.

解决方案

算法 HS256 要求 SecurityKey.KeySize 大于 128 位，而您的密钥只有 48 位.通过添加至少还有 10 个符号.至于PII 被隐藏"部分，它是作为 GDPR 合规性工作的一部分，以隐藏日志中的任何堆栈或变量信息.您应该启用其他详细信息:

IdentityModelEventSource.ShowPII = true;

I'm fairly new to JwtSecurityTokens, and I try to understand the different aspects of it and furhtermore the whole claimsidentity and claimprincipal, but that's another story.

I try to generate a token in C# by using the following code:

private const string SECRET_KEY = "abcdef";
private static readonly SymmetricSecurityKey SIGNING_KEY = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(SECRET_KEY));

    public static string GenerateToken(string someName)
    {
        var token = new JwtSecurityToken(
            claims: new Claim[]
            {
                new Claim(ClaimTypes.Name, someName), 
            },
            notBefore: new DateTimeOffset(DateTime.Now).DateTime,
            expires: new DateTimeOffset(DateTime.Now.AddMinutes(60)).DateTime,
            signingCredentials: new SigningCredentials(SIGNING_KEY, SecurityAlgorithms.HmacSha256)
        );

        return new JwtSecurityTokenHandler().WriteToken(token);
    }

I followed a tutorial on Youtube, but I'm not sure I understand the different parts in the JwtSecurityToken. In addition, when I execute the code through a controller just to try to return a token, it returns an error, saying: "IDX10603: Decryption failed. Keys tried: '[PII is hidden]'".

Any help is appreciated.

解决方案

The algorithm HS256 requires the SecurityKey.KeySize to be greater than 128 bits and your key has just 48. Extend it by adding at least 10 more symbols. As for "PII is hidden" part, it was done as a part of GDPR compliance effort to hide any stack or variable info in logs. You should enable additional details with:

IdentityModelEventSource.ShowPII = true;

这篇关于JwtSecurityToken 理解与异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！