发表新帖
发表新帖

Manually decode OAuth bearer token in c#

前端 未结
关注
3 1582
走了就别回头了
走了就别回头了 2021-02-07 18:51

In my Web Api 2.2 OWIN based application I have a situation where I manually need to decode the bearer token but I don\'t know how to do this. This is my startup.cs 

<
相关标签:
3条回答
  • 滥情空心
    2021-02-07 19:40

    Just placing this here for others that may visit in the future. Solution found at https://long2know.com/2015/05/decrypting-owin-authentication-ticket/ is simpler.

    Just 2 lines :

    var secureDataFormat = new TicketDataFormat(new MachineKeyProtector());
AuthenticationTicket ticket = secureDataFormat.Unprotect(accessToken);



private class MachineKeyProtector : IDataProtector {
    private readonly string[] _purpose =
    {
        typeof(OAuthAuthorizationServerMiddleware).Namespace,
        "Access_Token",
        "v1"
    };

    public byte[] Protect(byte[] userData)
    {
        throw new NotImplementedException();
    }

    public byte[] Unprotect(byte[] protectedData)
    {
        return System.Web.Security.MachineKey.Unprotect(protectedData, _purpose);
    } }
    0 讨论(0)
  • 情歌与酒
    2021-02-07 19:42

    You can read JWT and create Principals and Identity object using the System.IdentityModel.Tokens.Jwt package - https://www.nuget.org/packages/System.IdentityModel.Tokens.Jwt/.

    Here's a quick example that shows the options available when reading and validating the token, 

        private ClaimsIdentity GetIdentityFromToken(string token, X509Certificate2 certificate)
    {  
        var tokenDecoder = new JwtSecurityTokenHandler();         
        var jwtSecurityToken = (JwtSecurityToken)tokenDecoder.ReadToken(token);

        SecurityToken validatedToken;

        var principal = tokenDecoder.ValidateToken(
            jwtSecurityToken.RawData,
            new TokenValidationParameters()
                {
                    ValidateActor = false,
                    ValidateIssuer = false,
                    ValidateAudience = false,
                    ValidateLifetime = false,
                    ValidateIssuerSigningKey = false,
                    RequireExpirationTime = false,
                    RequireSignedTokens = false,
                    IssuerSigningToken = new X509SecurityToken(certificate)
                },
            out validatedToken);

        return principal.Identities.FirstOrDefault();
    }
    0 讨论(0)
  • 余生分开走
    2021-02-07 19:45

    I created a sample project for deserializing bearer tokens, which are encrypted using the MachineKeyDataProtector. You can take a look at the source code.

    Bearer-Token-Deserializer

    0 讨论(0)
 看不清?
提交回复
热议问题