[英]JWT token validation in ASP.NET
I'm writing an API in ASP.NET that exposes two endpoints: one to generate a JWT token and other to validate a given token. 我正在ASP.NET中编写一个API,该API公开了两个端点:一个用于生成JWT令牌,另一个用于验证给定令牌。
The token generation seems to work fine: 令牌生成似乎工作正常:
[HttpPost]
public IHttpActionResult Token()
{
var headerAuth = HttpContext.Current.Request.Headers["Authorization"];
if (headerAuth.ToString().StartsWith("Basic"))
{
var credValue = headerAuth.ToString().Substring("Basic".Length).Trim();
var usernameAndPassEnc = Encoding.UTF8.GetString(Convert.FromBase64String(credValue));
var usernameAndPass = usernameAndPassEnc.Split(':');
LdapAuthentication ldap = new LdapAuthentication();
if (ldap.IsAuthenticated(usernameAndPass[0], usernameAndPass[1]))
{
var claimsData = new[] { new Claim(ClaimTypes.Name, usernameAndPass[0]) };
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("secret"));
var signInCred = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest);
var tokenString = new JwtSecurityToken(
issuer: "http://my.website.com",
audience: "http://my.tokenissuer.com",
expires: DateTime.Now.AddMinutes(1),
claims: claimsData,
signingCredentials: signInCred
);
var token = new JwtSecurityTokenHandler().WriteToken(tokenString);
return Ok(token);
}
}
return BadRequest("Bad request");
}
But I don't know how to validate a given token, in ASP.NET Core I implement it in this whay (which works fine): 但是我不知道如何验证给定的令牌,在ASP.NET Core中我以这种方式实现了它(工作正常):
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateIssuerSigningKey = true,
ValidIssuer = "http://my.website.com",
ValidAudience = "http://my.tokenissuer.com",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("secret"))
};
});
services.AddMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();
app.UseMvc();
}
So, how can I validate a JWT token in ASP.NET? 那么,如何在ASP.NET中验证JWT令牌?
For that either you can write a middleware or use the existing Authorize filter and override it. 为此,您可以编写中间件,也可以使用现有的Authorize过滤器并将其覆盖。 Use the following way to validate the token 使用以下方式来验证令牌
public static bool ValidateToken(string authToken) // Retrieve token from request header
{
var tokenHandler = new JwtSecurityTokenHandler();
var validationParameters = this.GetValidationParameters();
SecurityToken validatedToken;
IPrincipal principal = tokenHandler.ValidateToken(authToken, validationParameters, out validatedToken);
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
return true;
}
private static TokenValidationParameters GetValidationParameters()
{
return new TokenValidationParameters
{
IssuerSigningToken = new System.ServiceModel.Security.Tokens.BinarySecretSecurityToken(symmetricKey), //Key used for token generation
ValidIssuer = issuerName,
ValidAudience = allowedAudience,
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
ValidateAudience = true
};
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.