I was just working with Asp.Net Core Web API, and implementing Authentication. And I am calling this API from an Angular Application. But I am always getting an error as below.
IDX10603: The algorithm: 'HS256' requires the SecurityKey.KeySize to be greater than '128' bits. KeySize reported: '32'. Parameter name: key.KeySize
Below is my code for ConfigureServices
in Startup.cs file.
public IServiceProvider ConfigureServices(IServiceCollection services) { services.AddDbContext<APIContext>(option => option.UseInMemoryDatabase("AngularApp")); services.AddCors(options => options.AddPolicy("Cors", builder => { builder.AllowAnyOrigin(). AllowAnyMethod(). AllowAnyHeader(); } )); var signinKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Secret phase")); services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(cfg => { cfg.RequireHttpsMetadata = false; cfg.SaveToken = true; cfg.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters() { IssuerSigningKey = signinKey, ValidateAudience = false, ValidateIssuer = false, ValidateLifetime = false, ValidateIssuerSigningKey = true, ValidateActor = false, ClockSkew = TimeSpan.Zero }; }); services.AddMvc(); var serviceProvider = services.BuildServiceProvider(); return serviceProvider; }
And I am using JwtPackage
in my controller as follows.
JwtPackage CreateJwtToken(User usr) { var signinKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("this is my custom Secret key for authnetication")); var signInCredentials = new SigningCredentials(signinKey, SecurityAlgorithms.HmacSha256); var claims = new Claim[] { new Claim(JwtRegisteredClaimNames.Sub,usr.Id) }; var jwt = new JwtSecurityToken(claims: claims, signingCredentials: signInCredentials); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); return new JwtPackage() { FirstName = usr.FirstName, Token = encodedJwt }; }
Can you please help me to fix this issue? Thank you.
IDX10603: The algorithm: ‘HS256’ requires the SecurityKey.KeySize to be greater than ‘128’ bits. KeySize reported: ’32’.
IDX10603: The algorithm: 'HS256' requires the SecurityKey.KeySize to be greater than '128' bits. KeySize reported: '32'. Parameter name: key.KeySize Bookmark this question. Show activity on this post. I was just working with Asp.Net Core Web API, and implementing Authentication. And I am calling this API from an Angular Application.
KeySize reported: ’32’. Parameter name: key.KeySize Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed. Keys tried: ‘Microsoft.IdentityModel.Tokens.SymmetricSecurityKey,
Error: System.ArgumentOutOfRangeException The algorithm: 'HS256' requires the SecurityKey.KeySize to be greater than '128' bits The algorithm: 'HS256' requires the SecurityKey.KeySize to be greater than '128' bits.
Ah, it was my mistake, a simple one. I was not providing enough characters for the secret key name.
I changed my signinkey to this one,
var signinKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("this is my custom Secret key for authentication"));
from,
var signinKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Secret phase"));
That solved my issue, as the HmacSha256
in the line SigningCredentials(signinKey, SecurityAlgorithms.HmacSha256)
should be greater than 128 bits. In short, just use a long string as the key.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With