Post
Ask Question

How To Validate Azure AD Token Using Console Application

In this article, you will see how to validate Azure AD token using Console Application.
 
Prerequisites
 
I have created an Azure App Service and I will log in to that application to get the access token which will be validated.
 
Go to Developer Tools -> Network and copy the access token.
 
How To Validate Azure AD Token Using Console Application
 
Navigate to Azure Portal (https://portal.azure.com) -> Azure Active Directory -> App Registrations -> Click on the App registered.
 
Copy the tenant and application ID.
 
How To Validate Azure AD Token Using Console Application
 
In the left navigation, click Certificates & Secrets. Create new client secret and copy the secret.
 

Console Application

 
Create a new console application using Visual Studio 2019. Install the following NuGet packages.
  • Microsoft.IdentityModel.Protocols.OpenIdConnect
  • System.IdentityModel.Tokens.Jwt
  • Microsoft.Owin.Security.Jwt
Copy and paste the following code. Update the below variables with your values (Copied from previous steps).
  • Token – access token copied from developer tool
  • mySecret – App Secret Key
  • myTenant – Tenant ID
  • myAudience – Application ID
  • myIssuer - https://login.microsoftonline.com/<tenantID>/v2.0
  1. using Microsoft.IdentityModel.Protocols;  
  2. using Microsoft.IdentityModel.Protocols.OpenIdConnect;  
  3. using Microsoft.IdentityModel.Tokens;  
  4. using System;  
  5. using System.Collections.Generic;  
  6. using System.Configuration;  
  7. using System.Globalization;  
  8. using System.IdentityModel.Tokens.Jwt;  
  9. using System.Linq;  
  10. using System.Linq.Expressions;  
  11. using System.Text;  
  12. using System.Threading.Tasks;  
  13.   
  14.   
  15.   
  16. namespace AzureADTokenValidation  
  17. {  
  18.     class Program  
  19.     {  
  20.         static async Task Main(string[] args)  
  21.         {  
  22.             string token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IkN0VHVoTUptRDVNN0RMZHpEMnYyeDNRS1NSWSJ9.eyJhdWQiOiI3YjFjZTFhZC1hZjE1LTRlNWYtOWFlNC1hYWYwYTY4YTdhYjQiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vZThlNmQwMTgtYTgzNC00MDZiLTlmNDMtMmU5NGFlNDI1ODc2L3YyLjAiLCJpYXQiOjE1ODkyODQ2OTEsIm5iZiI6MTU4OTI4NDY5MSwiZXhwIjoxNTg5Mjg4NTkxLCJhaW8iOiJBVVFBdS84UEFBQUEyNWpRNzJBc3IyWHBYMEJlUkZRNU1lTTdSLy8zbnpIbUxDUHNYekJYRWZpSGlkQWM4Y0RPNHJoUUVEdk56OWtnRTdPK1pYbmxNTTVRNmk4RjZYY0hLZz09IiwibmFtZSI6IlZpamFpIEFuYW5kIFJhbWFsaW5nYW0iLCJub25jZSI6IjY1OWM5MjU0LTQyN2YtNDg5MC05ODQ5LTU0ZTk1Yjc0NDYyNCIsIm9pZCI6ImU2YmFkYTg2LTk4NDktNGFhNC1hZWQ0LTg5YzZlZmE5YTc0MSIsInByZWZlcnJlZF91c2VybmFtZSI6InZpamFpYW5hbmRAQzk4Ni5vbm1pY3Jvc29mdC5jb20iLCJzdWIiOiJIdjhtQ3RDVkx1NW8wYklrSDJVd2RCTnVUWTlqeC1RNUU4LTVuYU5pdkFJIiwidGlkIjoiZThlNmQwMTgtYTgzNC00MDZiLTlmNDMtMmU5NGFlNDI1ODc2IiwidXRpIjoiVml0alZEcVh5RS0yaWNLQUlRT19BQSIsInZlciI6IjIuMCJ9.UAT3FkgCBYqM7Mfux1V-yF1QTqg0Dlz4Y2G8VQqNqg3WXWdQWf8v4MHcrZVzycV6FSA0-C4ANRpkBxeX1mdmtic4l6e5onOsRS3r_PsWpp7mew_XlTt9TQ1W1pO5dn6lw6J4U3k41kmXVAPwH9hbZNEmVVM6KjNQLW-SdCfaJJIB0XVIqEK2HOlBPxSI8hugh9S5yRMYz6-xi7SrG-wQJtsa9s7Wz5O4FYW2YmjHdUIdj_xwJbfS6_rknJetO756okz4tHY70N3GAKlr_zvfXvuAMjXfsXQNQN5-TQnDcWVkvK6SrhCGQunlPmjvvTvJyp7KLZVrRhxnz8w98yaEfA";  
  23.             string myTenant = "e8e6d018-a834-406b-9f43-2e94ae425876";  
  24.             var myAudience = "7b1ce1ad-af15-4e5f-9ae4-aaf0a68a7ab4";  
  25.             var myIssuer = String.Format(CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{0}/v2.0", myTenant);  
  26.             var mySecret = "t.GDqjoBYBhB.tRC@lbq1GdslFjk8=57";  
  27.             var mySecurityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(mySecret));              
  28.             var stsDiscoveryEndpoint = String.Format(CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{0}/.well-known/openid-configuration", myTenant);  
  29.             var configManager = new ConfigurationManager<OpenIdConnectConfiguration>(stsDiscoveryEndpoint, new OpenIdConnectConfigurationRetriever());  
  30.             var config = await configManager.GetConfigurationAsync();  
  31.   
  32.             var tokenHandler = new JwtSecurityTokenHandler();  
  33.   
  34.             var validationParameters = new TokenValidationParameters  
  35.             {  
  36.                 ValidAudience = myAudience,  
  37.                 ValidIssuer = myIssuer,  
  38.                 IssuerSigningKeys = config.SigningKeys,  
  39.                 ValidateLifetime = false,  
  40.                 IssuerSigningKey = mySecurityKey  
  41.             };  
  42.   
  43.             var validatedToken = (SecurityToken)new JwtSecurityToken();  
  44.   
  45.             // Throws an Exception as the token is invalid (expired, invalid-formatted, etc.)  
  46.             tokenHandler.ValidateToken(token, validationParameters, out validatedToken);  
  47.             Console.WriteLine(validatedToken);  
  48.             Console.ReadLine();  
  49.         }  
  50.     }  
  51. }  

Build and Test the solution

 
Hit F5. Azure AD token is validated and the validated token is displayed as shown below.
 
How To Validate Azure AD Token Using Console Application
 

Summary

 
Thus, in this article, you saw how to validate Azure AD token using Console Application.


Similar Articles