its config jwt Program.cs
#region JWT
IdentityModelEventSource.ShowPII = true;
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options => {
var secretkey = Encoding.UTF8.GetBytes(builder.Configuration["JWT:Secret"]);
var encryptionkey = Encoding.UTF8.GetBytes(builder.Configuration["JWT:Encryptkey"]);
var validationParameters = new TokenValidationParameters
{
ClockSkew = TimeSpan.Zero, // default: 5 min
RequireSignedTokens = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(secretkey),
RequireExpirationTime = true,
ValidateLifetime = true,
ValidateAudience = true, //default : false
ValidAudience = builder.Configuration["JWT:ValidAudience"],
ValidateIssuer = true, //default : false
ValidIssuer = builder.Configuration["JWT:ValidIssuer"],
TokenDecryptionKey = new SymmetricSecurityKey(encryptionkey)
};
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.TokenValidationParameters = validationParameters;
});
#endregion
its my code for create JWT Secure Token i use SecurityAlgorithms.Aes128KW for hashing
private Tuple<string, DateTime> GenerateWebTokenJwt(User userInfo)
{
IList<string> userRoles = null;
userRoles = _userManager.GetRolesAsync(userInfo).Result;
if (userRoles == null)
{
return new Tuple<string, DateTime>("", DateTime.Now);
}
var exportTime = DateTime.Now.AddHours(24);
IDictionary<string, object> authClaims = new Dictionary<string, object>();
authClaims.Add(JwtRegisteredClaimNames.Sub, userInfo.FirstName);
authClaims.Add(JwtRegisteredClaimNames.Email, userInfo.Email);
authClaims.Add(JwtRegisteredClaimNames.Name, userInfo.UserName);
authClaims.Add(JwtRegisteredClaimNames.Aud, userInfo.PhoneNumber);
authClaims.Add(JwtRegisteredClaimNames.Sid, userInfo.Id.ToString());
authClaims.Add(JwtRegisteredClaimNames.Exp, exportTime.Date.Year + "/" + exportTime.Month + "/" + exportTime.Date
+ "-" + exportTime.Hour + ":" + exportTime.Minute + ":" + exportTime.Second);
authClaims.Add(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString());
if (userRoles != null)
{
for (int i = 0; i < userRoles.Count; i++)
{
authClaims.Add(ClaimTypes.Role + i, userRoles[i]);
}
}
var encryptionkey = Encoding.UTF8.GetBytes(_configuration["JWT:Encryptkey"]); //must be 16 character
var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionkey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256);
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JWT:Secret"]));
var Credemtials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var descriptor = new SecurityTokenDescriptor
{
Issuer = _configuration["JWT:ValidIssuer"],
Audience = _configuration["JWT:ValidAudience"],
IssuedAt = DateTime.Now,
NotBefore = DateTime.Now.AddMinutes(Convert.ToInt32(_configuration["JWT:NotBeforeMinutes"])),
Expires = DateTime.Now.AddMinutes(Convert.ToInt32(_configuration["JWT:ExpirationMinutes"])),
SigningCredentials = Credemtials,
EncryptingCredentials = encryptingCredentials,
Claims = authClaims,
};
var tokenHandler = new JwtSecurityTokenHandler();
var securityToken = tokenHandler.CreateToken(descriptor);
string encryptedJwt = tokenHandler.WriteToken(securityToken);
return new Tuple<string, DateTime>(encryptedJwt, securityToken.ValidTo); ;
}
i can not use CreateJwtSecurityToken var securityToken = tokenHandler.CreateJwtSecurityToken(descriptor); its true i use CreateToken ?
my code for check validation bot Show Error On Run time
private bool ValidateToken(string authToken)
{
try
{
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
//string sToken = authToken.Substring(7, authToken.Length - 7);
if (!tokenHandler.CanReadToken(authToken))
{
return false;
}
JwtSecurityToken jwtToken = tokenHandler.ReadToken(authToken) as JwtSecurityToken;
if (jwtToken == null)
{
return false;
}
TokenValidationParameters parameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
RequireExpirationTime = true,
ValidAudience = _configuration["JWT:ValidAudience"],
ValidIssuer = _configuration["JWT:ValidIssuer"],
//EncryptingCredentials = encryptingCredentials,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.Default.GetBytes(_configuration["JWT:Secret"]))
};
SecurityToken securityToken;
ClaimsPrincipal principal = tokenHandler.ValidateToken(authToken, parameters, out securityToken);
if (principal == null)
{
return false;
}
}
catch (Exception ex)
{
return false;
}
return true;
}
error in validation is:
{"IDX10609: Decryption failed. No Keys tried: token: 'eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwidHlwIjoiSldUIn0.NQG56EqqvkTu0K02GYK9QIl-Sapf0tMXoWXq_ZXs99Fvzr9az0BRCA.39UAZmnrfigG4HvQxg8yrw.GbrJorcklXbnAA_VvCpHUdml2Q3MbLRbPQ8ItAcsdZnQ7vWizk2fiHVdbxoxj-9obRAEQ8m10NLC04qHg6ItnW8Pl0Awus_Fsw8kwPHKBB3LD194ifsN5T8o4CVuXQtZdNz5AcLfMRWwTIBMHs4jvP_sRRu2GQi08G0LtipKoYEKKEbk9rw0GiLEDYYVXnsFVLxNHyM9tHkmxFlbqdRTG7S6elLD1QbvCRFBbkEW7teafYE-CcxIFKb73YMPRpm1_9VpJBLCFNZSpefB4GwPpGUds0t6wVSGmKaBDyd1KCsCNgzyeYZlkmXbU-S2S7KVSU00oMpOwj3D1sUmsiWmue7nWuw3tQv-pwzVk89_xzAGecieQpY3F7QqzjTR6mkSj1xN8V65z0qQsLgA6DmrsB5AHpp4koTjqMWBMTpLKW7siY6n31GcJP6NNdADPl_hpcfuicVOeP4Zfl6RtHhePJyI4hHk-9pNkzc-i5DGSGdaTFDjg9JuLNLmGU5xKdmMXFWBUHqpgRJm1_ZlGzP2zpn7tTxXtp1l4wv4K8AzKhLmMDXullMeBAytS4-hiWNfclVttw_qLH15DEOCF11foA.xdyKycxHBsRF2jn5Y0IcPQ'."}
sample jwe Code is:
eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwidHlwIjoiSldUIn0.A0huSqmRHCi2VjCBNhzBLSCE6kNIFAERvBPMEPMUAXdDH60gvkxweg.UV6tmuaPHVpQ9H1WyFOB-w.9ljq5kzXk98WiNQrwOy-NlYb4HXC1uZx_jjn3o31qIfur_ORmOK3Uq6Zu9RcVe_IbY3A200lJMUcbeL_c5vNoUs6E1-F-8ffgpQiu-jR-lvZFsBi6_qUD7___qxl_aNBZdk1CqM5gKJeDKN9QEHm17QsH27hcF6HgHOh7-soIH0BdkYxejkpV2b3marLW9Zp6JeGsRSYxMMN4a7r1XSUp-UvIE0LBbhq0Bnz0vhzYbEALDlAwT_zSonDoMFNR5mbwIDcVMhYxwXZvxMfsAHDK4k8_nffqxFQ6foljL1ErjkT02IvUHl9uh2tsSQiOjcAfJu9oRnmUJXvFBeOKjLEa-jIwPvteXWWMJIEh_Yl_aqeSUWc_emiEt1gHlfBpCzmj3XQaPTWLSAuJDyVb6OuMjDlZ8l830SO6vkbfI3q0WtYziuB4hLmm1S4BV_2Qn9KemxWdDN82YfsQg5Skr0mEX4VIXu-FDsako1VEQtxygNLrngLG5iI-RRmXhlhqEy0nkQCup7SqYo45DZkFsJZKQJ8Bs0BCZjacjndK5_vG504O06ui5v8kbTixjp6xjyyEGeALtjMeRSW3y-YUvuwWw.kCx6iQOPEasw395EIpcZhg
I Find awnser in https://www.scottbrady91.com/c-sharp/json-web-encryption-jwe-in-dotnet-core
ty Scott Brady
and Create JWE Token Code is: