Azure b2c error: IDX10501: Signature validation failed. Unable to match key: kid: 'gLv****************'
Azure b2c error: IDX10501: Signature validation failed. Unable to match key: kid: 'gLv****************'
我正在针对 azure b2c 验证 asp.net mvc 应用程序,遵循 startup.cs 文件代码详细信息:
public void ConfigureAuth(IAppBuilder app)
{
IdentityModelEventSource.ShowPII = true;
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// Generate the metadata address using the tenant and policy information
MetadataAddress = String.Format(Globals.WellKnownMetadata, Globals.Tenant, Globals.DefaultPolicy),
// These are standard OpenID Connect parameters, with values pulled from web.config
ClientId = Globals.ClientId,
RedirectUri = Globals.RedirectUri,
PostLogoutRedirectUri = Globals.RedirectUri,
// Specify the callbacks for each type of notifications
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
AuthorizationCodeReceived = OnAuthorizationCodeReceived,
AuthenticationFailed = OnAuthenticationFailed,
},
// Specify the claim type that specifies the Name property.
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
ValidateIssuer = false
},
// Specify the scope by appending all of the scopes requested into one string (separated by a blank space)
Scope = $"openid profile offline_access {Globals.ReadTasksScope} {Globals.WriteTasksScope}"
});
}
使用自定义策略时出现以下错误:
IDX10501:签名验证失败。无法匹配密钥:孩子:'gL****************'。
捕获异常:''。令牌:
typ":"JWT","alg":"RS256","kid":"gL******************"}。
{“exp”:1599625561,“nbf”:1599621961,“ver”:“1.0”,“iss”:......................}
我已验证此密钥和令牌与我从 https://jwt.ms 获得的完全相同。
它在我使用自定义策略时唯一抛出错误,如果我使用内置策略,它会按预期工作。
这里缺少什么帮助?
谢谢。
经确认,您的自定义策略中的签名密钥和加密密钥存在问题。 Creating both correctly 解决了这个问题。
Create the signing key
- Select Policy Keys and then select Add.
- For Options, choose Generate.
- In Name, enter TokenSigningKeyContainer. The prefix B2C_1A_ might be added automatically.
- For Key type, select RSA.
- For Key usage, select Signature.
- Select Create.
Create the encryption key
- Select Policy Keys and then select Add.
- For Options, choose Generate.
- In Name, enter TokenEncryptionKeyContainer. The prefix B2C_1A_ might be added automatically.
- For Key type, select RSA.
- For Key usage, select Encryption.
- Select Create.
我不得不重新创建我的签名密钥,出于某种原因,现有的签名密钥不适用于新政策(它仍然适用于现有政策)。
我正在针对 azure b2c 验证 asp.net mvc 应用程序,遵循 startup.cs 文件代码详细信息:
public void ConfigureAuth(IAppBuilder app)
{
IdentityModelEventSource.ShowPII = true;
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// Generate the metadata address using the tenant and policy information
MetadataAddress = String.Format(Globals.WellKnownMetadata, Globals.Tenant, Globals.DefaultPolicy),
// These are standard OpenID Connect parameters, with values pulled from web.config
ClientId = Globals.ClientId,
RedirectUri = Globals.RedirectUri,
PostLogoutRedirectUri = Globals.RedirectUri,
// Specify the callbacks for each type of notifications
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
AuthorizationCodeReceived = OnAuthorizationCodeReceived,
AuthenticationFailed = OnAuthenticationFailed,
},
// Specify the claim type that specifies the Name property.
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
ValidateIssuer = false
},
// Specify the scope by appending all of the scopes requested into one string (separated by a blank space)
Scope = $"openid profile offline_access {Globals.ReadTasksScope} {Globals.WriteTasksScope}"
});
}
使用自定义策略时出现以下错误: IDX10501:签名验证失败。无法匹配密钥:孩子:'gL****************'。 捕获异常:''。令牌: typ":"JWT","alg":"RS256","kid":"gL******************"}。 {“exp”:1599625561,“nbf”:1599621961,“ver”:“1.0”,“iss”:......................}
我已验证此密钥和令牌与我从 https://jwt.ms 获得的完全相同。 它在我使用自定义策略时唯一抛出错误,如果我使用内置策略,它会按预期工作。
这里缺少什么帮助?
谢谢。
经确认,您的自定义策略中的签名密钥和加密密钥存在问题。 Creating both correctly 解决了这个问题。
Create the signing key
- Select Policy Keys and then select Add.
- For Options, choose Generate.
- In Name, enter TokenSigningKeyContainer. The prefix B2C_1A_ might be added automatically.
- For Key type, select RSA.
- For Key usage, select Signature.
- Select Create.
Create the encryption key
- Select Policy Keys and then select Add.
- For Options, choose Generate.
- In Name, enter TokenEncryptionKeyContainer. The prefix B2C_1A_ might be added automatically.
- For Key type, select RSA.
- For Key usage, select Encryption.
- Select Create.
我不得不重新创建我的签名密钥,出于某种原因,现有的签名密钥不适用于新政策(它仍然适用于现有政策)。