1

我正在尝试使用 OAuth 2 资源所有者流程来授权移动客户端针对我的 Web Api 服务。我正在使用 Thinktecture IdentityServer 使用对称签名密钥发布 jwt 令牌。

在客户端,我使用 Thinktecture IdentityModel 来帮助设置令牌验证。我的 WebApiConfig 如下所示:

        var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();

        var mapping = new AuthenticationOptionMapping
        {
            // where to look for credentials
            Options = AuthenticationOptions.ForAuthorizationHeader("bearer"),

            // how to validate them
            TokenHandler = new SecurityTokenHandlerCollection { jwtSecurityTokenHandler },

            // which hint to give back if not successful
            Scheme = AuthenticationScheme.SchemeOnly("bearer")
        };
        var authConfig = new AuthenticationConfiguration(){RequireSsl = false};
        authConfig.AddMapping(mapping);
        config.MessageHandlers.Add(new AuthenticationHandler(authConfig));

在我的 IdentityModel.config 我有以下内容:

<system.identityModel>
<identityConfiguration>
<claimsAuthorizationManager type="PresentationHost.Claims.MobileClaimsAuthorizationManager, PresentationHost"/>
<audienceUris>
  <add value="http://localhost:22674/" />
</audienceUris>

<securityTokenHandlers>
  <add type="System.IdentityModel.Tokens.JwtSecurityTokenHandler, System.IdentityModel.Tokens.Jwt" />
</securityTokenHandlers>

<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
  <authority name="http://identityserver.v2.thinktecture.com/trust/auth">
    <keys>
      <add symmetricKey="tVNRmpweBgz3xeWvSXrSwLIE3DrxJ3aawgNxZKC1Od0"/>
    </keys>
    <validIssuers>
      <add name="http://identityserver.v2.thinktecture.com/trust/auth" />
    </validIssuers>
  </authority>
</issuerNameRegistry>

<issuerTokenResolver type="System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver, System.IdentityModel.Tokens.Jwt"/>
  <securityKey symmetricKey="tVNRmpweBgz3xeWvSXrSwLIE3DrxJ3aawgNxZKC1Od0" name="http://identityserver.v2.thinktecture.com/trust/auth" />


<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />

主要取自http://leastprivilege.com/2013/07/16/identityserver-using-ws-federation-with-jwt-tokens-and-symmetric-signatures/上的这个链接 ,我通过这个 Stack Overflow 帖子找到:如何用对称密钥配置 MIcrosoft JWT?

我尝试使用该帖子中找到的派生类,但是当我尝试运行此行时:

var resolver = (NamedKeyIssuerTokenResolver)this.Configuration.IssuerTokenResolver;

我收到 InvalidCastException,因为 IssuerTokenResolver 是 X509CertificateStoreResolver 类型,而不是 NamedKeyIssuerTokenResolver 类型。

看来我的配置或代码中仍然缺少一些东西来配置正确的 TokenResolver。有人有想法吗?

4

0 回答 0