DEVHIDE
Login Or Sign up

how to check Validate JWE Token On server

782 Views Asked by At

its config jwt Program.cs

#region JWT
IdentityModelEventSource.ShowPII = true;

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>   {
 var secretkey = Encoding.UTF8.GetBytes(builder.Configuration["JWT:Secret"]);
var encryptionkey = Encoding.UTF8.GetBytes(builder.Configuration["JWT:Encryptkey"]);
var validationParameters = new TokenValidationParameters
{
    ClockSkew = TimeSpan.Zero, // default: 5 min
    RequireSignedTokens = true,
    ValidateIssuerSigningKey = true,
    IssuerSigningKey = new SymmetricSecurityKey(secretkey),
    RequireExpirationTime = true,
    ValidateLifetime = true,
    ValidateAudience = true, //default : false
    ValidAudience = builder.Configuration["JWT:ValidAudience"],
    ValidateIssuer = true, //default : false
    ValidIssuer = builder.Configuration["JWT:ValidIssuer"],
    TokenDecryptionKey = new SymmetricSecurityKey(encryptionkey)
};
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.TokenValidationParameters = validationParameters;
});
#endregion

its my code for create JWT Secure Token i use SecurityAlgorithms.Aes128KW for hashing

        private Tuple<string, DateTime> GenerateWebTokenJwt(User userInfo)
    {
        IList<string> userRoles = null;
     
        userRoles = _userManager.GetRolesAsync(userInfo).Result;

        if (userRoles == null)
        {
            return new Tuple<string, DateTime>("", DateTime.Now);
        }


       var exportTime = DateTime.Now.AddHours(24);
        IDictionary<string, object> authClaims = new Dictionary<string, object>();
        authClaims.Add(JwtRegisteredClaimNames.Sub, userInfo.FirstName);
        authClaims.Add(JwtRegisteredClaimNames.Email, userInfo.Email);
        authClaims.Add(JwtRegisteredClaimNames.Name, userInfo.UserName);
        authClaims.Add(JwtRegisteredClaimNames.Aud, userInfo.PhoneNumber);
        authClaims.Add(JwtRegisteredClaimNames.Sid, userInfo.Id.ToString());
        authClaims.Add(JwtRegisteredClaimNames.Exp, exportTime.Date.Year + "/" + exportTime.Month + "/" + exportTime.Date
        + "-" + exportTime.Hour + ":" + exportTime.Minute + ":" + exportTime.Second);
        authClaims.Add(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString());

        if (userRoles != null)
        {
            for (int i = 0; i < userRoles.Count; i++)
            {
                authClaims.Add(ClaimTypes.Role + i, userRoles[i]);
            }
        }

        var encryptionkey = Encoding.UTF8.GetBytes(_configuration["JWT:Encryptkey"]); //must be 16 character
        var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionkey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256);


        var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JWT:Secret"]));
        var Credemtials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);

        var descriptor = new SecurityTokenDescriptor
        {
            Issuer = _configuration["JWT:ValidIssuer"],
            Audience = _configuration["JWT:ValidAudience"],
            IssuedAt = DateTime.Now,
            NotBefore = DateTime.Now.AddMinutes(Convert.ToInt32(_configuration["JWT:NotBeforeMinutes"])),
            Expires = DateTime.Now.AddMinutes(Convert.ToInt32(_configuration["JWT:ExpirationMinutes"])),
            SigningCredentials = Credemtials,
            EncryptingCredentials = encryptingCredentials,
            Claims = authClaims,
        };

        var tokenHandler = new JwtSecurityTokenHandler();
        var securityToken = tokenHandler.CreateToken(descriptor);
        string encryptedJwt = tokenHandler.WriteToken(securityToken);
        return new Tuple<string, DateTime>(encryptedJwt, securityToken.ValidTo); ;

    }

i can not use CreateJwtSecurityToken var securityToken = tokenHandler.CreateJwtSecurityToken(descriptor); its true i use CreateToken ?

my code for check validation bot Show Error On Run time

 private bool ValidateToken(string authToken)
    {
        try
        {
            JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
            //string sToken = authToken.Substring(7, authToken.Length - 7);

            if (!tokenHandler.CanReadToken(authToken))
            {
                return false;
            }

            JwtSecurityToken jwtToken = tokenHandler.ReadToken(authToken) as JwtSecurityToken;

            if (jwtToken == null)
            {
                return false;
            }

            TokenValidationParameters parameters = new TokenValidationParameters()
            {
                ValidateIssuer = true,
                ValidateAudience = true,
                ValidateLifetime = true,
                RequireExpirationTime = true,
                ValidAudience = _configuration["JWT:ValidAudience"],
                ValidIssuer = _configuration["JWT:ValidIssuer"],
                //EncryptingCredentials = encryptingCredentials,
                
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.Default.GetBytes(_configuration["JWT:Secret"]))
            };
            SecurityToken securityToken;
            ClaimsPrincipal principal = tokenHandler.ValidateToken(authToken, parameters, out securityToken);
            if (principal == null)
            {
                return false;
            }
        }
        catch (Exception ex)
        {
            return false;
        }
        return true;
    }

error in validation is:

{"IDX10609: Decryption failed. No Keys tried: token: 'eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwidHlwIjoiSldUIn0.NQG56EqqvkTu0K02GYK9QIl-Sapf0tMXoWXq_ZXs99Fvzr9az0BRCA.39UAZmnrfigG4HvQxg8yrw.GbrJorcklXbnAA_VvCpHUdml2Q3MbLRbPQ8ItAcsdZnQ7vWizk2fiHVdbxoxj-9obRAEQ8m10NLC04qHg6ItnW8Pl0Awus_Fsw8kwPHKBB3LD194ifsN5T8o4CVuXQtZdNz5AcLfMRWwTIBMHs4jvP_sRRu2GQi08G0LtipKoYEKKEbk9rw0GiLEDYYVXnsFVLxNHyM9tHkmxFlbqdRTG7S6elLD1QbvCRFBbkEW7teafYE-CcxIFKb73YMPRpm1_9VpJBLCFNZSpefB4GwPpGUds0t6wVSGmKaBDyd1KCsCNgzyeYZlkmXbU-S2S7KVSU00oMpOwj3D1sUmsiWmue7nWuw3tQv-pwzVk89_xzAGecieQpY3F7QqzjTR6mkSj1xN8V65z0qQsLgA6DmrsB5AHpp4koTjqMWBMTpLKW7siY6n31GcJP6NNdADPl_hpcfuicVOeP4Zfl6RtHhePJyI4hHk-9pNkzc-i5DGSGdaTFDjg9JuLNLmGU5xKdmMXFWBUHqpgRJm1_ZlGzP2zpn7tTxXtp1l4wv4K8AzKhLmMDXullMeBAytS4-hiWNfclVttw_qLH15DEOCF11foA.xdyKycxHBsRF2jn5Y0IcPQ'."}

sample jwe Code is:

eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwidHlwIjoiSldUIn0.A0huSqmRHCi2VjCBNhzBLSCE6kNIFAERvBPMEPMUAXdDH60gvkxweg.UV6tmuaPHVpQ9H1WyFOB-w.9ljq5kzXk98WiNQrwOy-NlYb4HXC1uZx_jjn3o31qIfur_ORmOK3Uq6Zu9RcVe_IbY3A200lJMUcbeL_c5vNoUs6E1-F-8ffgpQiu-jR-lvZFsBi6_qUD7___qxl_aNBZdk1CqM5gKJeDKN9QEHm17QsH27hcF6HgHOh7-soIH0BdkYxejkpV2b3marLW9Zp6JeGsRSYxMMN4a7r1XSUp-UvIE0LBbhq0Bnz0vhzYbEALDlAwT_zSonDoMFNR5mbwIDcVMhYxwXZvxMfsAHDK4k8_nffqxFQ6foljL1ErjkT02IvUHl9uh2tsSQiOjcAfJu9oRnmUJXvFBeOKjLEa-jIwPvteXWWMJIEh_Yl_aqeSUWc_emiEt1gHlfBpCzmj3XQaPTWLSAuJDyVb6OuMjDlZ8l830SO6vkbfI3q0WtYziuB4hLmm1S4BV_2Qn9KemxWdDN82YfsQg5Skr0mEX4VIXu-FDsako1VEQtxygNLrngLG5iI-RRmXhlhqEy0nkQCup7SqYo45DZkFsJZKQJ8Bs0BCZjacjndK5_vG504O06ui5v8kbTixjp6xjyyEGeALtjMeRSW3y-YUvuwWw.kCx6iQOPEasw395EIpcZhg
c# asp.net-core validation jwt jwe
Original Q&A
1

There are 1 best solutions below

0
On

I Find awnser in https://www.scottbrady91.com/c-sharp/json-web-encryption-jwe-in-dotnet-core

ty Scott Brady

    private bool ValidateToken(string authToken)
    {
        try
        {
            var tokenHandler = new JwtSecurityTokenHandler();
            if (!tokenHandler.CanReadToken(authToken))
            {
                return false;
            }
            JwtSecurityToken jwtToken = tokenHandler.ReadToken(authToken) as JwtSecurityToken;

            if (jwtToken == null)
            {
                return false;
            }
            var encryptionkey = Encoding.UTF8.GetBytes(_configuration["JWT:Encryptkey"]); //must be 16 character
            var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionkey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256);

            ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(
                authToken,
                new TokenValidationParameters
                {
                    ValidateLifetime = true,
                    ValidAudience = _configuration["JWT:ValidAudience"],
                    ValidIssuer = _configuration["JWT:ValidIssuer"],
                    RequireSignedTokens = false,
                    TokenDecryptionKey = new SymmetricSecurityKey(encryptionkey),
                    
                },
                out SecurityToken securityToken);

            if (claimsPrincipal == null)
            {
                return false;
            }
        }
        catch (Exception ex)
        {
            return false;
        }
        return true;
    }

and Create JWE Token Code is:

        private Tuple<string, DateTime> GenerateWebTokenJwt(User userInfo)
    {
        IList<string> userRoles = null;

        userRoles = _userManager.GetRolesAsync(userInfo).Result;

        if (userRoles == null)
        {
            return new Tuple<string, DateTime>("", DateTime.Now);
        }


    var exportTime = DateTime.Now.AddHours(24);
        IDictionary<string, object> authClaims = new Dictionary<string, object>();
        authClaims.Add(JwtRegisteredClaimNames.Sub, userInfo.FirstName);
        authClaims.Add(JwtRegisteredClaimNames.Email, userInfo.Email);
        authClaims.Add(JwtRegisteredClaimNames.Name, userInfo.UserName);
        authClaims.Add(JwtRegisteredClaimNames.Aud, userInfo.PhoneNumber);
        authClaims.Add(JwtRegisteredClaimNames.Sid, userInfo.Id.ToString());
        authClaims.Add(JwtRegisteredClaimNames.Exp, exportTime.Date.Year + "/" + exportTime.Month + "/" + exportTime.Date
        + "-" + exportTime.Hour + ":" + exportTime.Minute + ":" + exportTime.Second);
        authClaims.Add(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString());

        if (userRoles != null)
        {
            for (int i = 0; i < userRoles.Count; i++)
            {
                authClaims.Add(ClaimTypes.Role + i, userRoles[i]);
            }
        }
        var handler = new JwtSecurityTokenHandler();
        var encryptionkey = Encoding.UTF8.GetBytes(_configuration["JWT:Encryptkey"]); //must be 16 character
        var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionkey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256);

        var tokenDescriptor = new SecurityTokenDescriptor
        {
            Audience = _configuration["JWT:ValidAudience"],
            Issuer = _configuration["JWT:ValidIssuer"],
            Expires = DateTime.Now.AddMinutes(Convert.ToInt32(_configuration["JWT:ExpirationMinutes"])),
            Subject = new ClaimsIdentity(new List<Claim> { new Claim("sub", "scott") }),
            EncryptingCredentials = encryptingCredentials
        };

        string token = handler.CreateEncodedJwt(tokenDescriptor);
        return new Tuple<string, DateTime>(token, DateTime.Now.AddMinutes(Convert.ToInt32(_configuration["JWT:ExpirationMinutes"])));
       
    }

Related Questions in C#

Related Questions in ASP.NET-CORE

Related Questions in VALIDATION

Related Questions in JWT

Related Questions in JWE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.