c# - 使用 JWT 非对称 RSA 密钥的 .Net Core 身份验证失败 - IDX10609:解密失败。未尝试任何键:令牌
问题描述
我正在开发一个执行身份验证并返回一些用户详细信息作为响应的 api。身份验证使用 JWT Bearer Token 并使用对称 Key 。现在要求发生了变化,预计我将使用 RSA 非对称密钥。
我已更改Startup.cs如下:
ConfigureServices:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
ValidateIssuer = false,
ValidateIssuerSigningKey = true,
IssuerSigningKey = GetRSASecurityPrivateKey(),
LifetimeValidator = LifetimeValidator
};
})
.AddOpenIdConnect(options =>
{
options.Events.OnAuthorizationCodeReceived = RedeemAuthorizationCodeAsync;
oidcConfig.ConfigureOIDC(options);
})
.AddCookie(options => { options.ExpireTimeSpan = 5.Minutes(); });
GetRSASecurityPrivateKey方法:
private RsaSecurityKey GetRSASecurityPrivateKey()
{
var privateJwk = new Dictionary<string, string>
{
{ "p", "_A74Ay4AkmltkakQYOYWncHN-Lwbw0-1imbe0HyQubDXI2D9ubFgw9CY-lL6g4naSGAAjY8gPLsCd2HAnbvhzGynI3dGvnYKvIkj-UWFIysMFABYUjlf7BDX8SPopzS_RqzJCYQ0y7EP8eCSCpOdxPBywFg9HX0"},
{"kty","RSA" },
{ "q", "knQngrwz8cR8JsT2fJZ5OwTVhOh7p7r79Zl3s_NdzK8yeHJXmi-YjfMasDnNSqN5dC5Yzo5Y3ZaB5OQzyy-xTQkdczbmk0bvixNYGArav5l3KYYsWdusjB9oRBh55VblsOwGNmV_b5lq31UXSqfaFGEtUX7kij_CKs"},
{"d", "g18MuW7EfXCrNHl1ABsdr2FgvtGWYd7lxfBL1LW9vJyEnLTZkTZnOVSVmbHQkKCxG3fzhXVhYI47R4WMzQx9LEUZMA7pSjYOSoEwhSazyeTfJvEE9AcQh2dpvqbyHFk9YXFGgo2zbz_l04D5GykPEDrz5m5098juoaw_ekrk2BUrizZ4lApPwikExifr5NuzJw6V7yawrCYHwGPejjOhviDvSSXVLx9NrGYqN8vjNUSQJtMkcF6U1e3jj-Db7gh99EhSls-gg6VktORJedkKMyzNLqWDImIfuzjJaks66XNOf4FEDRnyYux13sWgK4e9Vlw48vxKYcGz9zoSQ"},
{ "e", "AQAB" },
{ "use", "enc"},
{ "qi", "9TLNzUsH9sOYcGpOhHkfny-CwN-ol3vFyDbEMjWlZWhdT-hYjh6_kL6HCAXL1JkR6H76lQI6bXrX3Z5kAgUSHJPJp3oHCDz17mgsF3lRLVqPgE7UJaQR2fLIb-xJ2Q_GPJLG6K6YT5-g1uBPsAIamVEf35Vm2jz-apZQ"},
{ "dp", "5tYClk7j4TJCURqm0EcHwVRDAJ-tQVJXbLfHKOJbXGOys0jZNN1YRBxebSnfGOX_ "},
{ "alg", "RS256"},
{ "dq", "CvxTimb7roMCnRXhN29CIL84FQQrYmWQSNf-Nq1mt9fcfVR2ZcZ0NxGpStbLI3InxiNN61_FEOI-IgtCgGsOAmTIuXLskdt4Rn20HYBiR2DecL7BlYsWrUp1bZeo5XZX8hER0eDpYIk"},
{ "n", "kDLnITJdvIs2dAimd0n-Wvry-AbPFpIV4Mr5zk3DHT5wsYHJIDtLk2Hc07DWh3j1-Pawf-I7OZIPbwauAqEbnSCEn-hUR8FkxTEectdx5wH4MMVW4tRpJMsNGqjjOwHZpZ-ic4TdxYcOpciO16s6q0HYHUCQwvxcFes3VYtwkJfMYlAwiDbjwal76poorEKTpNkpt73RJPqFHNWyYMfZyb2xZmy9q_zL7mJfWYZdQ2KX25wUtdTAPRqPdakr8eFbc-zAjxqnlxKLdpvwconG2tDfb-CXsCwUGafw"}
};
byte[] p = Base64Url.Decode(privateJwk["p"]);
byte[] q = Base64Url.Decode(privateJwk["q"]);
byte[] d = Base64Url.Decode(privateJwk["d"]);
byte[] e = Base64Url.Decode(privateJwk["e"]);
byte[] qi = Base64Url.Decode(privateJwk["qi"]);
byte[] dq = Base64Url.Decode(privateJwk["dq"]);
byte[] dp = Base64Url.Decode(privateJwk["dp"]);
byte[] n = Base64Url.Decode(privateJwk["n"]);
RSA keyPrivate = RSA.Create();
RSAParameters keyParams = new RSAParameters();
keyParams.P = p;
keyParams.Q = q;
keyParams.D = d;
keyParams.Exponent = e;
keyParams.InverseQ = qi;
keyParams.DP = dp;
keyParams.DQ = dq;
keyParams.Modulus = n;
keyPrivate.ImportParameters(keyParams);
RsaSecurityKey issuerSigningKey = new RsaSecurityKey(keyPrivate);
return issuerSigningKey;
}
我已经更改了私钥中的密钥。当我运行应用程序时,我不断收到此错误
我不确定是什么导致了这个错误:
SecurityTokenDecryptionFailedException: IDX10609: Decryption failed. No Keys tried: token: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'
欢迎任何建议。这是一个 .NET 核心项目,我不确定为什么中间件找不到令牌?
解决方案
推荐阅读
- lda - “解压的值太多(预期为 2)”错误
- wpf - 在 WPF 中将 CMYK tif 图像打印到 CMYK pdf 会失去颜色
- google-chrome-extension - 更新服务工作者的本地存储,Chrome 扩展
- java - 删除文档文件后 takePersistableUriPermission 访问丢失
- kotlin - 带有主管的 Kotlin-Coroutines 多次启动失败
- verilog - 我想添加一个检查器,当启用为“1”时检查 clk 是否正在切换。clk 的频率是随机的(未知)
- sql - 出乎意料 ORA-00923
- c++ - 创建一个 `property` 类来支持不同于模板类型参数的一般隐式转换
- node.js - 如何使用节点 js 验证谷歌访问令牌
- web3js - 无法使用 ethereum.enable() 连接到元掩码