对于第一个问题,我建议您从此处提出反馈
,如果您需要此功能。
至于第二个问题,验证来自Azure AD B2C和普通Azure AD的令牌相同。我们可以使用指数(
e
)和模数(
n
)生成公钥。但是密钥终结点不同,我们需要使用以下链接检索Azure AD B2C的密钥:
https://login.microsoftonline.com/{tenant}/discovery/v2.0/keys?p={signInPolicy}
以下是验证Azure AD B2C发行的令牌的代码,供您参考:
static void Main(string[] args)
{
var idtoken = "";
var exponent = "AQAB";
var modulus = "";
var result= VerifyTokenDetails(idtoken, exponent, modulus);
}
private static bool VerifyTokenDetails(string idToken, string exponent, string modulus)
{
try
{
var parts = idToken.Split('.');
var header = parts[0];
var payload = parts[1];
string signedSignature = parts[2];
string userInfo = Encoding.UTF8.GetString(Base64UrlDecode(payload));
string originalMessage = string.Concat(header, ".", payload);
byte[] keyBytes = Base64UrlDecode(modulus);
string keyBase = Convert.ToBase64String(keyBytes);
string key = @"<RSAKeyValue> <Modulus>" + keyBase + "</Modulus> <Exponent>" + exponent + "</Exponent> </RSAKeyValue>";
bool result = VerifyData(originalMessage, signedSignature, key);
if (result)
return true;
else
return false;
}
catch (Exception ex) { }
return false;
}
private static bool VerifyData(string originalMessage, string signedMessage, string publicKey)
{
bool success = false;
using (var rsa = new RSACryptoServiceProvider())
{
var encoder = new UTF8Encoding();
byte[] bytesToVerify = encoder.GetBytes(originalMessage);
byte[] signedBytes = Base64UrlDecode(signedMessage);
try
{
rsa.FromXmlString(publicKey);
SHA256Managed Hash = new SHA256Managed();
byte[] hashedData = Hash.ComputeHash(signedBytes);
success = rsa.VerifyData(bytesToVerify, CryptoConfig.MapNameToOID("SHA256"), signedBytes);
}
catch (CryptographicException e)
{
success = false;
}
finally
{
rsa.PersistKeyInCsp = false;
}
}
return success;
}
private static byte[] Base64UrlDecode(string input)
{
var output = input;
output = output.Replace('-', '+');
output = output.Replace('_', '/');
switch (output.Length % 4)
{
case 0: break;
case 2: output += "=="; break;
case 3: output += "="; break;
default: throw new System.Exception("Illegal base64url string!");
}
var converted = Convert.FromBase64String(output);
return converted;
}