问题描述

我一直在使用 JWT 库来解码 Json Web Token，并想切换到微软的官方JWT 实现，System.IdentityModel.Tokens.Jwt.

I've been using the JWT library to decode a Json Web Token, and would like to switch to Microsoft's official JWT implementation, System.IdentityModel.Tokens.Jwt.

文档非常稀少，所以我很难弄清楚如何完成我一直在使用 JWT 库所做的事情.使用 JWT 库，有一个 Decode 方法，它采用 base64 编码的 JWT 并将其转换为 JSON，然后可以反序列化.我想使用 System.IdentityModel.Tokens.Jwt 做类似的事情，但经过大量挖掘，无法弄清楚如何.

The documentation is very sparse, so I'm having a hard time figuring how to accomplish what I've been doing with the JWT library. With the JWT library, there is a Decode method that takes the base64 encoded JWT and turns it into JSON which can then be deserialized. I'd like to do something similar using System.IdentityModel.Tokens.Jwt, but after a fair amount of digging, cannot figure out how.

不管怎样，我正在从 cookie 中读取 JWT 令牌，用于 Google 的身份框架.

For what it's worth, I'm reading the JWT token from a cookie, for use with Google's identity framework.

任何帮助将不胜感激.

推荐答案

包中有一个名为JwtSecurityTokenHandler的类，它派生自System.IdentityModel.Tokens.SecurityTokenHandler.在 WIF 中，这是反序列化和序列化安全令牌的核心类.

Within the package there is a class called JwtSecurityTokenHandler which derives from System.IdentityModel.Tokens.SecurityTokenHandler. In WIF this is the core class for deserialising and serialising security tokens.

该类有一个 ReadToken(String) 方法，该方法将采用 base64 编码的 JWT 字符串并返回代表 JWT 的 SecurityToken.

The class has a ReadToken(String) method that will take your base64 encoded JWT string and returns a SecurityToken which represents the JWT.

SecurityTokenHandler 还有一个 ValidateToken(SecurityToken) 方法，它接受你的 SecurityToken 并创建一个 ReadOnlyCollection代码>.通常对于 JWT，这将包含一个 ClaimsIdentity 对象，该对象具有一组表示原始 JWT 属性的声明.

The SecurityTokenHandler also has a ValidateToken(SecurityToken) method which takes your SecurityToken and creates a ReadOnlyCollection<ClaimsIdentity>. Usually for JWT, this will contain a single ClaimsIdentity object that has a set of claims representing the properties of the original JWT.

JwtSecurityTokenHandler 为 ValidateToken 定义了一些额外的重载，特别是它有一个 ClaimsPrincipal ValidateToken(JwtSecurityToken, TokenValidationParameters) 重载.TokenValidationParameters 参数允许您指定令牌签名证书(作为 X509SecurityTokens 的列表).它还有一个重载，将 JWT 作为 string 而不是 SecurityToken.

JwtSecurityTokenHandler defines some additional overloads for ValidateToken, in particular, it has a ClaimsPrincipal ValidateToken(JwtSecurityToken, TokenValidationParameters) overload. The TokenValidationParameters argument allows you to specify the token signing certificate (as a list of X509SecurityTokens). It also has an overload that takes the JWT as a string rather than a SecurityToken.

执行此操作的代码相当复杂，但可以在名为ADAL - Native App to REST service - Authentication"的开发人员示例中的 Global.asax.cx 代码(TokenValidationHandler 类)中找到通过浏览器对话框使用 ACS"，位于

The code to do this is rather complicated, but can be found in the Global.asax.cx code (TokenValidationHandler class) in the developer sample called "ADAL - Native App to REST service - Authentication with ACS via Browser Dialog", located at

http://code.msdn.microsoft.com/AAL-Native-App-to-REST-de57f2cc

或者，JwtSecurityToken 类具有基础 SecurityToken 类中没有的其他方法，例如获取包含的 Claims 属性声明而不通过 ClaimsIdentity 集合.它还有一个 Payload 属性，该属性返回一个 JwtPayload 对象，让您可以获取令牌的原始 JSON.这取决于您的方案最合适的方法.

Alternatively, the JwtSecurityToken class has additional methods that are not on the base SecurityToken class, such as a Claims property that gets the contained claims without going via the ClaimsIdentity collection. It also has a Payload property that returns a JwtPayload object that lets you get at the raw JSON of the token. It depends on your scenario which approach it most appropriate.

SecurityTokenHandler 类的一般(即非 JWT 特定)文档位于

The general (i.e. non JWT specific) documentation for the SecurityTokenHandler class is at

http://msdn.microsoft.com/en-us/library/system.identitymodel.tokens.securitytokenhandler.aspx

根据您的应用程序，您可以将 JWT 处理程序配置到 WIF 管道中，就像任何其他处理程序一样.

Depending on your application, you can configure the JWT handler into the WIF pipeline exactly like any other handler.

在不同类型的应用中使用了 3 个示例

There are 3 samples of it in use in different types of application at

http://code.msdn.microsoft.com/site/search?f%5B0%5D.Type=SearchText&f%5B0%5D.Value=aal&f%5B1%5D.Type=User&f%5B1%5D.Value=Azure%20AD%20Developer%20Experience%20Team&f%5B1%5D.Text=Azure%20AD%20Developer%20Experience%20Team

也许，有一个可以满足您的需求，或者至少可以适应它们.

Probably, one will suite your needs or at least be adaptable to them.

这篇关于使用 System.IdentityModel.Tokens.Jwt 解码和验证 JWT 令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！