0
JwtBearerAuthenticationミドルウェアを使用する場合、RSACryptoServiceProviderおよびその他のオブジェクトは、JwtSecurityTokenHandler.WriteToken()が呼び出された後にSigningCredentialsに配置されます。私の問題はこの問題とよく似ています:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/477。JwtBearerAuthentication安全なハンドル例外
最初の要求は機能しますが、それ以降の要求は失敗します。この機能は、RC2で素晴らしい仕事...しかし、今、我々は1.0にアップグレードしたので、中WriteToken結果:
System.ObjectDisposedException was unhandled by user code HResult=-2146232798 Message=Safe handle has been closed ObjectName="" Source=mscorlib StackTrace: at System.Security.Cryptography.Utils._GetKeyParameter(SafeKeyHandle hKey, UInt32 paramID) at System.Security.Cryptography.RSACryptoServiceProvider.get_KeySize() at Microsoft.IdentityModel.Tokens.RsaSecurityKey.get_KeySize() at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.ValidateAsymmetricSecurityKeySize(SecurityKey key, String algorithm, Boolean willCreateSignatures) at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures) at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures) at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForSigning(SecurityKey key, String algorithm) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateEncodedSignature(String input, SigningCredentials signingCredentials) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.WriteToken(SecurityToken token) at Api.Controllers.TokenController.CreateToken(EmployeeSecurityRecord record, DateTime expires) in C:\SOURCE\Api\Procede.Excede.Api.Core\src\Api\Controllers\TokenController.cs:line 115 at Api.Controllers.TokenController.Post(ResourceTokenRequest request) in C:\SOURCE\Api\Procede.Excede.Api.Core\src\Api\Controllers\TokenController.cs:line 35 at lambda_method(Closure , Object , Object[]) at Microsoft.AspNetCore.Mvc.Internal.ObjectMethodExecutor.Execute(Object target, Object[] parameters) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeActionFilterAsync>d__28.MoveNext() InnerException:
は、私はどちらかJwtBearerAuthenticationの適切な使用法上のすべての偉大なドキュメントを見つけることができません。何かご意見は?ここに私の実装は... Startup.csで
です:
ConfigureServices:
var keyFile = Configuration["AppSettings:Secret"];
var keyParams = RSAKeyUtils.GetKeyParameters(Path.Combine(Environment.ContentRootPath, keyFile));
var provider = new RSACryptoServiceProvider();
provider.ImportParameters(keyParams);
var key = new RsaSecurityKey(provider);
_tokenOptions = new TokenAuthOptions
{
Audience = Configuration["AppSettings:Audience"],
Issuer = Configuration["AppSettings:Issuer"],
TokenLife = Convert.ToInt32(Configuration["AppSettings:TokenLife"]),
Key = key,
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature)
};
設定:
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = _tokenOptions.Key,
ValidAudience = _tokenOptions.Audience,
ValidIssuer = _tokenOptions.Issuer,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(1)
}
});
は、コントローラのメソッドを介してトークンを作成:
private string CreateToken(EmployeeSecurityRecord record, DateTime expires)
{
var identity = new ClaimsIdentity(
new GenericIdentity(record.EmpId, "TokenAuth"),
new[]
{
new Claim("tid", "TBD", ClaimValueTypes.String),
new Claim("branch_id", record.BrnId, ClaimValueTypes.String),
new Claim("wid", record.WspId.ToString(), ClaimValueTypes.Integer),
new Claim("roles", "TBD", ClaimValueTypes.String),
new Claim("alt_sub", record.AltEmpId ?? "", ClaimValueTypes.String),
new Claim("alt_wid", record.AltWspId == null ? "" : record.AltWspId.ToString(),
ClaimValueTypes.Integer),
new Claim("alt_roles", "TBD", ClaimValueTypes.String)
});
var handler = new JwtSecurityTokenHandler();
var descriptor = new SecurityTokenDescriptor
{
Issuer = _tokenOptions.Issuer,
Audience = _tokenOptions.Audience,
SigningCredentials = _tokenOptions.SigningCredentials,
Subject = identity,
Expires = expires
};
var token = handler.CreateToken(descriptor);
return handler.WriteToken(token);