C# 控制台应用程序中Azure AD承载令牌的验证
您可以找到大量示例,说明如何使用JWT承载身份验证使用Azure AD保护ASP.Net应用程序。只需在启动时添加一些有关AAD的信息即可,如:C# 控制台应用程序中Azure AD承载令牌的验证,c#,azure,jwt,bearer-token,azure-active-directory,C#,Azure,Jwt,Bearer Token,Azure Active Directory,您可以找到大量示例,说明如何使用JWT承载身份验证使用Azure AD保护ASP.Net应用程序。只需在启动时添加一些有关AAD的信息即可,如: public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { app.UseJwtBearerAuthentication(new JwtBearerOptions { Aut
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
Authority = "https://login.windows.net/...",
Audience = "...",
});
app.UseMvc();
}
这些例子没有什么错,所有的令牌验证魔术都发生在幕后,你不必在意。但实际上,我想知道如何验证ASP.Net之外的Azure广告承载令牌,例如在控制台应用程序中
在控制台应用程序中,我希望出现以下情况:
public static void Main(string[] args)
{
string token = "...";
JwtSecurityToken validatedJwtToken = validateJwtToken(token);
}
private static JwtSecurityToken validateJwtToken(string token)
{
JwtSecurityToken jwtToken = new JwtSecurityToken(token)
//
// how to validate the AAD token?!
//
if(/* is valid */)
{
return jwtToken;
}
else
{
return null;
}
}
不幸的是,我还没有找到一个有效的例子,但我无法想象这个问题没有简单的解决方案。非常感谢您的建议 找到了解决方案-基于:
private const string-acquisition=“”;
private const string TENANT=“”;
专用静态异步任务validateJwtTokenAsync(字符串令牌)
{
//基于您的AAD租户构建URL
var stsDiscoveryEndpoint=String.Format(CultureInfo.InvariantCulture,“https://login.microsoftonline.com/{0}/.well-known/openid配置”,租户);
//获取用于验证传入jwt令牌的租户信息
var configManager=新配置管理器(stsDiscoveryEndpoint);
//从AAD获取配置:
var config=await configManager.GetConfigurationAsync();
//验证令牌:
var tokenHandler=new JwtSecurityTokenHandler();
var validationParameters=新的TokenValidationParameters
{
勇敢=观众,
ValidIssuer=config.Issuer,
IssuerSigningTokens=config.SigningTokens,
CertificateValidator=X509CertificateValidator.ChainTrust,
};
var validatedToken=(SecurityToken)新JwtSecurityToken();
//当令牌无效(过期、格式化无效等)时引发异常
ValidateToken(令牌、validationParameters、OutValidateToken);
返回已验证的任务;
}
这只是原始的基础知识,仅使用net452进行测试。查看上面的链接以了解更多用法(例如,将签名令牌缓存一段时间)。我无法从程序集'System.IdentityModel.Tokens.Jwt,Version=5.0.0.127,Culture=neutral,PublicKeyToken=31bf3856ad364e35'加载类型'System.IdentityModel.DateTimeUtil'。当运行上述代码时,您使用了哪个框架?此示例代码仅使用net452进行了测试。我将在我的帖子中添加注释。我在哪里可以获得config.Issuer&config.SigningTokens?
private const string AUDIENCE = "<GUID of your Audience>";
private const string TENANT = "<GUID of your Tenant>";
private static async Task<SecurityToken> validateJwtTokenAsync(string token)
{
// Build URL based on your AAD-TenantId
var stsDiscoveryEndpoint = String.Format(CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{0}/.well-known/openid-configuration", TENANT);
// Get tenant information that's used to validate incoming jwt tokens
var configManager = new ConfigurationManager<OpenIdConnectConfiguration>(stsDiscoveryEndpoint);
// Get Config from AAD:
var config = await configManager.GetConfigurationAsync();
// Validate token:
var tokenHandler = new JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters
{
ValidAudience = AUDIENCE,
ValidIssuer = config.Issuer,
IssuerSigningTokens = config.SigningTokens,
CertificateValidator = X509CertificateValidator.ChainTrust,
};
var validatedToken = (SecurityToken)new JwtSecurityToken();
// Throws an Exception as the token is invalid (expired, invalid-formatted, etc.)
tokenHandler.ValidateToken(token, validationParameters, out validatedToken);
return validatedToken;
}