使用 System.IdentityModel.Tokens.Jwt 使用 RS512 验证 JWT 签名

本文介绍了使用 System.IdentityModel.Tokens.Jwt 使用 RS512 验证 JWT 签名的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我想使用公钥使用 RS512 算法验证 JWT 签名.我喜欢下面链接中给出的确切解决方案，它运行良好.

I wanted to verify JWT signature with RS512 algorithm using public key. I fond the exact solution given in the below link and it is working perfectly.

验证 JWT 签名使用 C# 中的公钥使用 RS256 算法

但我想在我的应用程序中使用 System.IdentityModel.Tokens.Jwt.任何人都可以通过实施 System.IdentityModel.Tokens.Jwt 来改变下面的工作示例吗?

But I want to use System.IdentityModel.Tokens.Jwt with my application. Can anyone change below working example by implementing System.IdentityModel.Tokens.Jwt ?

static void Main(string[] args) { var token = "eyJhbGciOiJSUzUxMiIsImtpZCI6ImsxMDY5NDgxOTAifQ.eyJleHAiOjE0NzMzNDcxODUsInN1YiI6ImZmZmZmZmZmNTcxZGJkNjBlNGIwMWYyNzk4ZGI5N2Y4Iiwic2Vzc2lkIjoiNzZlNTg4ZDIzZmM3NDBiMGFkNzIxMDk2MGYwOWFhY2IiLCJ0eXBlIjoiYXQiLCJpYXQiOjE0NzMzMzYzODV9.WA-5NFaDx38dDEbZTH_hEYpbhuC3yTA9RHCmyF3Z8L1eYmZ8w4RFv5PrjWN-HprkMP7WzVfwKeSCqU4O1_FGbl88arCgZb_Ui7VUxwftRDMErib8XFu4hGfRKrdZOOHxBY_EGLINLobYG-n0akRTycIjmH0sgroQ_3Na7sxCJSM"; var secretKey = "j6Dtct-hCbacNoaTWVskOLh7Fcj4snuQ2kY3ZIpOZfJP-fsBgj6dxUFiqZSKjHikk73xiVLAb6w2SqQ8Z2Ez5hpGmG0U3eZzWkm8gwrpN-DN3eSBjBzyE5UUSTxmfMXGIBZtlwGEmmameycvX8nCJLuF83nK7Q5OQd7MIWUw-_8"; bool isValied = false; string[] tokenParts = token.Split('.'); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.ImportParameters( new RSAParameters() { Modulus = FromBase64Url(secretKey), Exponent = FromBase64Url("AQAB") }); HashAlgorithm H = SHA512.Create(); byte[] hash = H.ComputeHash(Encoding.UTF8.GetBytes(tokenParts[0] + '.' + tokenParts[1])); RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa); rsaDeformatter.SetHashAlgorithm(H.GetType().ToString()); if (rsaDeformatter.VerifySignature(hash, FromBase64Url(tokenParts[2]))) isValied = true; } static byte[] FromBase64Url(string base64Url) { string padded = base64Url.Length % 4 == 0 ? base64Url : base64Url + "====".Substring(base64Url.Length % 4); string base64 = padded.Replace("_", "/") .Replace("-", "+"); return Convert.FromBase64String(base64); }

推荐答案

使用最新版本的System.IdentityModel.Tokens.Jwt (5.0.0) 并假设您需要验证以下 JWT 令牌:

Using the latest version of System.IdentityModel.Tokens.Jwt (5.0.0) and assuming you need to validate the following JWT token:

eyJhbGciOiJSUzUxMiIsImtpZCI6IjhDOURCQzA1OEIzN0Y5NzM2QzdCMzVGMDVFMDcxOENDMDUzOUU4RDciLCJ0eXAiOiJKV1QifQ.eyJuYmYiOjE0NzYxNzg2NzMsImV4cCI6MTQ3NjE4MjI3MywiaWF0IjoxNDc2MTc4NjczLCJpc3MiOiJNRSIsImF1ZCI6IllPVSJ9.Lh0iXDREkrgfuPBAJxOlNcoctRQkAV-VuhvH4oqavSV8M5ZYKhkSJ_11FyRN24yRTZfdScbOGZwO_-7Z8qSAbeLOc5HNa52LN09si-gruQFoB2Fikvd5FhwC5tqpqZeNw6usFR05Z9hl0SV05-joDv3OVfpnl31figrNiXcgqo2bB9kEPo6XeOw_JVTOrta6bHI-q6uulc4ZrLF4UWosb5R5ALLN5hwsY2lX9LrSCLfhuMlEDyjBbvrhC5fr29Ci9NYmk4U75qhhf13nS69vX8RJ5xRW8Nw6MP3Om0WaW-yX0RhtdrGZ8GuqdOxWU25i3j_qj5-ovO3OAhh0qsdMBA

使用 RS512(通过在 jwt.io) 然后您可以执行以下操作:

which uses RS512 (view the full token contents by decoding it online in jwt.io) you could then do the following:

string thumbprint = "8C9DBC058B37F9736C7B35F05E0718CC0539E8D7"; // Change to your certificate X509Certificate2 certificate = GetSigningCertificate(thumbprint); var handler = new JwtSecurityTokenHandler(); string jwt = "[TOKEN_TO_BE_VALIDATED]"; SecurityToken token; ClaimsPrincipal principal = handler.ValidateToken(jwt, new TokenValidationParameters { ValidIssuer = "ME", ValidAudience = "YOU", IssuerSigningKey = new X509SecurityKey(certificate), }, out token);