我正在尝试使用 JWT Token 与 .NET 8 和 Clean Architecture 来实现身份验证/授权,但我遇到了阻止我进一步工作的问题。我真的很感谢任何建议和帮助。
问题是我有从 UserController 获得的令牌,然后当我想从 [Authorize] 方法获取数据(使用邮递员)时出现错误。以下是所有需要的信息(我认为是这样)。如果您有兴趣,那么我将在这里留下我的 github 的链接https://github.com/szymonJag/Chatter_v1
我有如下错误:
[13:57:08 INF] Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10500: Signature validation failed. No security keys were provided to validate the signature.
[13:57:08 INF] Bearer was not authenticated. Failure message: IDX10500: Signature validation failed. No security keys were provided to validate the signature.
我如何生成令牌:
internal sealed class JwtProvider : IJwtProvider { private readonly JwtOptions _options;
public JwtProvider(IOptions<JwtOptions> options)
{
_options = options.Value;
}
public string Generate(Domain.Entities.User.User user)
{
var claims = new Claim[]
{
new(JwtRegisteredClaimNames.Sub, user.Id.ToString()),
};
var signingCredentials = new SigningCredentials(
new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(_options.SecretKey)),
SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
_options.Issuer,
_options.Audience,
claims,
null,
DateTime.UtcNow.AddHours(1),
signingCredentials);
string tokenValue = new JwtSecurityTokenHandler().WriteToken(token);
return tokenValue;
}
}
我的令牌如下所示:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI5NDE4ZDY5NS1iM2Q5LTQwMWEtY2ZiYS0wOGRjMjBjMDA0MjkiLCJleHAiOjE3MDY2MjM1NzYsImlzcyI6Ik15SXNzdWVyIiwiYXVkIjoiTXlBdWRpZW5jZSJ9.d2xjmmYsImL_2Nr0sFc6SRTEOYuo9EY-hnl2p2jlwz4
我如何配置 JWT:
public class JwtOptions
{
public string Issuer { get; init; }
public string Audience { get; init; }
public string SecretKey { get; init; }
}
public class JwtOptionsSetup : IConfigureOptions<JwtOptions>
{
private const string SectionName = "Jwt";
private readonly IConfiguration _configuration;
public JwtOptionsSetup(IConfiguration configuration)
{
_configuration = configuration;
}
public void Configure(JwtOptions options)
{
_configuration.GetSection(SectionName).Bind(options);
}
}
public class JwtBearerOptionsSetup : IConfigureOptions<JwtBearerOptions>
{
private readonly JwtOptions _options;
public JwtBearerOptionsSetup(IOptions<JwtOptions> options)
{
_options = options.Value;
}
public void Configure(JwtBearerOptions options)
{
options.TokenValidationParameters = new()
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = _options.Issuer,
ValidAudience = _options.Audience,
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(_options.SecretKey))
};
}
}
程序.cs:
var builder = WebApplication.CreateBuilder(args);
//...all services
builder.Services.ConfigureOptions<JwtOptionsSetup>();
builder.Services.AddTransient<IConfigureOptions<JwtBearerOptions>, JwtBearerOptionsSetup>();
//..rest of configurations and services
app.Run()
尝试在您的API程序.cs中添加验证JWT令牌代码:
// here we specify our authentication settings to validate the JWT token
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(opt =>
{
opt.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = builder.Configuration["Jwt:Issuer"],
ValidAudience = builder.Configuration["Jwt:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:SecretKey"]))
};
});