none
JWT Security Token - Using X509 certificate

    Question

  • I am trying to sign my JWT with a self-signed certificate. At this stage we are still in development and I will be using a proper signed certificate when we are ready to deploy.

    However, I am seeing this error when I try to use the X509SigningCredentials in my project. This is a part of the Microsoft.IdentityModel.SecurityTokenService namespace.

    

    The issue occurs with the line

    var tokenDescriptor = new SecurityTokenDescriptor();

    

    The type 'SecurityTokenDescriptor' exists in both 'Microsoft.IdentityModel.Tokens, Version=5.1.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' and 'Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'

    Below is a snippet of my code.

                string securityKey = appSettings["webSecAuthenticationKey"];
                JwtSecurityToken token = null;
                var jwtAuthResponse = new AuthenticationResponse();
    
                JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
                var tokenDescriptor = new SecurityTokenDescriptor();
                tokenDescriptor.Audience = "XXXXX";
                tokenDescriptor.Issuer = "XXXXX";
                tokenDescriptor.IssuedAt = DateTime.Now;
                tokenDescriptor.NotBefore = DateTime.Now;
                tokenDescriptor.Expires = DateTime.Now.AddDays(90);
                var certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
                certStore.Open(OpenFlags.ReadOnly);
                var jwtCerts = certStore.Certificates.Find(X509FindType.FindByThumbprint, "FFD8DDD9612D1D61E3A16140D4DCBC0C2BA164E9", false);
                X509Certificate2 jwtCert;
                if (jwtCerts.Count > 0)
                {
                    jwtCert = jwtCerts[0];
                }
                else
                {
                    throw new Exception("Certificate not found");
                }
    
                tokenDescriptor.SigningCredentials = new Microsoft.IdentityModel.SecurityTokenService.X509SigningCredentials(jwtCert);
    
    
    What am I doing wrong here? I have to include Micorosft.Identity as well as Microsoft.Identity.Tokens because JWT requires the second one and the SecurityTokenDescriptor requires the first one.


    Narasimham


    Wednesday, April 19, 2017 7:43 PM

Answers

  • Which version of .NET Framework does your project target? If it's 4.5 or later, then perhaps you can use System.IdentityModel.Tokens.SecurityTokenDescriptor instead of Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.

    If you really need to reference two assemblies that define distinct types with identical names in the same namespace, then you can use the C# "extern alias" syntax to tell the compiler which definition you mean.

    • Proposed as answer by Chad333 Friday, April 21, 2017 4:34 PM
    • Marked as answer by NarasimhamAVSL Friday, April 21, 2017 7:03 PM
    Wednesday, April 19, 2017 9:10 PM

All replies

  • Which version of .NET Framework does your project target? If it's 4.5 or later, then perhaps you can use System.IdentityModel.Tokens.SecurityTokenDescriptor instead of Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.

    If you really need to reference two assemblies that define distinct types with identical names in the same namespace, then you can use the C# "extern alias" syntax to tell the compiler which definition you mean.

    • Proposed as answer by Chad333 Friday, April 21, 2017 4:34 PM
    • Marked as answer by NarasimhamAVSL Friday, April 21, 2017 7:03 PM
    Wednesday, April 19, 2017 9:10 PM
  • I am using .NET Framework 4.5.2. Let me see what the System.IdentityModel.Tokens.SecurityDescriptor will do for me

    Narasimham

    Thursday, April 20, 2017 2:31 PM
  • Setting the alias and using extern alias helped me resolve the issue. Thank you very much Kalle.

    Narasimham

    Friday, April 21, 2017 7:02 PM