cannot convert from 'Microsoft.IdentityModel.Tokens.SymmetricSecurityKey' to 'Microsoft.IdentityModel.Tokens.SigningCredentials'

While following tutorial Create a RESTful API with authentication using Web API and Jwt I'm having trouble getting the CustomJwtFormat class to compile:

using System.IdentityModel.Tokens;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.DataHandler.Encoder;
using Thinktecture.IdentityModel.Tokens;

namespace BooksAPI.Identity
{    
    public class CustomJwtFormat : ISecureDataFormat<AuthenticationTicket>
    {
        private static readonly byte[] _secret =              
             TextEncodings.Base64Url.Decode(ConfigurationManager.AppSettings["secret"]);
        private readonly string _issuer;

        public CustomJwtFormat(string issuer)
        {
            _issuer = issuer;
        }

        public string Protect(AuthenticationTicket data)
        {
            if (data == null)
                throw new ArgumentNullException(nameof(data));

            var signingKey = new HmacSigningCredentials(_secret);
            var issued = data.Properties.IssuedUtc;
            var expires = data.Properties.ExpiresUtc;

            return new JwtSecurityTokenHandler().WriteToken(
               new JwtSecurityToken( _issuer, null, data.Identity.Claims,
                   issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey));
        }

        public AuthenticationTicket Unprotect(string protectedText) {
            throw new NotImplementedException();
        }
    }
}

The build error I'm getting is:

Cannot convert from 'Thinktecture.IdentityModel.Tokens.HmacSigningCredentials' to 'Microsoft.IdentityModel.Tokens.SigningCredentials'

Having searched for this I found this SO post:

ASP.NET v5 Multiple SigningCredentials

I have tried the recommendation in the answer post but to no avail. I followed the link:

Ambiguous reference issue (Microsoft.AspNet.Identity & Microsoft.AspNet.Identity.Core)

But am still seeing the conflict. Which package and namespace combination should I use?

What is Signingcredentials?

Signing credentials are used to protect against tampering. They can be either asymmetric (e.g a RSA or ECDSA key) or symmetric.

What is Securitytokendescriptor?

Adds a claim for the specified authentication method to the subject of the current instance. The authentication instant is set to the current time.

original method:

var signingKey = new HmacSigningCredentials(_secret);

new method:

var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(_secret);
var signingCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(
            securityKey,SecurityAlgorithms.HmacSha256Signature);
        //---
var issued = data.Properties.IssuedUtc;
var expires = data.Properties.ExpiresUtc;
var token = new JwtSecurityToken(_issuer, audienceId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingCredentials);

I ran into the same problem. You have to use an older version of System.IdentityModel.Tokens.Jwt.

open nuget package manager console and run:

Install-Package System.IdentityModel.Tokens.Jwt -Version 4.0.2.206221351

cannot convert from 'Microsoft.IdentityModel.Tokens.SymmetricSecurityKey' to 'Microsoft.IdentityModel.Tokens.SigningCredentials'

Tags:

asp.net-web-api

oauth-2.0

asp.net-identity

owin

Matt W

People also ask

2 Answers

user883467

Tyler

Recent Activity

Donate For Us

cannot convert from 'Microsoft.IdentityModel.Tokens.SymmetricSecurityKey' to 'Microsoft.IdentityModel.Tokens.SigningCredentials'

Tags:

asp.net-web-api

oauth-2.0

asp.net-identity

owin

Matt W

People also ask

2 Answers

user883467

Tyler

Related questions

Recent Activity

Donate For Us