System.ArgumentOutOfRangeException: ‘IDX10603: The algorithm: ‘http://www.w3.org/2001/04/xmldsig-more#hmac-sha256' requires the SecurityKey.KeySize to be greater than ‘128’ bits. KeySize reported: ‘24’.’

Kajasumanie Kanapathipillai
1 min readJun 5, 2018

I found a error in my usercontroller and resolved the error

userController.cs

[AllowAnonymous][HttpPost(“authenticate”)]public IActionResult Authenticate([FromBody]LoginUserModel loginUserModel){var user = _userService.Authenticate(loginUserModel.UserName, loginUserModel.Password);//Console.WriteLine(user);if (user == null){return Unauthorized();}var tokenHandler = new JwtSecurityTokenHandler();var key = Encoding.ASCII.GetBytes(_appSettings.Secret);var tokenDescriptor = new SecurityTokenDescriptor{Subject = new ClaimsIdentity(new Claim[]{new Claim(ClaimTypes.Name, loginUserModel.UserName)}),Expires = DateTime.UtcNow.AddMinutes(10),SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)};var token = tokenHandler.CreateToken(tokenDescriptor);var tokenString = tokenHandler.WriteToken(token);//var userClaims = await _userManager.GetRolesAsync(user);List<Claim> claims = new List<Claim>();claims.Add(new Claim(JwtRegisteredClaimNames.Sub, loginUserModel.UserName));claims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));claims.Add(new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));var jwt = new JwtSecurityToken(claims: claims);var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);// return basic user info (without password) and token to store client sidereturn Ok(new{Username = loginUserModel.UserName,Token = tokenString});// Bearer Token}}

I’ve implemented Application Insights in the project (.net core web api).then i checked with postman but i got above error.this error meaning is my secert key is not below than 128 bit but my secret key value is 24 bit .The Key is saved in the appsettings.json file. So I only had to give a longer Secret Key.

--

--