问题
I have the following code which was working when I was using System.IdentityModel.Tokens.Jwt, Version=4.0.20622.1351
private static void ConfigureAzureAD(IAppBuilder appBuilder)
{
appBuilder.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidAudience = ConfigurationManager.AppSettings["ida:Audience"]
}
});
}
However as soon as I upgraded this package to the latest one which is version 5 it no longer compiles complaining Reference to type 'TokenValidationParameters' claims it is defined in System.IdentityModel.Token.Jwt but it could not be found.
Also if you try the following compiler will warn you that Audience is obsolete:
private static void ConfigureAzureAD(IAppBuilder appBuilder)
{
appBuilder.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
Audience = ConfigurationManager.AppSettings["ida:Audience"]
});
}
I downgraded this DLL again and used the version 4.0.20622.1351, it started compiling.
Has there been a syntax change for Configuring the Azure Active Directory?
On Github I could not find a single project using the latest package 5.0.0 and all of them are using the previous package 4.0.20622.1351. Can anyone shed some light on this using the latest System.IdentityModel.Tokens.Jwt 5.0.0 or direct me to some project on Github using the latest package?
回答1:
TokenValidationParameters is in assembly: Microsoft.IdentityModel.Tokens
It looks like you are using Katana (the first version of asp.net OWIN offering). Katana does not support 5.0.0. You need to stick with 4.x.
The latest version of asp.net takes a dependency on S.IM.xx and M.IM.xxx 5.0. https://github.com/aspnet
回答2:
Short version: Make sure you use version 4.0 or later of the Microsoft.Owin packages, such as Microsoft.Owin.Security.Jwt.
As the other answers mentioned, there was a breaking change in System.IdentityModel.Tokens.Jwt from version 4.0 to 5.0. This caused problems because some packages like Microsoft.IdentityModel.Protocols depended on version 5.0, while older Katana/OWIN packages like Microsoft.Owin.Security.Jwt were still hardcoded to depend on version 4.0.
The good news is that this is being fixed in the new Katana 4.0 release. The 4.0 packages (such as Jwt and Cookies) have been published to NuGet as prerelease packages and will be available as stable packages soon.
回答3:
I don't know when or if this will ever be fixed, but I hope it will. I've already posted these issues on the Github site for the AAD extensions and on the Katana site. You can follow along with the discussions and progress on those sites, and if you care to, you can always post your interest in seeing this addressed.
I can't understand how this was not seen as an issue before release. "Upgrade to .Net Core" is not a reasonable solution. My app has no chance of doing that for a good while, as do most non-trivial projects.
回答4:
So I am also experiencing the same issue today. After looking down to the bottom of it I think I know the answer.
In short it is the issue with Katana project (http://katanaproject.codeplex.com/) being failed to comply with the current changes of Windows Azure Active Directory IdentityModel Extensions for .Net (https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet)
For more details, TokenValidationParameters was there in System.IdentityModel.Tokens.Jwt assembly verion 4.0 but it has been moved out in version 5.0. The new home for it is now in assembly Microsoft.IdentityModel.Tokens.
Sorry I can not provide a fix it is a design change from which the Katana code base needs to be dramatically refactored.
回答5:
Katana currently will not work with the 5.x version of IdentityModel. https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet
However, there is work underway to fix this. Timeline is not set yet.
来源:https://stackoverflow.com/questions/38119877/tokenvalidationparameters-no-longer-working-after-upgrade-to-5-0-0