问题描述
我正在使用以下代码,该代码最初是我从 jwt-dotnet github页面上借来的
I am using the following code, which I borrowed originally from the jwt-dotnet github page
private static string CreateToken(UserPrincipal principal)
{
/*
* https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
* http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html
*/
var key = ConfigurationManager.AppSettings["jwt-key"];
var claims = new Dictionary<string, string>()
{
{ClaimTypes.Name, "Rainbow Dash" },
{ClaimTypes.WindowsAccountName, "RDash"}
};
var algorithm = new HMACSHA256Algorithm();
var serializer = new JsonNetSerializer();
var urlEncoder = new JwtBase64UrlEncoder();
var encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(claims, key);
return token;
}
上面的代码生成以下令牌:
The above code generates the following token:
因此,我跳到了 jwt.io 来测试我的令牌.有人告诉我我的签名无效.
So, I hopped over to jwt.io to test my token. I'm told I have an invalid signature.
如何给它一个有效的签名"?我不明白我的JWT缺少什么.
How do I give it a valid 'signature'? I don't understand what my JWT is missing.
推荐答案
如果将创建令牌时使用的秘密签名密钥提供给令牌,则JWT.io上的工具可以验证令牌的数字签名:
The tool over JWT.io can verify the digital signature of your token if you give it the secret signing key you used while creating a token:
通过查看您的代码,它就是您所包含的值:
And from looking at your code it's the value contained in your:
ConfigurationManager.AppSettings["jwt-key"];
只需在秘密"文本框中输入值,如果令牌的签名与JWT.io计算的签名匹配,那么您将收到一条消息,指出签名是有效的.
Just input the value inside the "secret" text box and if the signature of the token matches the one calculated by JWT.io then you'll get a message saying that the signature is valid.
这篇关于使用Jwt-Dotnet生成有效令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!