问题描述
在我的应用程序中,我使用了基于Azure AD令牌的用户上下文。
我在招摇中实施了azure ad隐式流程,该流程以正确的方式返回令牌并正常工作。但是我尝试使用基于MSAL或ADAL Js的sharepoint / JQuery / Mobile应用程序来获取令牌。该令牌传入标头。但是,抛出错误IDX10511签名验证失败。
我搜索了许多网站。我不知道如何验证Microsoft Graph API令牌。
任何人都知道,请分享您的知识。或其他任何方法来验证Graph API签名。
在我的示例代码中
IList<string> validateAudience = new List<string>() { "00000003-0000-0000-c000-000000000000",$"{clientId1}",$"{clientId}","https://graph.microsoft.com","https://example.sharepoint.com",$"api://{clientId1}/user.read",$"api://{clientId}/user.read",$"api://{clientId}" };
var MetaDataUrl = $"https://login.microsoftonline.com/{Configuration["AzureAd:TenantId"]}/.well-kNown/openid-configuration";
//OpenIdConnectConfiguration openidconfig = OpenIdConnectConfigurationRetriever.GetAsync(MetaDataUrl,CancellationToken.None).Result;
var configManager = new ConfigurationManager<OpenIdConnectConfiguration>($"https://sts.windows.net/{TenantId}/.well-kNown/openid-configuration",new OpenIdConnectConfigurationRetriever());
var openidconfig = configManager.GetConfigurationAsync().Result;
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddAzureAd(options =>
{
Configuration.Bind("AzureAd",options);
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme,_ =>
{
_.Audience = Configuration["ClientId"];
_.Authority = "https://login.microsoftonline.com/{TenantId}/v2.0";
_.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
{
ValidateAudience = false,ValidAudiences = validateAudience,ValidateIssuer = false,Validissuer = "https://sts.windows.net/{TenantId}/",Validissuers = new List<string>() { "https://login.microsoftonline.com/{TenantId}/v2.0","https://sts.windows.net/{TenantId}/" },ValidateIssuerSigningKey = false,IssuerSigningKeys = openidconfig.SigningKeys,RequireExpirationTime = true,ValidateLifetime = false,RequireSignedTokens = false,};
_.RequireHttpsMetadata = false;
_.Events = new JwtBearerEvents
{
OnChallenge = context =>
{
return Task.CompletedTask;
},OnMessageReceived = context =>
{
return Task.CompletedTask;
},OnForbidden = context =>
{
return Task.CompletedTask;
},OnAuthenticationFailed = context =>
{
return Task.CompletedTask;
},OnTokenValidated = context =>
{
return Task.CompletedTask;
}
};
});
我已调试了基于MSAL和ADAL JS的应用程序,生成的令牌始终会收到OnAuthenticationFailed事件,并且会引发异常
“ IDX10511:签名验证失败。尝试的密钥:'Microsoft.IdentityModel.Tokens.X509SecurityKey,KeyId:'1E50B4475DAC931359D564309A3385FFAB7FB431',InternalId:'f61f7746-3cff-4557-8b2c-b47fad9cf1e3'564FF4DACFB93B4D3DFAFA3FA4B3DFABFA3FA4B3D5FA4B3D5FA5B4D5FA4B3D5FA4B4B4B&F3D4B4B&F4C&B&B&B; 4E4B&F4B&B&B; 4E5B&D&B&B >
已解析的JWT令牌图像
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)