在ADFS(Active Directory Federation Services)中,可以使用Token Validation Endpoint(令牌验证端点)来检查令牌的有效性。以下是使用C#代码示例进行令牌检查的解决方法:
using System;
using System.IdentityModel.Protocols.WSTrust;
using System.IdentityModel.Tokens;
public class TokenValidator
{
public static bool ValidateToken(string token)
{
// ADFS token validation endpoint URL
string adfsTokenValidationEndpoint = "https://your-adfs-server/adfs/services/trust/13/username";
try
{
var tokenHandler = new JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKeys = new X509SecurityKey(new X509Certificate2("adfs-signing-certificate.pfx", "certificate-password")),
ValidAudience = "your-audience",
ValidIssuer = "your-issuer",
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
SecurityToken validatedToken;
var principal = tokenHandler.ValidateToken(token, validationParameters, out validatedToken);
// Check if the token was issued by ADFS
if (validatedToken.Issuer == adfsTokenValidationEndpoint)
{
// Token is valid and issued by ADFS
return true;
}
else
{
// Token is invalid or not issued by ADFS
return false;
}
}
catch (Exception ex)
{
// Exception occurred during token validation
Console.WriteLine(ex.Message);
return false;
}
}
}
在上面的代码示例中,我们使用JwtSecurityTokenHandler
类来解析和验证令牌。TokenValidationParameters
类用于设置验证令牌的参数,包括签名密钥、受众、发行者、生命周期等。在ValidateToken
方法中,我们首先验证令牌的签名和有效性,然后检查令牌的发行者是否为ADFS的令牌验证端点。如果是,则表示令牌有效并由ADFS签发。
请注意,你需要将代码中的占位符(如ADFS令牌验证端点URL、签名证书、受众和发行者)替换为实际的值。此外,你还需要确保你的应用程序具有访问ADFS令牌验证端点的权限。