問題描述

我需要通過簽名和加密來保護我的網絡令牌.我寫了下一行代碼:

I need to secure my web-token with signing and encryption. I wrote the next lines of code:

var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
      Subject = new ClaimsIdentity(new[]
         {
             new Claim(ClaimTypes.Name, owner.Name),
             new Claim(ClaimTypes.Role, owner.RoleClaimType),
             new Claim("custom claim type", "custom content")
         }),
      TokenIssuerName = "self",
      AppliesToAddress = "http://www.example.com",
      Lifetime = new Lifetime(now, now.AddSeconds(60 * 3)),
      EncryptingCredentials = new X509EncryptingCredentials(new X509Certificate2(cert)),
      SigningCredentials = new X509SigningCredentials(cert1)
};
var token = (JwtSecurityToken)tokenHandler.CreateToken(tokenDescriptor);            
var tokenString = tokenHandler.WriteToken(token);

所以，我使用了一些由 makecert.exe 生成的證書.然后我用另一個 JwtSecurityTokenHandler 讀取令牌字符串:

So, I am using some certificates, generated with makecert.exe. Then I read token string with another JwtSecurityTokenHandler:

var tokenHandlerDecr = new JwtSecurityTokenHandler();
var tok = tokenHandlerDecr.ReadToken(tokenString);

并且令牌內容未加密(我可以在調試器下的 tok 變量中看到 json).我究竟做錯了什么?如何加密令牌數據?

And token content is not encrypted (I can see json in tok variable under debugger). What am I doing wrong? How to encrypt token data?

推薦答案

我的理解是微軟的JWT實現目前不支持加密(只支持簽名).

My understanding is that Microsoft's JWT implementation doesn't currently support encryption (only signing).

這篇關于如何加密 JWT 安全令牌?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！