Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Validating ADAL JWT token in C# REST service

Tags:

c#

validation

jwt

azure-active-directory

adal

I have a web application which uses the ADAL library for authentication through Azure Active Directory.

This web application makes a call to a C# REST service by passing the ADAL token string as a parameter. In my REST service, I want to validate this token. If the token is valid only then the service will perform the operation.

I searched a lot but could not find a way to validate the JWT token in my rest service. Can you guys please help me on this?

like image 389
Yash Verma Avatar asked Feb 24 '16 15:02

Yash Verma

1 Answers

You have two options:

1. Use OWIN middleware

Use middleware that will handle token validation for you. A common case will be the OWIN middleware, which does all the magic for you. Usually, this is the best approach, as it allows you to focus your code on the business logic for your API, not on low-level token validation. For a sample REST API that uses OWIN, check out these two samples:

  • https://github.com/Azure-Samples/active-directory-dotnet-webapp-webapi-openidconnect
  • https://github.com/Azure-Samples/active-directory-dotnet-webapp-webapi-openidconnect-aspnet5

2. Manual JWT validation

You can use the JSON Web Token Handler for ASP.NET to do manual JWT token validation. (Ok, so it's not entirely manual, but it is manually invoked.) There's also a sample for this:

  • https://github.com/Azure-Samples/active-directory-dotnet-webapi-manual-jwt-validation (the actual JWT validation happens in Global.asax.cs and looks something like this:

    JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();

TokenValidationParameters validationParameters = new TokenValidationParameters
{
    ValidAudience = audience,
    ValidIssuer = issuer,
    IssuerSigningTokens = signingTokens,
    CertificateValidator = X509CertificateValidator.None
};

try
{
    // Validate token.
    SecurityToken validatedToken = new JwtSecurityToken();
    ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(jwtToken, validationParameters, out validatedToken);

    // Do other validation things, like making claims available to controller...
}
catch (SecurityTokenValidationException)
{
    // Token validation failed
    HttpResponseMessage response = BuildResponseErrorMessage(HttpStatusCode.Unauthorized);
    return response;
}
like image 144
Philippe Signoret Avatar answered Oct 22 '22 16:10

Philippe Signoret
Sign in to Comment

Related questions

How to get declared symbol from SemanticModel for newly created class?
c# how to draw line chart
Wpf datagrid Enter key move next row
Using Custom WCF Body Deserialization without changing URI Template Deserialization
Bootstrap table filtering not working
How do I map a type from a CLR namespace in XAML from an assembly other than the one where it's declared?
Why does Visual Studio create double closing brackets for C#6 interpolated strings?
The target MvcBuildViews listed in a BeforeTargets attribute at Microsoft.Web.Publishing.targets does not exist in the project, and will be ignored
MongoDB C# driver timeout
OutOfMemoryException when reading a string
Creating Table in Azure Storage Emulator produces HTTP 500 Error
Why does ReSharper warn at Char.ToString() when not specifying CultureInfo explicitly?
Good practice to use a different DbContext class for every page? [closed]
c# httpclient PostAsJson sending GET request instead of POST
.NET hide titlebar but keep border
Rendering SurfaceTexture to Unity Texture2D
Retrieve data from microsoft health API
ASP.Net 5 Identity Persisted Authentication Not Working IIS 7.5 Idle Timer
Sign executable within a clickonce application when publishing
Clickable hyperlink on tooltip or popup in WPF

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!