我生成了一个jwt令牌,在我尝试再次读取它之后,我收到了以下错误消息:IDX12709:CanReadToken((返回false。JWT格式不正确:'[System.String'类型的PII'隐藏
GenerateToken:
private string GenerateJwtToken(string username)
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes("$x3H*aG*?yKfh]Z/");
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[] { new Claim("username", username) }),
Expires = DateTime.UtcNow.AddMinutes(30),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return tokenHandler.WriteToken(token);
}
和提取头:
headers: {
'Content-type': 'application/json',
'Authorization': `Bearer ${sessionStorage.getItem("token")}`,
},
在这里,我阅读了令牌:"(反斜杠(";eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImRldl9lZCIsIm5iZiI6MTY0MzQwMTc2OSwiZXhwIjoxNjQzNDAzNTY5LCJpYXQojE2NDM0MDE3Njl9.EjE9Va6v7XwQka4UH0y_2dC1eqpfUWAGs2Ipoq9LoGE(反斜杠(">
public async Task Invoke(HttpContext context, IAuthService authService)
{
string token = string token = context.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last();
//...
private void attachUserToContext(HttpContext context, IAuthService authService, string token)
{
try
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes("$x3H*aG*?yKfh]Z/");
tokenHandler.ValidateToken(token, new TokenValidationParameters //<- IDX12709
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false,
ClockSkew = TimeSpan.Zero
}, out SecurityToken validatedToken);
var jwtToken = (JwtSecurityToken)validatedToken;
var userId = int.Parse(jwtToken.Claims.First(x => x.Type == "username").Value);
context.Items["User"] = userId;
}
catch
{
// do nothing if jwt validation fails
// user is not attached to context so request won't have access to secure routes
}
}
就像@jps说的那样,这是因为引号。
新的提取调用:
'Authorization': 'Bearer ' + token.replace(/"/g, ""),