问题
Can someone explain the the OAuth2 JWT token generation and verification in .Net Core?
回答1:
First You need to setup ADFS with a client id and redirect URL, then get a JWT token from ADFS server. See this post http://blog.scottlogic.com/2015/03/09/OAUTH2-Authentication-with-ADFS-3.0.html
After that, if you are using .Net Core with JWT Bearer Token you need to export ADFS signing certificate using the following powershell commands:
$certRefs=Get-AdfsCertificate -CertificateType Token-Signing
$certBytes=$certRefs[0].Certificate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)
[System.IO.File]::WriteAllBytes("c:\foo.cer", $certBytes)
Then in your .Net Core application start up, you need to use package Microsoft.AspNetCore.Authentication.JwtBearer and look at this post http://andrewlock.net/a-look-behind-the-jwt-bearer-authentication-middleware-in-asp-net-core/
Code in start up class:
var signingKey = new X509SecurityKey(
new System.Security.Cryptography.X509Certificates.X509Certificate2(
"YOUR-PATH/foo.cer"));
var tokenValidationParameters = new TokenValidationParameters
{
// The signing key must match!
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
// Validate the JWT Issuer (iss) claim
ValidateIssuer = true,
ValidIssuer = "http://YOUR-ADFS/adfs/services/trust",
// Validate the JWT Audience (aud) claim
ValidateAudience = true,
ValidAudience = "https://YOUR-AUDIENCE/",
// Validate the token expiry
ValidateLifetime = true,
// If you want to allow a certain amount of clock drift, set that here:
ClockSkew = TimeSpan.Zero
};
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = tokenValidationParameters
});
回答2:
Please check this below link helps u but the procedure is same.
https://www.codeproject.com/Articles/1080899/How-to-get-Jwt-token-for-Logged-On-User-or-Applica
OAuth2 Authorization Provider 1.0.0 nuget package has method (ValidateToken) to validate given jwt token but it has certificate dependency (provider).
Install certificate under Local computer trusted root which is your adfs certificate.
Nuget package will identity installed cert based on SubjectKeyIdentifier.
来源:https://stackoverflow.com/questions/41006890/setup-oauth2-jwt-token-for-adfs-and-net-core