验证/验证在.NET中使用PHP创建的JWT令牌
问题描述:
我有一个使用PHP创建的JWT令牌,然后我需要在.NET应用程序(框架版本4.5.1)中使用它。该令牌使用下面的代码(依赖于https://github.com/lcobucci/jwt库)在PHP中生成:验证/验证在.NET中使用PHP创建的JWT令牌
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Signer\Hmac\Sha256;
$tokenBuilder = new Builder();
$tokenSigner = new Sha256();
$token = (string)$tokenBuilder
->setIssuer('localhost:8081')
->setAudience('myaudience')
->setIssuedAt(time())
->setExpiration(time() + 86400)
->sign($tokenSigner, '710VWV0zby')
->getToken();
return $token;
我已经能够读取C#令牌很好,但我在努力防范,弄清楚如何确认和验证令牌签名。
TokenValidationParameters validationParameters = new TokenValidationParameters
{
ValidateIssuer = true
};
var tokenHandler = new JwtSecurityTokenHandler();
// THIS IS TO TEST IF TOKEN CAN BE READ
/*var jwtToken = tokenHandler.ReadJwtToken(token);
HttpContext.Current.Response.Write(jwtToken.Issuer);*/
SecurityToken validatedToken = null;
try
{
tokenHandler.ValidateToken(token, validationParameters, out validatedToken);
}
catch (Exception)
{
HttpContext.Current.Response.Write("Invalid! :(");
}
if (validatedToken != null) {
HttpContext.Current.Response.Write("Valid! :)");
}
很明显,我的代码无法验证任何签名,因为在任何地方都没有提到SHA-256密钥。我假设我需要在TokenValidationParameters中以某种方式包含我需要设置的属性,并且我猜SigningToken将是唯一的属性,但我不知道从哪里开始指定HMAC SHA 256密钥。
答
您需要以某种方式导出用于创建令牌的证书。例如,它可以以.pem格式文件。之后,利用该证书数据创建加密提供
public static RSACryptoServiceProvider CreateRsaCryptoProviderFromX509Certificate()
{
byte[] certData = Convert.FromBase64String(_CERTIFICATE);
X509Certificate2 x509Cert = new X509Certificate2();
x509Cert.Import(certData);
var x509PublicKeyXml = x509Cert.PublicKey.Key.ToXmlString(false);
RSACryptoServiceProvider RsaProvider = new RSACryptoServiceProvider();
RsaProvider.FromXmlString(x509PublicKeyXml);
return RsaProvider;
}
,其中来自.PEM文件_CERTIFICATE存储数据,而不会导致评析
string _CERTIFICATE = @" DD5NYXRyaXg0Ml9mNThlMzdkLWU2ZjktNGU0Yi05MzVlLTNhMDFi
NzU2N2I5YjAeFw0xNjEyMzExNTE1MjNaFw00MjAxMDcxNTE1MjNaMEkxRzBFBgNVBAMMPk1hdHJp
eDQyX0FDU19SZWx5aW5nUGFydHlfZmY1OGUzN2QtZTZmOS00ZTRiLTkzNWUtM2EwMWI3NTY3Yjli
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAho5G6pY9QJs/945aQ1w8oiF/17ZNGsNY
ul5G/+TprN7KfgzT9u+A588f4Z4B8z5QJlwIUeH33iuRcV0AIHd9MnEKR56IdOLLlNWNPvRAG5FJ
Wt4XPlaG+bE/oyuqxqpQM1KJ0iN74K/WLXM8ZdQlq7gTgtLS+icZH3i2arC8rdobh3zRk1wbUVXn
kjR4CASy+07LZwbVVp2g3pOsuy5AWBURIynQ7z3zj+u7NMF42htLOEzISl3Qb3BMOoXFMm93UGwp
B/Ae+zpWFWeh6190ipcUMXoAOfdh9VZUZX9C7OI/3plOiwKUvwfBQyLR8C/4uiTcCTp1i8fS0bta
jkPhdQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA3fmwEgej+BhB7dkw+0TWEDiIC9cXR4uW7kElM
7+L7ARmUYVpAx05Z8oarsR0zm1u3ZYR00y3eLhw5RcXN6hC5jb5HYSQZERdqlzvS6bU6xJ57H7tC
KuPADkYmuPnRM/cdMKPeSG3ZHnHcTgJx62hFloPWbGPr9VLVp4R4coUgtuZMtlFvXamjpCNYSpob
N9wzk36r/4c+Nd/n+4DwqIaVzgEXHXkOUtOZhTYh7SG5WJVUSep5cIq3SBGzLn8oXCjiqn72zJ7C
vn5/ekaC1nzMDMcga5qWQNdLd/rXt65ZMbB/JhM+Ee9TIvmrrDXlvRh2cv7GtoTtPYEbIdVvrF+W";
进行验证创建标记处理程序,验证参数和cryptoprovider
验证令牌 public static bool ValidateJwt(string jwt)
{
JwtSecurityTokenHandler securityTokenHandler = new JwtSecurityTokenHandler();
RSACryptoServiceProvider rsa = CreateRsaCryptoProviderFromX509Certificate();
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
ValidAudience ="urn:6c23aaa7-6da8-4941-98b0-62f63cd146",
ValidIssuer = "https://accounts.issuer.com",
IssuerSigningKey = new RsaSecurityKey(rsa)
};
SecurityToken token;
ClaimsPrincipal claimsPrincipal = securityTokenHandler.ValidateToken(jwt, validationParameters, out token);
return claimsPrincipal.IsInRole("Admin");
}