Skip to content

Instantly share code, notes, and snippets.

@sadrakgunadi

sadrakgunadi/VerifySignatureJWT.md

Last active January 25, 2019 15:35
Show Gist options
  • Save sadrakgunadi/7e3667d737ad785dd8e6e5ee29a0d938 to your computer and use it in GitHub Desktop.
Save sadrakgunadi/7e3667d737ad785dd8e6e5ee29a0d938 to your computer and use it in GitHub Desktop.
Download ZIP
Verify Signature JWT
Raw
VerifySignatureJWT.md

Verify Signature JWT

Reference : Azure Active Directory

Includes types that provide support for creating, serializing and validating JSON Web Tokens.

Code

string tokenStr = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJwZG0yeG9TbWowOXY4R2xWSjlBRm9iNkw3Ylk5aVVXMVdmanhlMWFIeTdrIn0.eyJqdGkiOiI0NzYwYWRmNC04NjNjLTRmMTQtYTYxMC1iNWNkMWMwOTY0YTgiLCJleHAiOjE1NDgyODcxNDAsIm5iZiI6MCwiaWF0IjoxNTQ4Mjg2NTQwLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvbWFzdGVyIiwic3ViIjoiZWZiOTJhY2YtMmUzZS00YWUwLTg0NzUtOTA0NjE5YTVmOTkzIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibXlhcHAiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiI5MTZiODkwMy1jYTUxLTQzZWYtYjM1Ni0wOTkxZGM1ZjE3MzUiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC8iXSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoiU2FkcmFrIEd1bmFkaSIsInByZWZlcnJlZF91c2VybmFtZSI6InNhZHJhayIsImdpdmVuX25hbWUiOiJTYWRyYWsiLCJmYW1pbHlfbmFtZSI6Ikd1bmFkaSIsImVtYWlsIjoic2FkcmFrZ3VuYWRpQGdtYWlsLmNvbSJ9.gJrtdOMLQnbznNg9t9bjmpImuQ9Kf0EZ1DXAkaPJzgzl1HIJMIfPNCjuV4tPuOYIZbdHtzAbyfa1jONCH9fiaovCIU1GSpNcBzcSvyQ_dHnpCpL9V7jwNoHdErlFeLK8aFPAIIHj90ihq-Pbfs3tta1zoLiClj_9m7rNdGOIEiIdPoHOJNoVh80AO9Nn3vAoCJwIoau7nfO9mI5K-FydUB5HyJE8fHE3CmlE4v5LHP-wKOeioBHcTAQTmYUjnQ7A9yp6H1nbLMP0OEm438XQBXYwONpKjq4ylWMUQeuPE8UCNSW49GkqK8G06rWSXn2rAUjhcf-2y_rq-8mIexfLUA";

//step 1
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(
new RSAParameters() {
	Modulus = FromBase64Url("hK7fQE3Fl31Dl1MlfBjMH_Qji8cg4EquPBde-Qfm6suf4-F5u-8rwojNtm5sY6P1MAxwQQnP-1ua39S6KK5O9clih_A8rFgZLcJcGReWDda8evTC6oDYBFyhaopjzwwQR8PXXUBF2TvfH_RDbkm-92-zU3t7Uutdiyo2XPCKQ18qI5SvXTMVfrC6AnEStnUzzvkLBbqMYH4JsUoXdmmVyJ3bBXZQWSTqUii8HHP1RYMUHyeBIYq5HjF_kzKJbwsZryJMdH-lVlwahgvzfa8_GpP1Z_JSynfr-OuHodrllS0Blic4R0DDqWgtLZd1_Oc9D9aNPYUUMdkUvPBw5RCGDw"),
	Exponent = FromBase64Url("AQAB")
});

var validationParameters = new TokenValidationParameters {
	RequireExpirationTime = true,
	RequireSignedTokens = true,
	ValidateAudience = false,
	ValidateIssuer = false,
	ValidateLifetime = false,
	IssuerSigningKey = new RsaSecurityKey(rsa)
};

SecurityToken validatedSecurityToken = null;
var handler = new JwtSecurityTokenHandler();
handler.ValidateToken(tokenStr, validationParameters, out validatedSecurityToken);
JwtSecurityToken validatedJwt = validatedSecurityToken as JwtSecurityToken;

//step 2
string[] tokenParts = tokenStr.Split('.');

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(
new RSAParameters() {
	Modulus = FromBase64Url("hK7fQE3Fl31Dl1MlfBjMH_Qji8cg4EquPBde-Qfm6suf4-F5u-8rwojNtm5sY6P1MAxwQQnP-1ua39S6KK5O9clih_A8rFgZLcJcGReWDda8evTC6oDYBFyhaopjzwwQR8PXXUBF2TvfH_RDbkm-92-zU3t7Uutdiyo2XPCKQ18qI5SvXTMVfrC6AnEStnUzzvkLBbqMYH4JsUoXdmmVyJ3bBXZQWSTqUii8HHP1RYMUHyeBIYq5HjF_kzKJbwsZryJMdH-lVlwahgvzfa8_GpP1Z_JSynfr-OuHodrllS0Blic4R0DDqWgtLZd1_Oc9D9aNPYUUMdkUvPBw5RCGDw"),
	Exponent = FromBase64Url("AQAB")
});

SHA256 sha256 = SHA256.Create();
byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(tokenParts[0] + '.' + tokenParts[1]));

RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm("SHA256");
if (rsaDeformatter.VerifySignature(hash, FromBase64Url(tokenParts[2]))) {
	Console.WriteLine("signature is verified");
}
else {
	Console.WriteLine("signature is invalid");
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment