<legend id='ycHsl'><style id='ycHsl'><dir id='ycHsl'><q id='ycHsl'></q></dir></style></legend>
    <i id='ycHsl'><tr id='ycHsl'><dt id='ycHsl'><q id='ycHsl'><span id='ycHsl'><b id='ycHsl'><form id='ycHsl'><ins id='ycHsl'></ins><ul id='ycHsl'></ul><sub id='ycHsl'></sub></form><legend id='ycHsl'></legend><bdo id='ycHsl'><pre id='ycHsl'><center id='ycHsl'></center></pre></bdo></b><th id='ycHsl'></th></span></q></dt></tr></i><div id='ycHsl'><tfoot id='ycHsl'></tfoot><dl id='ycHsl'><fieldset id='ycHsl'></fieldset></dl></div>
  1. <small id='ycHsl'></small><noframes id='ycHsl'>

    <tfoot id='ycHsl'></tfoot>
      <bdo id='ycHsl'></bdo><ul id='ycHsl'></ul>

      隐藏使用 RS256 PII 的 JWT SecurityTokenInvalidSignatureE

      时间:2023-06-03
    1. <small id='HbkSx'></small><noframes id='HbkSx'>

          <bdo id='HbkSx'></bdo><ul id='HbkSx'></ul>
          • <legend id='HbkSx'><style id='HbkSx'><dir id='HbkSx'><q id='HbkSx'></q></dir></style></legend>

          • <tfoot id='HbkSx'></tfoot>

              <tbody id='HbkSx'></tbody>

              <i id='HbkSx'><tr id='HbkSx'><dt id='HbkSx'><q id='HbkSx'><span id='HbkSx'><b id='HbkSx'><form id='HbkSx'><ins id='HbkSx'></ins><ul id='HbkSx'></ul><sub id='HbkSx'></sub></form><legend id='HbkSx'></legend><bdo id='HbkSx'><pre id='HbkSx'><center id='HbkSx'></center></pre></bdo></b><th id='HbkSx'></th></span></q></dt></tr></i><div id='HbkSx'><tfoot id='HbkSx'></tfoot><dl id='HbkSx'><fieldset id='HbkSx'></fieldset></dl></div>
                本文介绍了隐藏使用 RS256 PII 的 JWT SecurityTokenInvalidSignatureException的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

                问题描述

                限时送ChatGPT账号..

                请帮忙!我在使用 Microsoft 的 System.IdentityModel.Tokens.Jwt 库验证使用 RS256 签名的 JWT 令牌时遇到问题.

                Please help! I'm having trouble validating a JWT token signed with RS256 using Microsoft's System.IdentityModel.Tokens.Jwt library.

                这个令牌在 JWT.io 上验证得很好.

                This token validates just fine on JWT.io.

                这是错误:

                Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureExceptionIDX10503:签名验证失败.尝试的键:'[PII 被隐藏]'.捕获的异常:'[PII 被隐藏]'.token: '[PII is hidden]'.

                Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException IDX10503: Signature validation failed. Keys tried: '[PII is hidden]'. Exceptions caught: '[PII is hidden]'. token: '[PII is hidden]'.

                这是示例代码(我使用的是 LinqPad,带有 System.IdentityModel.Tokens.Jwt v5.2.2 NuGet 包):

                void Main()
                {
                    var cText =
                        "-----BEGIN CERTIFICATE-----
                " +
                        "MIIBljCCAUACCQCIDMpqK7WfWDANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJV
                " + 
                        "UzETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UECgwJTHV4b3R0aWNhMRowGAYD
                " +
                        "VQQLDBFMdXhvdHRpY2EgZXllY2FyZTAeFw0xODA1MjMxNTE1MjdaFw0yODA1MjAx
                " +
                        "NTE1MjdaMFIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYD
                " +
                        "VQQKDAlMdXhvdHRpY2ExGjAYBgNVBAsMEUx1eG90dGljYSBleWVjYXJlMFwwDQYJ
                " +
                        "KoZIhvcNAQEBBQADSwAwSAJBAKuMYcirPj81WBtMituJJenF0CG/HYLcAUOtWKl1
                " +
                        "HchC0dM8VRRBI/HV+nZcweXzpjhX8ySa9s7kJneP0cuJiU8CAwEAATANBgkqhkiG
                " +
                        "9w0BAQsFAANBAKEM8wQwlqKgkfqnNFcbsZM0RUxS+eWR9LvycGuMN7aL9M6GOmfp
                " +
                        "QmF4MH4uvkaiZenqCkhDkyi4Cy81tz453tQ=
                " +
                        "-----END CERTIFICATE-----";
                
                    var c = new X509Certificate2(Encoding.ASCII.GetBytes(cText));
                    var p = new TokenValidationParameters();
                    p.IssuerSigningKeyResolver = (s, securityToken, identifier, parameters)
                        => new[] { new X509SecurityKey(c) };
                    var h = new JwtSecurityTokenHandler();
                    var token = @"eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJuLmNoaWVmZm8iLCJleHAiOjE1MjcyMzg4ODEsImlzcyI6Imx1eCJ9.BAaYzLwokmdKqLi6zKjGIpDXd__dZxi5PUWWHS3PSLPDYAInzPbEK8o4WxunoGD7eA0qtQNaxNpzeOc3BHrd4w";
                    h.ValidateToken(token, p, out SecurityToken _);
                }
                

                最后也很高兴知道如何删除 [PII is hidden] 以便我可以看到有关错误的更多详细信息.在 app.config 甚至 machine.config 文件中将 enableLoggingKnownPii 和 logKnownPII 设置为 true 似乎没有什么区别.

                Finally it would be nice to also know how to remove the [PII is hidden] so I can see more detail on the error. Setting the enableLoggingKnownPii and logKnownPII to true in the app.config or even the machine.config file did not seem to make a difference.

                推荐答案

                原来X509SecurityKey的KeySize至少需要1024长才能验证.这在异常中并不明显,因为它被 [PII is hidden] 过滤器隐藏了.

                It turns out that the KeySize for X509SecurityKey needs to be at least 1024 in length for verifying. This is not obvious from the exception, since it is hidden with the [PII is hidden] filter.

                添加以下行使异常文本更加有用(添加到 Startup.cs 中的 ConfigureServices 方法):

                Adding the following line made the exception text a lot more useful (add to ConfigureServices method in Startup.cs):

                IdentityModelEventSource.ShowPII = true;
                

                新的异常文本:

                System.ArgumentOutOfRangeException: IDX10631: 用于验证的Microsoft.IdentityModel.Tokens.X509SecurityKey"不能小于1024"位.密钥大小:'512'.

                'System.ArgumentOutOfRangeException: IDX10631: The 'Microsoft.IdentityModel.Tokens.X509SecurityKey' for verifying cannot be smaller than '1024' bits. KeySize: '512'.

                将非对称密钥的长度增加到 1024 解决了这个问题.

                Increasing the length of the assymetric key to 1024 solved the problem.

                这篇关于隐藏使用 RS256 PII 的 JWT SecurityTokenInvalidSignatureException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!

                上一篇:JwtSecurityToken 不会过期 下一篇:在 ASP.NET Core 中,从 Cookie 而不是 Headers 中读取

                相关文章

                最新文章

              1. <tfoot id='oyMUo'></tfoot>

                      <bdo id='oyMUo'></bdo><ul id='oyMUo'></ul>
                    <legend id='oyMUo'><style id='oyMUo'><dir id='oyMUo'><q id='oyMUo'></q></dir></style></legend>
                  1. <i id='oyMUo'><tr id='oyMUo'><dt id='oyMUo'><q id='oyMUo'><span id='oyMUo'><b id='oyMUo'><form id='oyMUo'><ins id='oyMUo'></ins><ul id='oyMUo'></ul><sub id='oyMUo'></sub></form><legend id='oyMUo'></legend><bdo id='oyMUo'><pre id='oyMUo'><center id='oyMUo'></center></pre></bdo></b><th id='oyMUo'></th></span></q></dt></tr></i><div id='oyMUo'><tfoot id='oyMUo'></tfoot><dl id='oyMUo'><fieldset id='oyMUo'></fieldset></dl></div>

                    <small id='oyMUo'></small><noframes id='oyMUo'>