我学会了使用ASP.Net内核生成令牌...
我有一个生成令牌验证的方法...这个
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJQYXR5IiwianRpIjoiY2Q5OGE3NjMtOGRkZC00NWM1LTg3MzAtMGE2MDBjZDE1NTg1IiwiZXhwIjoxNTUwNzE2OTQwLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjYzOTM5LyIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6NjM5MzkvIn0.ndvWn-pBwdo7UlxFvuE0IPWnxpDtzAKTfq_FRkgMFeM
并且当y将令牌粘贴到jwt.io时,显示:无效签名,但是令牌仍然具有用户值。...为什么jwt.io显示此消息?
此生成令牌的方法:
public static string CreateToken(User user, string keyValue, string issuer)
{
/* keyValue = "veryVerySecretKey" */
/* issuer = "http://localhost:63939/" */
var claims = new[] {
new Claim(JwtRegisteredClaimNames.Sub, user.Name),
new Claim(JwtRegisteredClaimNames.Jti, user.Id.ToString())
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(keyValue));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(issuer,
issuer,
claims,
expires: DateTime.Now.AddMinutes(30),
signingCredentials: creds);
return new JwtSecurityTokenHandler().WriteToken(token);
}