如何加密JWT安全令牌? [英] How to encrypt JWT security token?
本文介绍了如何加密JWT安全令牌?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我需要保护我的网络令牌签名和加密。我写代码的下一行:
I need to secure my web-token with signing and encryption. I wrote the next lines of code:
var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, owner.Name),
new Claim(ClaimTypes.Role, owner.RoleClaimType),
new Claim("custom claim type", "custom content")
}),
TokenIssuerName = "self",
AppliesToAddress = "http://www.example.com",
Lifetime = new Lifetime(now, now.AddSeconds(60 * 3)),
EncryptingCredentials = new X509EncryptingCredentials(new X509Certificate2(cert)),
SigningCredentials = new X509SigningCredentials(cert1)
};
var token = (JwtSecurityToken)tokenHandler.CreateToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
所以,我使用一些证书,以 makecert.exe 生成code>。然后我读记号字符串与另一
JwtSecurityTokenHandler
:
So, I am using some certificates, generated with makecert.exe
. Then I read token string with another JwtSecurityTokenHandler
:
var tokenHandlerDecr = new JwtSecurityTokenHandler();
var tok = tokenHandlerDecr.ReadToken(tokenString);
和令牌的内容是不加密的(我可以看到JSON在 TOK
下的调试器变量)。我究竟做错了什么?如何加密令牌数据?
And token content is not encrypted (I can see json in tok
variable under debugger). What am I doing wrong? How to encrypt token data?
推荐答案
我的理解是,微软的JWT执行目前不支持加密(仅签名)。
My understanding is that Microsoft's JWT implementation doesn't currently support encryption (only signing).
这篇关于如何加密JWT安全令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文