Reference : Azure Active Directory
Includes types that provide support for creating, serializing and validating JSON Web Tokens.
Code
string tokenStr = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJwZG0yeG9TbWowOXY4R2xWSjlBRm9iNkw3Ylk5aVVXMVdmanhlMWFIeTdrIn0.eyJqdGkiOiI0NzYwYWRmNC04NjNjLTRmMTQtYTYxMC1iNWNkMWMwOTY0YTgiLCJleHAiOjE1NDgyODcxNDAsIm5iZiI6MCwiaWF0IjoxNTQ4Mjg2NTQwLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvbWFzdGVyIiwic3ViIjoiZWZiOTJhY2YtMmUzZS00YWUwLTg0NzUtOTA0NjE5YTVmOTkzIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibXlhcHAiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiI5MTZiODkwMy1jYTUxLTQzZWYtYjM1Ni0wOTkxZGM1ZjE3MzUiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC8iXSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoiU2FkcmFrIEd1bmFkaSIsInByZWZlcnJlZF91c2VybmFtZSI6InNhZHJhayIsImdpdmVuX25hbWUiOiJTYWRyYWsiLCJmYW1pbHlfbmFtZSI6Ikd1bmFkaSIsImVtYWlsIjoic2FkcmFrZ3VuYWRpQGdtYWlsLmNvbSJ9.gJrtdOMLQnbznNg9t9bjmpImuQ9Kf0EZ1DXAkaPJzgzl1HIJMIfPNCjuV4tPuOYIZbdHtzAbyfa1jONCH9fiaovCIU1GSpNcBzcSvyQ_dHnpCpL9V7jwNoHdErlFeLK8aFPAIIHj90ihq-Pbfs3tta1zoLiClj_9m7rNdGOIEiIdPoHOJNoVh80AO9Nn3vAoCJwIoau7nfO9mI5K-FydUB5HyJE8fHE3CmlE4v5LHP-wKOeioBHcTAQTmYUjnQ7A9yp6H1nbLMP0OEm438XQBXYwONpKjq4ylWMUQeuPE8UCNSW49GkqK8G06rWSXn2rAUjhcf-2y_rq-8mIexfLUA";
//step 1
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(
new RSAParameters() {
Modulus = FromBase64Url("hK7fQE3Fl31Dl1MlfBjMH_Qji8cg4EquPBde-Qfm6suf4-F5u-8rwojNtm5sY6P1MAxwQQnP-1ua39S6KK5O9clih_A8rFgZLcJcGReWDda8evTC6oDYBFyhaopjzwwQR8PXXUBF2TvfH_RDbkm-92-zU3t7Uutdiyo2XPCKQ18qI5SvXTMVfrC6AnEStnUzzvkLBbqMYH4JsUoXdmmVyJ3bBXZQWSTqUii8HHP1RYMUHyeBIYq5HjF_kzKJbwsZryJMdH-lVlwahgvzfa8_GpP1Z_JSynfr-OuHodrllS0Blic4R0DDqWgtLZd1_Oc9D9aNPYUUMdkUvPBw5RCGDw"),
Exponent = FromBase64Url("AQAB")
});
var validationParameters = new TokenValidationParameters {
RequireExpirationTime = true,
RequireSignedTokens = true,
ValidateAudience = false,
ValidateIssuer = false,
ValidateLifetime = false,
IssuerSigningKey = new RsaSecurityKey(rsa)
};
SecurityToken validatedSecurityToken = null;
var handler = new JwtSecurityTokenHandler();
handler.ValidateToken(tokenStr, validationParameters, out validatedSecurityToken);
JwtSecurityToken validatedJwt = validatedSecurityToken as JwtSecurityToken;
//step 2
string[] tokenParts = tokenStr.Split('.');
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(
new RSAParameters() {
Modulus = FromBase64Url("hK7fQE3Fl31Dl1MlfBjMH_Qji8cg4EquPBde-Qfm6suf4-F5u-8rwojNtm5sY6P1MAxwQQnP-1ua39S6KK5O9clih_A8rFgZLcJcGReWDda8evTC6oDYBFyhaopjzwwQR8PXXUBF2TvfH_RDbkm-92-zU3t7Uutdiyo2XPCKQ18qI5SvXTMVfrC6AnEStnUzzvkLBbqMYH4JsUoXdmmVyJ3bBXZQWSTqUii8HHP1RYMUHyeBIYq5HjF_kzKJbwsZryJMdH-lVlwahgvzfa8_GpP1Z_JSynfr-OuHodrllS0Blic4R0DDqWgtLZd1_Oc9D9aNPYUUMdkUvPBw5RCGDw"),
Exponent = FromBase64Url("AQAB")
});
SHA256 sha256 = SHA256.Create();
byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(tokenParts[0] + '.' + tokenParts[1]));
RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm("SHA256");
if (rsaDeformatter.VerifySignature(hash, FromBase64Url(tokenParts[2]))) {
Console.WriteLine("signature is verified");
}
else {
Console.WriteLine("signature is invalid");
}