解码和验证使用System.IdentityModel.Tokens.Jwt智威汤逊令牌

本文介绍了解码和验证使用System.IdentityModel.Tokens.Jwt智威汤逊令牌的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我一直使用智威汤逊库脱codeA的Json网络令牌，并想切换微软官方智威汤逊的实施，System.IdentityModel.Tokens.Jwt.

I've been using the JWT library to decode a Json Web Token, and would like to switch to Microsoft's official JWT implementation, System.IdentityModel.Tokens.Jwt.

该文档是很稀疏，所以我有一个很难搞清楚如何来完成我一直在做的智威汤逊库。随着智威汤逊图书馆，有一个德code方法，该方法中的Base64 EN codeD智威汤逊，并把它变成JSON，然后可以反序列化。我想要做的使用System.IdentityModel.Tokens.Jwt类似的东西，但挖了相当数量后，无法弄清楚如何。

The documentation is very sparse, so I'm having a hard time figuring how to accomplish what I've been doing with the JWT library. With the JWT library, there is a Decode method that takes the base64 encoded JWT and turns it into JSON which can then be deserialized. I'd like to do something similar using System.IdentityModel.Tokens.Jwt, but after a fair amount of digging, cannot figure out how.

有关它的价值，我读从一个cookie的智威汤逊标记，以便与谷歌的身份框架使用。

For what it's worth, I'm reading the JWT token from a cookie, for use with Google's identity framework.

任何帮助将是AP preciated。

Any help would be appreciated.

推荐答案

在这个包中有一类名为 JwtSecurityTokenHandler 这源于系统。 IdentityModel.Tokens.SecurityTokenHandler 。在WIF这是核心类deserialising和连载安全令牌。

Within the package there is a class called JwtSecurityTokenHandler which derives from System.IdentityModel.Tokens.SecurityTokenHandler. In WIF this is the core class for deserialising and serialising security tokens.

类有一个 ReadToken（字符串）方法，将您的base64 EN codeD智威汤逊字符串，并返回一个 SecurityToken 从而重新presents的智威汤逊。

The class has a ReadToken(String) method that will take your base64 encoded JWT string and returns a SecurityToken which represents the JWT.

在 SecurityTokenHandler 也有 ValidateToken（SecurityToken）方法，需要你的 SecurityToken ，并创建一个 ReadOnlyCollection还＆LT; ClaimsIdentity＆GT; 。通常对于智威汤逊，这将包含单个 ClaimsIdentity 对象，它具有一组声明重新presenting原智威汤逊的属性。

The SecurityTokenHandler also has a ValidateToken(SecurityToken) method which takes your SecurityToken and creates a ReadOnlyCollection<ClaimsIdentity>. Usually for JWT, this will contain a single ClaimsIdentity object that has a set of claims representing the properties of the original JWT.

JwtSecurityTokenHandler 定义了一些额外的重载 ValidateToken ，尤其是，它有一个 ClaimsPrincipal ValidateToken（JwtSecurityToken，TokenValidationParameters）超载。该 TokenValidationParameters 参数允许您指定令牌签名证书（如 X509SecurityTokens 的列表）。它还具有过载，是以智威汤逊为字符串，而不是 SecurityToken 。

JwtSecurityTokenHandler defines some additional overloads for ValidateToken, in particular, it has a ClaimsPrincipal ValidateToken(JwtSecurityToken, TokenValidationParameters) overload. The TokenValidationParameters argument allows you to specify the token signing certificate (as a list of X509SecurityTokens). It also has an overload that takes the JWT as a string rather than a SecurityToken.

在code做，这是相当复杂的，但可以在Global.asax.cx code被发现（ TokenValidationHandler 班）在开发者样品被称为ADAL - 本机应用程序以REST服务 - 通过浏览器对话框身份验证与ACS，位于

The code to do this is rather complicated, but can be found in the Global.asax.cx code (TokenValidationHandler class) in the developer sample called "ADAL - Native App to REST service - Authentication with ACS via Browser Dialog", located at

$c$c.msdn.microsoft/AAL-Native-App-to-REST-de57f2cc

另外，在 JwtSecurityToken 类具有额外的方法不属于基础上 SecurityToken 类，如要求属性，获取所含的求偿，但没有通过 ClaimsIdentity 集合去。它也有一个负载属性，返回一个 JwtPayload 对象，使您可以在标记的原始JSON获得。这要看你的情况而接近它最合适的。

Alternatively, the JwtSecurityToken class has additional methods that are not on the base SecurityToken class, such as a Claims property that gets the contained claims without going via the ClaimsIdentity collection. It also has a Payload property that returns a JwtPayload object that lets you get at the raw JSON of the token. It depends on your scenario which approach it most appropriate.

一般的（即非智威汤逊专用） SecurityTokenHandler 类文档是

The general (i.e. non JWT specific) documentation for the SecurityTokenHandler class is at

msdn.microsoft/en-us/library/system.identitymodel.tokens.securitytokenhandler.aspx

根据您的应用程序，您可以配置智威汤逊处理程序进入WIF管道完全像任何其他的处理程序。

Depending on your application, you can configure the JWT handler into the WIF pipeline exactly like any other handler.

有3个样品，它在不同类型的应用程序使用在

There are 3 samples of it in use in different types of application at

$c$c.msdn.microsoft/site/search?f%5B0%5D.Type=SearchText&f%5B0%5D.Value=aal&f%5B1%5D.Type=User&f%5B1%5D.Value=Azure%20AD%20Developer%20Experience%20Team&f%5B1%5D.Text=Azure%20AD%20Developer%20Experience%20Team

也许，一会适合您的需求，或者至少能适应他们。

Probably, one will suite your needs or at least be adaptable to them.