問題描述

我正在嘗試使用 JWT 向 ASP.NET Web API 驗證 Node 應用程序.

I am trying to use JWT to authenticate a Node application to an ASP.NET Web API.

在 ASP.NET 中，我使用的是 .NET 4.5.1 和 nuget 包 System.IdentityModel.Tokens.Jwt 5.0.0

In ASP.NET, I am using .NET 4.5.1 and nuget package System.IdentityModel.Tokens.Jwt 5.0.0

我不明白的是，為什么命名空間在 Microsoft 和 System 之間混合.

What I don't understand is, why the namespaces are mixed between Microsoft and System.

例如:

var tokenReader = new JwtSecurityTokenHandler();

tokenReader.ValidateToken(token, 
                new TokenValidationParameters()
            {
                ValidateAudience = false
            },
                out validatedToken);    

主要的JwtSecurityTokenHandler在System.IdentityModel.Tokens.Jwt命名空間，但TokenValidationParameters類及其依賴在Microsoft.IdentityModel.Tokens 命名空間，并可能與 System.IdentityModel.Tokens 命名空間中的類似類發生沖突.

The main JwtSecurityTokenHandler is in the System.IdentityModel.Tokens.Jwt namespace, but the TokenValidationParameters class and its dependencies are in the Microsoft.IdentityModel.Tokens namespace, and possibly collide with similar classes in the System.IdentityModel.Tokens namespace.

這是設計使然，還是其他地方版本不匹配的可能跡象?

Is this by design or is this a possible sign of a version mismatch somewhere else?

推薦答案

如果你看一下對

nuget System.IdentityModel.Tokens.Jwt 4.0.2

對比

nuget System.IdentityModel.Tokens.Jwt 5.0

你會看到 5.0 依賴于

you'll see that 5.0 has a dependency on

依賴關系

.NETFramework 4.5.1

.NETFramework 4.5.1

Microsoft.IdentityModel.Tokens (>=5.0.0)

Microsoft.IdentityModel.Tokens (>=5.0.0)

4.0 沒有.事實上，以前的版本沒有.

that 4.0 didn't have. In fact, no previous version did.

Microsoft 正在重新構建他們的框架，使其更輕量級.在 ASP.NET 大小的框架中，您將有許多功能冗余.

Microsoft is re-architect-ing their frameworks to be more light weight. In a framework the size of ASP.NET, you will have many functional redundancies.

為了使 WIF 更輕，同時保持向后兼容，我們決定從 System.IdentityModel.Tokens.Jwt 等庫中刪除冗余功能，不再依賴于 System.IdentityModel.令牌，而是在 Microsoft.IdentityModel.Tokens 上.不幸的結果之一是兩個層都暴露了相同的方法.

To make WIF lighter, while remaining backwards compatible, the decision was made to remove the redundant functionality from libraries like System.IdentityModel.Tokens.Jwt no longer depend on System.IdentityModel.Tokens, but instead on Microsoft.IdentityModel.Tokens. One of the unfortunate results is that both layers expose the same methods.

這篇關于.NET JWT 令牌驗證的命名空間:系統與 Microsoft的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！