問題描述

我一直在使用 JWT 庫(kù)來解碼 Json Web Token，并想切換到微軟的官方JWT 實(shí)現(xiàn)，System.IdentityModel.Tokens.Jwt.

I've been using the JWT library to decode a Json Web Token, and would like to switch to Microsoft's official JWT implementation, System.IdentityModel.Tokens.Jwt.

文檔非常稀少，所以我很難弄清楚如何完成我一直在使用 JWT 庫(kù)所做的事情.使用 JWT 庫(kù)，有一個(gè) Decode 方法，它采用 base64 編碼的 JWT 并將其轉(zhuǎn)換為 JSON，然后可以反序列化.我想使用 System.IdentityModel.Tokens.Jwt 做類似的事情，但經(jīng)過大量挖掘，無法弄清楚如何.

The documentation is very sparse, so I'm having a hard time figuring how to accomplish what I've been doing with the JWT library. With the JWT library, there is a Decode method that takes the base64 encoded JWT and turns it into JSON which can then be deserialized. I'd like to do something similar using System.IdentityModel.Tokens.Jwt, but after a fair amount of digging, cannot figure out how.

不管怎樣，我正在從 cookie 中讀取 JWT 令牌，用于 Google 的身份框架.

For what it's worth, I'm reading the JWT token from a cookie, for use with Google's identity framework.

任何幫助將不勝感激.

推薦答案

包中有一個(gè)名為JwtSecurityTokenHandler的類，它派生自System.IdentityModel.Tokens.SecurityTokenHandler.在 WIF 中，這是反序列化和序列化安全令牌的核心類.

Within the package there is a class called JwtSecurityTokenHandler which derives from System.IdentityModel.Tokens.SecurityTokenHandler. In WIF this is the core class for deserialising and serialising security tokens.

該類有一個(gè) ReadToken(String) 方法，該方法將采用 base64 編碼的 JWT 字符串并返回代表 JWT 的 SecurityToken.

The class has a ReadToken(String) method that will take your base64 encoded JWT string and returns a SecurityToken which represents the JWT.

SecurityTokenHandler 還有一個(gè) ValidateToken(SecurityToken) 方法，它接受你的 SecurityToken 并創(chuàng)建一個(gè) ReadOnlyCollection代碼>.通常對(duì)于 JWT，這將包含一個(gè) ClaimsIdentity 對(duì)象，該對(duì)象具有一組表示原始 JWT 屬性的聲明.

The SecurityTokenHandler also has a ValidateToken(SecurityToken) method which takes your SecurityToken and creates a ReadOnlyCollection<ClaimsIdentity>. Usually for JWT, this will contain a single ClaimsIdentity object that has a set of claims representing the properties of the original JWT.

JwtSecurityTokenHandler 為 ValidateToken 定義了一些額外的重載，特別是它有一個(gè) ClaimsPrincipal ValidateToken(JwtSecurityToken, TokenValidationParameters) 重載.TokenValidationParameters 參數(shù)允許您指定令牌簽名證書(作為 X509SecurityTokens 的列表).它還有一個(gè)重載，將 JWT 作為 string 而不是 SecurityToken.

JwtSecurityTokenHandler defines some additional overloads for ValidateToken, in particular, it has a ClaimsPrincipal ValidateToken(JwtSecurityToken, TokenValidationParameters) overload. The TokenValidationParameters argument allows you to specify the token signing certificate (as a list of X509SecurityTokens). It also has an overload that takes the JWT as a string rather than a SecurityToken.

執(zhí)行此操作的代碼相當(dāng)復(fù)雜，但可以在名為ADAL - Native App to REST service - Authentication"的開發(fā)人員示例中的 Global.asax.cx 代碼(TokenValidationHandler 類)中找到通過瀏覽器對(duì)話框使用 ACS"，位于

The code to do this is rather complicated, but can be found in the Global.asax.cx code (TokenValidationHandler class) in the developer sample called "ADAL - Native App to REST service - Authentication with ACS via Browser Dialog", located at

http://code.msdn.microsoft.com/AAL-Native-App-to-REST-de57f2cc

或者，JwtSecurityToken 類具有基礎(chǔ) SecurityToken 類中沒有的其他方法，例如獲取包含的 Claims 屬性聲明而不通過 ClaimsIdentity 集合.它還有一個(gè) Payload 屬性，該屬性返回一個(gè) JwtPayload 對(duì)象，讓您可以獲取令牌的原始 JSON.這取決于您的方案最合適的方法.

Alternatively, the JwtSecurityToken class has additional methods that are not on the base SecurityToken class, such as a Claims property that gets the contained claims without going via the ClaimsIdentity collection. It also has a Payload property that returns a JwtPayload object that lets you get at the raw JSON of the token. It depends on your scenario which approach it most appropriate.

SecurityTokenHandler 類的一般(即非 JWT 特定)文檔位于

The general (i.e. non JWT specific) documentation for the SecurityTokenHandler class is at

http://msdn.microsoft.com/en-us/library/system.identitymodel.tokens.securitytokenhandler.aspx

根據(jù)您的應(yīng)用程序，您可以將 JWT 處理程序配置到 WIF 管道中，就像任何其他處理程序一樣.

Depending on your application, you can configure the JWT handler into the WIF pipeline exactly like any other handler.

在不同類型的應(yīng)用中使用了 3 個(gè)示例

There are 3 samples of it in use in different types of application at

http://code.msdn.microsoft.com/site/search?f%5B0%5D.Type=SearchText&f%5B0%5D.Value=aal&f%5B1%5D.Type=User&f%5B1%5D.Value=Azure%20AD%20Developer%20Experience%20Team&f%5B1%5D.Text=Azure%20AD%20Developer%20Experience%20Team

也許，有一個(gè)可以滿足您的需求，或者至少可以適應(yīng)它們.

Probably, one will suite your needs or at least be adaptable to them.

這篇關(guān)于使用 System.IdentityModel.Tokens.Jwt 解碼和驗(yàn)證 JWT 令牌的文章就介紹到這了，希望我們推薦的答案對(duì)大家有所幫助，也希望大家多多支持html5模板網(wǎng)！