How to validate a JWT token

To validate a JSON Web Token (JWT) in C#, you can use the System.IdentityModel.Tokens.Jwt package, which provides a JwtSecurityTokenHandler class that can decode and validate JWT tokens.

Here's an example of how to validate a JWT token:

using System.IdentityModel.Tokens.Jwt;
using Microsoft.IdentityModel.Tokens;

// Get the token string from the HTTP header, query parameter, or cookie
string tokenString = "...";

// Set up the validation parameters
var validationParameters = new TokenValidationParameters
{
    ValidateIssuer = true,
    ValidIssuer = "http://example.com",
    ValidateAudience = true,
    ValidAudience = "myapp",
    ValidateLifetime = true,
    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("myapp_secret_key"))
};

// Decode and validate the token
var tokenHandler = new JwtSecurityTokenHandler();
try
{
    var claimsPrincipal = tokenHandler.ValidateToken(tokenString, validationParameters, out var validatedToken);
    // The token is valid
}
catch (SecurityTokenException ex)
{
    // The token is invalid
}

In this example, we first get the token string from the HTTP header, query parameter, or cookie. We then set up the validation parameters, which specify the expected issuer, audience, and signing key of the token.

Next, we use the JwtSecurityTokenHandler class to decode and validate the token using the ValidateToken method. If the token is valid, the method returns a ClaimsPrincipal object that contains the claims from the token. If the token is invalid, a SecurityTokenException is thrown.

By using the JwtSecurityTokenHandler class and the TokenValidationParameters class, you can easily validate JWT tokens in C#.

Examples

1. How to validate a JWT token in C#?

   Description: Learn the basics of JWT validation in C# using the Microsoft.IdentityModel.Tokens library.

   using Microsoft.IdentityModel.Tokens;
   using System.IdentityModel.Tokens.Jwt;
   
   public class JwtValidator
   {
       public bool ValidateJwtToken(string jwtToken, string secretKey, string issuer, string audience)
       {
           var tokenHandler = new JwtSecurityTokenHandler();
           var validationParameters = new TokenValidationParameters
           {
               ValidateIssuer = true,
               ValidateAudience = true,
               ValidateLifetime = true,
               ValidateIssuerSigningKey = true,
               IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(secretKey)),
               ValidIssuer = issuer,
               ValidAudience = audience
           };
   
           try
           {
               tokenHandler.ValidateToken(jwtToken, validationParameters, out _);
               return true; // Token is valid
           }
           catch
           {
               return false; // Token validation failed
           }
       }
   }
   

2. How to check JWT expiration during validation in C#?

   Description: Explore how to validate JWT expiration and handle token expiration during the validation process.

   using Microsoft.IdentityModel.Tokens;
   using System.IdentityModel.Tokens.Jwt;
   
   public class JwtValidator
   {
       public bool ValidateJwtToken(string jwtToken, string secretKey, string issuer, string audience)
       {
           var tokenHandler = new JwtSecurityTokenHandler();
           var validationParameters = new TokenValidationParameters
           {
               ValidateIssuer = true,
               ValidateAudience = true,
               ValidateLifetime = true,
               ValidateIssuerSigningKey = true,
               IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(secretKey)),
               ValidIssuer = issuer,
               ValidAudience = audience
           };
   
           try
           {
               tokenHandler.ValidateToken(jwtToken, validationParameters, out _);
               return true; // Token is valid
           }
           catch (SecurityTokenExpiredException)
           {
               return false; // Token has expired
           }
           catch
           {
               return false; // Token validation failed for other reasons
           }
       }
   }
   

3. C# code for validating JWT with custom claims.

   Description: Learn how to validate JWT tokens with custom claims using C#.

   using Microsoft.IdentityModel.Tokens;
   using System.IdentityModel.Tokens.Jwt;
   using System.Security.Claims;
   
   public class JwtValidator
   {
       public bool ValidateJwtTokenWithCustomClaim(string jwtToken, string secretKey, string issuer, string audience, string requiredClaim)
       {
           var tokenHandler = new JwtSecurityTokenHandler();
           var validationParameters = new TokenValidationParameters
           {
               ValidateIssuer = true,
               ValidateAudience = true,
               ValidateLifetime = true,
               ValidateIssuerSigningKey = true,
               IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(secretKey)),
               ValidIssuer = issuer,
               ValidAudience = audience
           };
   
           try
           {
               var claimsPrincipal = tokenHandler.ValidateToken(jwtToken, validationParameters, out _);
               var customClaim = claimsPrincipal.FindFirst(requiredClaim);
   
               return customClaim != null; // Token is valid and contains the required claim
           }
           catch
           {
               return false; // Token validation failed
           }
       }
   }
   

4. How to validate JWT with multiple signing algorithms in C#?

   Description: Explore how to handle various signing algorithms during JWT validation in C#.

   using Microsoft.IdentityModel.Tokens;
   using System.IdentityModel.Tokens.Jwt;
   
   public class JwtValidator
   {
       public bool ValidateJwtTokenWithAlgorithm(string jwtToken, string secretKey, string issuer, string audience, string signingAlgorithm)
       {
           var tokenHandler = new JwtSecurityTokenHandler();
           var validationParameters = new TokenValidationParameters
           {
               ValidateIssuer = true,
               ValidateAudience = true,
               ValidateLifetime = true,
               ValidateIssuerSigningKey = true,
               IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(secretKey)),
               ValidIssuer = issuer,
               ValidAudience = audience,
               ValidAlgorithms = new[] { signingAlgorithm }
           };
   
           try
           {
               tokenHandler.ValidateToken(jwtToken, validationParameters, out _);
               return true; // Token is valid
           }
           catch
           {
               return false; // Token validation failed
           }
       }
   }
   

5. How to validate JWT in C# with role-based access control?

   Description: Learn how to validate JWT tokens and enforce role-based access control in C#.

   using Microsoft.IdentityModel.Tokens;
   using System.IdentityModel.Tokens.Jwt;
   using System.Security.Claims;
   
   public class JwtValidator
   {
       public bool ValidateAndAuthorizeJwtToken(string jwtToken, string secretKey, string issuer, string audience, string requiredRole)
       {
           var tokenHandler = new JwtSecurityTokenHandler();
           var validationParameters = new TokenValidationParameters
           {
               ValidateIssuer = true,
               ValidateAudience = true,
               ValidateLifetime = true,
               ValidateIssuerSigningKey = true,
               IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(secretKey)),
               ValidIssuer = issuer,
               ValidAudience = audience
           };
   
           try
           {
               var claimsPrincipal = tokenHandler.ValidateToken(jwtToken, validationParameters, out _);
               var roleClaim = claimsPrincipal.FindFirst(ClaimTypes.Role);
   
               return roleClaim != null && roleClaim.Value == requiredRole; // Token is valid and user has the required role
           }
           catch
           {
               return false; // Token validation failed
           }
       }
   }
   

6. C# code for handling token revocation during JWT validation.

   Description: Explore how to implement token revocation checks during JWT validation in C#.

   using Microsoft.IdentityModel.Tokens;
   using System.IdentityModel.Tokens.Jwt;
   
   public class JwtValidator
   {
       public bool ValidateJwtToken(string jwtToken, string secretKey, string issuer, string audience, string revokedToken)
       {
           var tokenHandler = new JwtSecurityTokenHandler();
           var validationParameters = new TokenValidationParameters
           {
               ValidateIssuer = true,
               ValidateAudience = true,
               ValidateLifetime = true,
               ValidateIssuerSigningKey = true,
               IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(secretKey)),
               ValidIssuer = issuer,
               ValidAudience = audience
           };
   
           try
           {
               tokenHandler.ValidateToken(jwtToken, validationParameters, out _);
   
               if (jwtToken == revokedToken)
               {
                   return false; // Token has been revoked
               }
   
               return true; // Token is valid
           }
           catch
           {
               return false; // Token validation failed
           }
       }
   }
   

7. How to log JWT validation errors in C#?

   Description: Learn how to log detailed error messages during JWT validation in C#.

   using Microsoft.IdentityModel.Tokens;
   using Serilog;
   using System.IdentityModel.Tokens.Jwt;
   
   public class JwtValidator
   {
       public bool ValidateJwtToken(string jwtToken, string secretKey, string issuer, string audience)
       {
           var tokenHandler = new JwtSecurityTokenHandler();
           var validationParameters = new TokenValidationParameters
           {
               ValidateIssuer = true,
               ValidateAudience = true,
               ValidateLifetime = true,
               ValidateIssuerSigningKey = true,
               IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(secretKey)),
               ValidIssuer = issuer,
               ValidAudience = audience
           };
   
           try
           {
               tokenHandler.ValidateToken(jwtToken, validationParameters, out _);
               return true; // Token is valid
           }
           catch (SecurityTokenException ex)
           {
               Log.Error($"JWT validation failed: {ex.Message}");
               return false; // Token validation failed
           }
       }
   }
   

8. How to validate JWT tokens with audience validation in C#?

   Description: Explore how to perform audience validation during JWT token validation in C#.

   using Microsoft.IdentityModel.Tokens;
   using System.IdentityModel.Tokens.Jwt;
   
   public class JwtValidator
   {
       public bool ValidateJwtTokenWithAudience(string jwtToken, string secretKey, string issuer, string expectedAudience)
       {
           var tokenHandler = new JwtSecurityTokenHandler();
           var validationParameters = new TokenValidationParameters
           {
               ValidateIssuer = true,
               ValidateAudience = true,
               ValidateLifetime = true,
               ValidateIssuerSigningKey = true,
               IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(secretKey)),
               ValidIssuer = issuer,
               ValidAudience = expectedAudience
           };
   
           try
           {
               tokenHandler.ValidateToken(jwtToken, validationParameters, out _);
               return true; // Token is valid
           }
           catch
           {
               return false; // Token validation failed
           }
       }
   }
   

9. C# code for validating JWT tokens with issuer validation.

   Description: Learn how to perform issuer validation during JWT token validation in C#.

   using Microsoft.IdentityModel.Tokens;
   using System.IdentityModel.Tokens.Jwt;
   
   public class JwtValidator
   {
       public bool ValidateJwtTokenWithIssuer(string jwtToken, string secretKey, string expectedIssuer, string audience)
       {
           var tokenHandler = new JwtSecurityTokenHandler();
           var validationParameters = new TokenValidationParameters
           {
               ValidateIssuer = true,
               ValidateAudience = true,
               ValidateLifetime = true,
               ValidateIssuerSigningKey = true,
               IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(secretKey)),
               ValidIssuer = expectedIssuer,
               ValidAudience = audience
           };
   
           try
           {
               tokenHandler.ValidateToken(jwtToken, validationParameters, out _);
               return true; // Token is valid
           }
           catch
           {
               return false; // Token validation failed
           }
       }
   }
   

10. How to validate JWT tokens using public and private key pairs in C#?

    Description: Explore how to validate JWT tokens using public and private key pairs in C#.

    using Microsoft.IdentityModel.Tokens;
    using System.IdentityModel.Tokens.Jwt;
    using System.Security.Cryptography;
    
    public class JwtValidator
    {
        public bool ValidateJwtTokenWithKeys(string jwtToken, RSA rsaPublicKey, RSA rsaPrivateKey, string issuer, string audience)
        {
            var tokenHandler = new JwtSecurityTokenHandler();
            var validationParameters = new TokenValidationParameters
            {
                ValidateIssuer = true,
                ValidateAudience = true,
                ValidateLifetime = true,
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new RsaSecurityKey(rsaPublicKey),
                ValidIssuer = issuer,
                ValidAudience = audience
            };
    
            try
            {
                tokenHandler.ValidateToken(jwtToken, validationParameters, out _);
                return true; // Token is valid
            }
            catch
            {
                return false; // Token validation failed
            }
        }
    }
    

---

More Tags

custom-attributes react-router google-analytics swiperefreshlayout tron sequences tomcat6 owin file linear-interpolation

More C# Questions

• How to use T4 to generate two files at the same time from one template?
• How to disable copy, Paste and delete features on a textbox using C#
• Difference between == operator and Equals() method in C#?
• How does ToString() on an anonymous type work in C#?
• How to check if DateTime.Now is between two given DateTimes for time part only in C#?
• Task.Factory.StartNew vs. Parallel.Invoke in C#
• Using IEnumerator to iterate through a list in C#
• ASP.net Identity 2.0 Sign-out another user

More Transportation Calculators

• Free Online Engine Horsepower Calculator
• Free Online Fuel Cost Calculator
• Free Online Gas Mileage Calculator
• Free Online Horsepower Calculator
• Free Online Mileage Calculator

More Organic chemistry Calculators

• Free Online Chemical Oxygen Demand Calculator
• Free Online Liquid Ethylene Density Calculator
• Free Online Combustion Analysis Calculator
• Free Online Radiocarbon Dating Calculator (Carbon 14 Dating)
• Free Online Double Bond Equivalent Calculator

More Geometry Calculators

• Free Online Slope Calculator
• Free Online Triangle Calculator
• Free Online Area Calculator
• Free Online Surface Area Calculator
• Free Online Pythagorean Theorem Calculator

More Livestock Calculators

• Free Online Animal Mortality Rate Calculator
• Free Online Cattle per Acre Calculator
• Free Online Feed Conversion Ratio Calculator
• Free Online Grain Bin Calculator
• Free Online Livestock Fence Cost Calculator