我刚刚在使用Asp.Net Core Web API,并实现身份验证。 我正在从Angular应用程序调用此API。 但是,我总是收到以下错误。
IDX10603: 算法:'HS256'要求SecurityKey.KeySize大于'128'位。 KeySize报告为:'32'。 参数名称:key.KeySize
下面是在Startup.cs文件中的ConfigureServices代码。
public IServiceProvider ConfigureServices(IServiceCollection services)
{
services.AddDbContext<APIContext>(option => option.UseInMemoryDatabase("AngularApp"));
services.AddCors(options => options.AddPolicy("Cors", builder =>
{
builder.AllowAnyOrigin().
AllowAnyMethod().
AllowAnyHeader();
}
));
var signinKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Secret phase"));
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(cfg =>
{
cfg.RequireHttpsMetadata = false;
cfg.SaveToken = true;
cfg.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
{
IssuerSigningKey = signinKey,
ValidateAudience = false,
ValidateIssuer = false,
ValidateLifetime = false,
ValidateIssuerSigningKey = true,
ValidateActor = false,
ClockSkew = TimeSpan.Zero
};
});
services.AddMvc();
var serviceProvider = services.BuildServiceProvider();
return serviceProvider;
}
我在控制器中使用JwtPackage,如下所示。
JwtPackage CreateJwtToken(User usr)
{
var signinKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("this is my custom Secret key for authnetication"));
var signInCredentials = new SigningCredentials(signinKey, SecurityAlgorithms.HmacSha256);
var claims = new Claim[] {
new Claim(JwtRegisteredClaimNames.Sub,usr.Id)
};
var jwt = new JwtSecurityToken(claims: claims, signingCredentials: signInCredentials);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
return new JwtPackage() { FirstName = usr.FirstName, Token = encodedJwt };
}
你能帮我修复这个问题吗?谢谢。
