我需要使用签名和加密来保护我的网络令牌。我编写了下面的代码:
var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, owner.Name),
new Claim(ClaimTypes.Role, owner.RoleClaimType),
new Claim("custom claim type", "custom content")
}),
TokenIssuerName = "self",
AppliesToAddress = "http://www.example.com",
Lifetime = new Lifetime(now, now.AddSeconds(60 * 3)),
EncryptingCredentials = new X509EncryptingCredentials(new X509Certificate2(cert)),
SigningCredentials = new X509SigningCredentials(cert1)
};
var token = (JwtSecurityToken)tokenHandler.CreateToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
所以,我正在使用一些由 makecert.exe
生成的证书。然后我使用另一个 JwtSecurityTokenHandler
读取令牌字符串:
var tokenHandlerDecr = new JwtSecurityTokenHandler();
var tok = tokenHandlerDecr.ReadToken(tokenString);
令牌内容未加密(我可以在调试器下的tok
变量中看到JSON)。我做错了什么?如何加密令牌数据?
IdentityModel
已经被弃用了?只有 WCF 被弃用了,WIF 没有。 - Franklin Yu"alg": "A128KW", "enc": "A128CBC-HS256"
。"enc"参数看起来符合预期,但是"alg"不应该保持为"HS256"吗? - Beltway