参考:https://long2know.com/2015/05/decrypting-owin-authentication-ticket/
AuthServer产生的Token因为没有制定自定义的加密逻辑,所以会使用默认的加密算法,故只能被AuthServer自身解密。
所以下列代码必须写在AuthServer项目内部才能使用。
using Microsoft.Owin.Security; using Microsoft.Owin.Security.DataHandler; using Microsoft.Owin.Security.DataProtection; using Microsoft.Owin.Security.OAuth; using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Security.Claims; using System.Web.Http; using System.Web.Http.Results; using System.IdentityModel.Tokens; using Microsoft.Owin.Security.Jwt; namespace DIH.Core.AuthServer.IIS { [RoutePrefix("api/my")] public class MyController : ApiController { public MyController() { } [Route("", Name = "DecryptToken")] [HttpPost] public IHttpActionResult DecryptToken([FromBody]string token) { token = "3l4Bg-xYshdFlaD4In_RZLoDUyx-BcMyVafx97WMPrm59hyQzovjbANjCQ6Yaz6C9OnYSoGy5WvrB79lKdncUIEcxACFrdTGFzTlyTqPOrwm7HwpCa-zTPVnk3jBgq72joub58FPKxQozdyN0JqvIgB6MyRX9GfVukS2tGQltEQHCJGJDmRYfcUo0l4YTgomA9zYWIE_ERryYkeXL1zN0WKHX_QrYTADRaPKcniZ-iMoZ7v9i5vSV_GFGdDJ4BYS"; var secureDataFormat = new TicketDataFormat(new MachineKeyProtector()); AuthenticationTicket ticket = secureDataFormat.Unprotect(token); string AuthenticationType = ticket.Identity.AuthenticationType; List<Claim> lstClaim = ticket.Identity.Claims.Select(claim => claim).ToList(); var a = new Microsoft.Owin.Security.Jwt.JwtFormat(new TokenValidationParameters() { }); string jwt = a.Protect(ticket); return Ok(jwt); } } /// <summary> /// Helper method to decrypt the OWIN ticket /// </summary> class MachineKeyProtector : IDataProtector { private readonly string[] _purpose = new string[] { typeof(OAuthAuthorizationServerMiddleware).Namespace, "Access_Token", "v1" }; public byte[] Protect(byte[] userData) { //throw new NotImplementedException(); return System.Web.Security.MachineKey.Protect(userData, _purpose); } public byte[] Unprotect(byte[] protectedData) { return System.Web.Security.MachineKey.Unprotect(protectedData, _purpose); } } }