JwtSecurityTokenHandler和TokenValidationParameters [英] JwtSecurityTokenHandler and TokenValidationParameters

问题描述

我曾经引用过Microsoft.IdentityModel.Tokens.JWT，并且一切正常.

I used to have a reference to Microsoft.IdentityModel.Tokens.JWT and everything was working fine.

我已更新为使用新的System.IdentityModel.Tokens.Jwt，但现在似乎什么也没用.它找不到JwtSecurityTokenHandler的ValidateToken方法，并且TokenValidationParameters没有AllowedAudience，SigningToken或ValidateExpiration属性.

I updated to use the new System.IdentityModel.Tokens.Jwt but nothing seems to work now. It cannot find the ValidateToken method of the JwtSecurityTokenHandler and the TokenValidationParameters have no AllowedAudience, SigningToken or ValidateExpiration properties.

我在这里想念什么?任何人都可以与此一起提供JWT验证的工作示例吗?

What am I missing here? Can anyone provide with a working sample of a JWT validation with this?

我的旧"代码:

private static void ValidateJwt(string jwt)
{
    var handler = new JWTSecurityTokenHandler();
    var validationParameters = new Microsoft.IdentityModel.Tokens.JWT.TokenValidationParameters()
    {
        AllowedAudience = "https://my-rp.com",
        //SigningToken = new BinarySecretSecurityToken(Convert.FromBase64String(myBase64Key)),
        SigningToken = new X509SecurityToken(
           X509
           .LocalMachine
           .My
           .Thumbprint
           .Find("UYTUYTVV99999999999YTYYTYTY88888888", false)
           .First()),
        ValidIssuer = "https://my-issuer.com/trust/issuer",
        ValidateExpiration = true
    };

    try
    {
        var principal = handler.ValidateToken(jwt, validationParameters);
    }
    catch (Exception e)
    {

        Console.WriteLine("{0}\n {1}", e.Message, e.StackTrace);
    }

    Console.WriteLine();
}

推荐答案

经过大量研究和测试，我终于发现TokenValidationParameters的某些属性名称已更改，并且JwtSecurityTokenHandler.ValidateToken()方法签名也已更改.

After a lot of research and tests, I finally found that some properties names for TokenValidationParameters had changed and JwtSecurityTokenHandler.ValidateToken() method signature too.

这是上面代码的修改后的工作版本.

So here's the modified working version of the above code.

private static void ValidateJwt(string jwt)
{
    var handler = new JwtSecurityTokenHandler();   
    var validationParameters = new TokenValidationParameters()
    {
        ValidAudience = "https://my-rp.com",
        IssuerSigningTokens = new List<X509SecurityToken>() { new X509SecurityToken(
           X509
           .LocalMachine
           .My
           .Thumbprint
           .Find("UYTUYTVV99999999999YTYYTYTY88888888", false)
           .First()) },
        ValidIssuer = "https://my-issuer.com/trust/issuer",
        CertificateValidator = X509CertificateValidator.None,
        RequireExpirationTime = true
    };

    try
    {
        SecurityToken validatedToken;
        var principal = handler.ValidateToken(jwt, validationParameters, out validatedToken);
    }
    catch (Exception e)
    {

        Console.WriteLine("{0}\n {1}", e.Message, e.StackTrace);
    }

    Console.WriteLine();
}

作为参考，JwtSecurityTokenHandler位于System.IdentityModel.Tokens命名空间中.不要忘记为Microsoft .Net添加软件包" JSON Web令牌处理程序Framework 4.5 "(我写这些文章时为4.0.0版).

And for the reference, the JwtSecurityTokenHandler lives in the System.IdentityModel.Tokens namespace. Don't forget to add the package "JSON Web Token Handler For the Microsoft .Net Framework 4.5" (version 4.0.0 at the time I write theses lines).

希望它可以为某些人节省几个小时的搜索！

Hope it can save a few hours of search for some of you guys!

这篇关于JwtSecurityTokenHandler和TokenValidationParameters的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！