问题
When trying the Azure Mobile Apps offline (in Visual Studio and local IIS with SSL), one has to supply an alternative to Azure's WEBSITE_AUTH_SIGNING_KEY as the SigningKey for the JWT tokens.
How can you generate a dev SigningKey?
回答1:
In order to test authenticated endpoints locally you need to use the same signing key that was used to generate the auth token (JWT).
If you are logging in against your cloud site, this means that locally you must validate the token using the same signing key. You can find this by going to https://{yoursite}.scm.azurewebsites.net/env and searching for WEBSITE_AUTH_SIGNING_KEY. Note that you should not hard-code this key in any code that you ship (for example, read the value from a config file only used for testing).
For creating your own key -- You need to use a SHA256 hash as a signing key. I typically use http://www.xorbin.com/tools/sha256-hash-calculator for generating them.
来源:https://stackoverflow.com/questions/35270361/azure-mobile-apps-offline-website-auth-signing-key