堆栈内存溢出
  简体   繁体   English

如何使用 C# 和 .net 验证 MS Azure AD 生成的 JWT id_token?

[英]How to verify JWT id_token produced by MS Azure AD with C# and .net?

 原文  2019-12-19 21:36:20       c#/ .net/ validation/ token/ azure-ad-b2c

问题描述

I have seen the post with a similar title about Angular JS, but I have been searching for a C# / .net code sample of how to do this presumably common task.我看过标题类似的关于 Angular JS 的帖子,但我一直在寻找 C#/.net 代码示例,说明如何执行这个大概是常见的任务。

I have found many articles talking about the fact that it must be done, but no straightforward "Here's how you validate an id_token returned from Azure B2C using C# and .net"我发现很多文章都在谈论它必须完成的事实,但没有简单明了的“这是使用 C# 和 .net 验证从 Azure B2C 返回的 id_token 的方法”

Is anyone aware of such a piece of code?有没有人知道这样一段代码?

1 个解决方案

解决方案1
 0  2019-12-20 06:24:56

Validating an id_token is similar to the first step of validating an access token - your client should validate that the correct issuer has sent back the token and that it hasn't been tampered with.验证 id_token 类似于验证访问令牌的第一步 - 您的客户端应该验证正确的颁发者已发回令牌并且它没有被篡改。 Because id_tokens are always a JWT, many libraries exist to validate these tokens - we recommend you use one of these rather than doing it yourself.由于 id_tokens 始终是 JWT,因此存在许多用于验证这些令牌的库 - 我们建议您使用其中之一,而不是自己进行。

To manually validate the token, see the steps details in validating an access token.要手动验证令牌,请参阅验证访问令牌中的步骤详细信息 After validating the signature on the token, the following claims should be validated in the id_token (these may also be done by your token validation library):验证令牌上的签名后,应在 id_token 中验证以下声明(这些也可以由您的令牌验证库完成):

  • Timestamps : the iat, nbf, and exp timestamps should all fall before or after the current time, as appropriate.时间戳:iat、nbf 和 exp 时间戳都应该在当前时间之前或之后,视情况而定。
  • Audience : the aud claim should match the app ID for your application. Audience :aud 声明应与您的应用程序的应用 ID 匹配。
  • Nonce : the nonce claim in the payload must match the nonce parameter passed into the /authorize endpoint during the initial request. Nonce :有效载荷中的 nonce 声明必须与在初始请求期间传递到 /authorize 端点的 nonce 参数匹配。

you can browse through this samples to find one in the language of your choice.您可以浏览这些示例以找到您选择的语言的示例 For more information on how to explicitly validate a JWT token, see the manual JWT validation sample .有关如何显式验证 JWT 令牌的更多信息,请参阅手动 JWT 验证示例

You can check this thread as well for additional reference:您也可以查看此线程以获取更多参考:

Hope it helps.希望能帮助到你。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何验证asp.net mvc OWIN从azure AD B2C收到的id_token - How to validate id_token received by asp.net mvc OWIN from azure AD B2C Azure AD B2C - 如何为id_token交换用户名/密码? - Azure AD B2C - how is username/password exchanged for id_token? C#如何验证JWT令牌上的签名? - C# How to verify signature on JWT token? Azure AD令牌服务不响应refresh_token和id_token - Azure AD token service does't response refresh_token and id_token 验证 JWT 令牌 c# 的签名 - verify signature of JWT Token c# 在c#.net中验证Firebase JWT - Verify Firebase JWT in c# .net Azure AD Jwt Bearer令牌 - Azure AD Jwt Bearer token 如何验证Line-api的ID令牌? (如何以与Java相同的方式使用jwt.net?) - How to verify id token for Line-api? (how to use jwt.net in the same way as java?) 带有 JWT 令牌的 Azure AD 多租户、.Net Core Web API - Azure AD Multi Tenant ,.Net Core Web API with JWT Token 如何使用 id_token 从 Azure Function 应用程序获取 Azure access_token? - How get in Azure access_token from Azure Function app with id_token?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM