驗證/驗證在.NET中使用PHP創建的JWT令牌

Question

我有一個使用PHP創建的JWT令牌，然後我需要在.NET應用程序（框架版本4.5.1）中使用它。該令牌使用下面的代碼（依賴於https://github.com/lcobucci/jwt庫）在PHP中生成：

use Lcobucci\JWT\Builder; 
use Lcobucci\JWT\Signer\Hmac\Sha256; 

$tokenBuilder = new Builder(); 
$tokenSigner = new Sha256(); 

$token = (string)$tokenBuilder 
    ->setIssuer('localhost:8081') 
    ->setAudience('myaudience') 
    ->setIssuedAt(time()) 
    ->setExpiration(time() + 86400) 
    ->sign($tokenSigner, '710VWV0zby') 
    ->getToken(); 

return $token; 

我已經能夠讀取C＃令牌很好，但我在努力防範，弄清楚如何確認和驗證令牌簽名。

TokenValidationParameters validationParameters = new TokenValidationParameters 
{ 
    ValidateIssuer = true 
}; 

var tokenHandler = new JwtSecurityTokenHandler(); 

// THIS IS TO TEST IF TOKEN CAN BE READ 
/*var jwtToken = tokenHandler.ReadJwtToken(token); 

HttpContext.Current.Response.Write(jwtToken.Issuer);*/ 

SecurityToken validatedToken = null; 
try 
{ 
    tokenHandler.ValidateToken(token, validationParameters, out validatedToken); 
} 
catch (Exception) 
{ 
    HttpContext.Current.Response.Write("Invalid! :("); 
} 

if (validatedToken != null) { 
    HttpContext.Current.Response.Write("Valid! :)"); 
} 

很明顯，我的代碼無法驗證任何簽名，因爲在任何地方都沒有提到SHA-256密鑰。我假設我需要在TokenValidationParameters中以某種方式包含我需要設置的屬性，並且我猜SigningToken將是唯一的屬性，但我不知道從哪裏開始指定HMAC SHA 256密鑰。

Answer 1

您需要以某種方式導出用於創建令牌的證書。例如，它可以以.pem格式文件。之後，利用該證書數據創建加密提供

public static RSACryptoServiceProvider CreateRsaCryptoProviderFromX509Certificate() 
    { 
     byte[] certData = Convert.FromBase64String(_CERTIFICATE); 
     X509Certificate2 x509Cert = new X509Certificate2(); 
     x509Cert.Import(certData); 
     var x509PublicKeyXml = x509Cert.PublicKey.Key.ToXmlString(false); 

     RSACryptoServiceProvider RsaProvider = new RSACryptoServiceProvider(); 
     RsaProvider.FromXmlString(x509PublicKeyXml); 
     return RsaProvider; 
    } 

，其中來自.PEM文件_CERTIFICATE存儲數據，而不會導致評析

string _CERTIFICATE = @" DD5NYXRyaXg0Ml9mNThlMzdkLWU2ZjktNGU0Yi05MzVlLTNhMDFi 
          NzU2N2I5YjAeFw0xNjEyMzExNTE1MjNaFw00MjAxMDcxNTE1MjNaMEkxRzBFBgNVBAMMPk1hdHJp 
          eDQyX0FDU19SZWx5aW5nUGFydHlfZmY1OGUzN2QtZTZmOS00ZTRiLTkzNWUtM2EwMWI3NTY3Yjli 
          MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAho5G6pY9QJs/945aQ1w8oiF/17ZNGsNY 
          ul5G/+TprN7KfgzT9u+A588f4Z4B8z5QJlwIUeH33iuRcV0AIHd9MnEKR56IdOLLlNWNPvRAG5FJ 
          Wt4XPlaG+bE/oyuqxqpQM1KJ0iN74K/WLXM8ZdQlq7gTgtLS+icZH3i2arC8rdobh3zRk1wbUVXn 
          kjR4CASy+07LZwbVVp2g3pOsuy5AWBURIynQ7z3zj+u7NMF42htLOEzISl3Qb3BMOoXFMm93UGwp 
          B/Ae+zpWFWeh6190ipcUMXoAOfdh9VZUZX9C7OI/3plOiwKUvwfBQyLR8C/4uiTcCTp1i8fS0bta 
          jkPhdQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA3fmwEgej+BhB7dkw+0TWEDiIC9cXR4uW7kElM 
          7+L7ARmUYVpAx05Z8oarsR0zm1u3ZYR00y3eLhw5RcXN6hC5jb5HYSQZERdqlzvS6bU6xJ57H7tC 
          KuPADkYmuPnRM/cdMKPeSG3ZHnHcTgJx62hFloPWbGPr9VLVp4R4coUgtuZMtlFvXamjpCNYSpob 
          N9wzk36r/4c+Nd/n+4DwqIaVzgEXHXkOUtOZhTYh7SG5WJVUSep5cIq3SBGzLn8oXCjiqn72zJ7C 
          vn5/ekaC1nzMDMcga5qWQNdLd/rXt65ZMbB/JhM+Ee9TIvmrrDXlvRh2cv7GtoTtPYEbIdVvrF+W"; 

進行驗證創建標記處理程序，驗證參數和cryptoprovider

驗證令牌

 public static bool ValidateJwt(string jwt) 
    { 
     JwtSecurityTokenHandler securityTokenHandler = new JwtSecurityTokenHandler(); 
     RSACryptoServiceProvider rsa = CreateRsaCryptoProviderFromX509Certificate(); 

     TokenValidationParameters validationParameters = new TokenValidationParameters() 
     { 
      ValidAudience ="urn:6c23aaa7-6da8-4941-98b0-62f63cd146", 
      ValidIssuer = "https://accounts.issuer.com", 
      IssuerSigningKey = new RsaSecurityKey(rsa) 
     }; 
     SecurityToken token; 
     ClaimsPrincipal claimsPrincipal = securityTokenHandler.ValidateToken(jwt, validationParameters, out token); 

     return claimsPrincipal.IsInRole("Admin"); 
    }