cannot convert from 'Microsoft.IdentityModel.Tokens.SymmetricSecurityKey' to 'Microsoft.IdentityModel.Tokens.SigningCredentials'

Question

While following tutorial Create a RESTful API with authentication using Web API and Jwt I'm having trouble getting the CustomJwtFormat class to compile:

using System.IdentityModel.Tokens;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.DataHandler.Encoder;
using Thinktecture.IdentityModel.Tokens;

namespace BooksAPI.Identity
{    
    public class CustomJwtFormat : ISecureDataFormat<AuthenticationTicket>
    {
        private static readonly byte[] _secret =              
             TextEncodings.Base64Url.Decode(ConfigurationManager.AppSettings["secret"]);
        private readonly string _issuer;

        public CustomJwtFormat(string issuer)
        {
            _issuer = issuer;
        }

        public string Protect(AuthenticationTicket data)
        {
            if (data == null)
                throw new ArgumentNullException(nameof(data));

            var signingKey = new HmacSigningCredentials(_secret);
            var issued = data.Properties.IssuedUtc;
            var expires = data.Properties.ExpiresUtc;

            return new JwtSecurityTokenHandler().WriteToken(
               new JwtSecurityToken( _issuer, null, data.Identity.Claims,
                   issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey));
        }

        public AuthenticationTicket Unprotect(string protectedText) {
            throw new NotImplementedException();
        }
    }
}

The build error I'm getting is:

Cannot convert from 'Thinktecture.IdentityModel.Tokens.HmacSigningCredentials' to 'Microsoft.IdentityModel.Tokens.SigningCredentials'

Having searched for this I found this SO post:

ASP.NET v5 Multiple SigningCredentials

I have tried the recommendation in the answer post but to no avail. I followed the link:

Ambiguous reference issue (Microsoft.AspNet.Identity & Microsoft.AspNet.Identity.Core)

But am still seeing the conflict. Which package and namespace combination should I use?

score 34 · Answer 1 · answered Feb 26 '18 at 02:37

original method:

var signingKey = new HmacSigningCredentials(_secret);

new method:

var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(_secret);
var signingCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(
            securityKey,SecurityAlgorithms.HmacSha256Signature);
        //---
var issued = data.Properties.IssuedUtc;
var expires = data.Properties.ExpiresUtc;
var token = new JwtSecurityToken(_issuer, audienceId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingCredentials);

Thanks :) I'm using "voodoo chicken coding" here and you saved my bacon. — davaus, Mar 04 '22 at 03:08

score 22 · Accepted Answer · answered Mar 01 '17 at 19:22

22

I ran into the same problem. You have to use an older version of System.IdentityModel.Tokens.Jwt.

open nuget package manager console and run:

Install-Package System.IdentityModel.Tokens.Jwt -Version 4.0.2.206221351

answered Mar 01 '17 at 19:22

Tyler

1,134
1
10
12

cannot convert from 'Microsoft.IdentityModel.Tokens.SymmetricSecurityKey' to 'Microsoft.IdentityModel.Tokens.SigningCredentials'

2 Answers2