问题
I have read some excellent tutorials on using JSON Web Tokens with ASP.NET Core to authenticate requests to a REST API, however I can find no documentation on whether the more general JSON Web Signature (rfc7515) is supported for use with REST API Definitions to tamper-protect the contents of requests.
For example, the following Controller allows a simple POST request whereby a JSON serialized 'CreateRequest' object is submitted to the API and handled:
[Produces("application/json")]
[Route("api/WebService")]
public class WebServiceController
{
[HttpPost("CreateRequest")]
public override IActionResult Create([FromBody] CreateRequest request)
{
if (request == null)
{
return BadRequest();
}
else
{
// Do stuff with CreateRequest object ...
return new OkResult();
}
}
}
If I wanted to protect the CreateRequest object from tampering in transit JSON Web Signature seems like a good way to do it, but how do I get the request handler to accept the object when encoded as BASE64 and signed, and preferably only if the signature validates?
I know that integrity protecting the contents could be solved other ways for example by TLS encrypting the connection, but assume for the moment that the request must be made via plain HTTP with the contents in full view. For this reason the similar JSON Web Encryption standard is also unsuitable for my use case.
来源:https://stackoverflow.com/questions/50372229/does-asp-net-core-support-json-web-signatures-for-restful-web-apis