堆栈内存溢出
  简体   繁体   English

ASP.NET中的JWT令牌验证

[英]JWT token validation in ASP.NET

 原文  2018-03-21 13:32:56       c#/ asp.net/ jwt

问题描述

I'm writing an API in ASP.NET that exposes two endpoints: one to generate a JWT token and other to validate a given token. 我正在ASP.NET中编写一个API,该API公开了两个端点:一个用于生成JWT令牌,另一个用于验证给定令牌。

The token generation seems to work fine: 令牌生成似乎工作正常: 

 [HttpPost]
        public IHttpActionResult Token()
        {
            var headerAuth = HttpContext.Current.Request.Headers["Authorization"];
            if (headerAuth.ToString().StartsWith("Basic"))
            {
                var credValue = headerAuth.ToString().Substring("Basic".Length).Trim();
                var usernameAndPassEnc = Encoding.UTF8.GetString(Convert.FromBase64String(credValue));
                var usernameAndPass = usernameAndPassEnc.Split(':');

                LdapAuthentication ldap = new LdapAuthentication();

                if (ldap.IsAuthenticated(usernameAndPass[0], usernameAndPass[1]))
                {
                    var claimsData = new[] { new Claim(ClaimTypes.Name, usernameAndPass[0]) };
                    var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("secret"));
                    var signInCred = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest);
                    var tokenString = new JwtSecurityToken(
                        issuer: "http://my.website.com",
                        audience: "http://my.tokenissuer.com",
                        expires: DateTime.Now.AddMinutes(1),
                        claims: claimsData,
                        signingCredentials: signInCred
                        );

                    var token = new JwtSecurityTokenHandler().WriteToken(tokenString);
                    return Ok(token);
                }
            }

            return BadRequest("Bad request");
        }

But I don't know how to validate a given token, in ASP.NET Core I implement it in this whay (which works fine): 但是我不知道如何验证给定的令牌,在ASP.NET Core中我以这种方式实现了它(工作正常): 

public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
            {
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = true,
                    ValidateAudience = true,
                    ValidateIssuerSigningKey = true,
                    ValidIssuer = "http://my.website.com",
                    ValidAudience = "http://my.tokenissuer.com",
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("secret"))
                };
            });
            services.AddMvc();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseAuthentication();
            app.UseMvc();
        }

So, how can I validate a JWT token in ASP.NET? 那么,如何在ASP.NET中验证JWT令牌?

1 个解决方案

解决方案1
 3 已采纳  2018-03-21 14:00:40

For that either you can write a middleware or use the existing Authorize filter and override it. 为此,您可以编写中间件,也可以使用现有的Authorize过滤器并将其覆盖。 Use the following way to validate the token 使用以下方式来验证令牌 

    public static bool ValidateToken(string authToken) // Retrieve token from request header
    {
        var tokenHandler = new JwtSecurityTokenHandler();
        var validationParameters = this.GetValidationParameters();

        SecurityToken validatedToken;
        IPrincipal principal = tokenHandler.ValidateToken(authToken, validationParameters, out validatedToken);
        Thread.CurrentPrincipal = principal;
        HttpContext.Current.User = principal;
        return true;
    }

    private static TokenValidationParameters GetValidationParameters()
    {
        return new TokenValidationParameters
        {
            IssuerSigningToken = new System.ServiceModel.Security.Tokens.BinarySecretSecurityToken(symmetricKey), //Key used for token generation
            ValidIssuer = issuerName,
            ValidAudience = allowedAudience,
            ValidateIssuerSigningKey = true,
            ValidateIssuer = true,
            ValidateAudience = true
        };
    }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Asp.net Jwt令牌验证 - Asp.net Jwt token validation ASP.Net Core JWT 令牌验证 - ASP.Net Core JWT Token validation 资源服务器中的ASP.NET 5 JWT令牌验证 - ASP.NET 5 JWT Token validation in resource server ASP.NET Core JWT 不记名令牌自定义验证 - ASP.NET Core JWT Bearer Token Custom Validation ASP.Net 5-OAuth承载令牌(JWT)验证错误 - ASP.Net 5 - OAuth bearer token (JWT) validation error 为ASP.NET Core的JWT令牌添加自定义验证? - Add custom validation to JWT token for ASP.NET Core? 在asp net中实现jwt令牌验证 - Implement jwt token validation in asp net ASP.NET Core 和 JWT 令牌生命周期 - ASP.NET Core and JWT token lifetime ASP.NET Core:具有范围的JWT令牌 - ASP.NET Core: JWT token with Scopes ASP.NET Core 中的 Jwt 令牌身份验证 - Jwt token authentication in ASP.NET Core
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM