JWT Verification Outside of an ASP.NET Application

JSON Web Tokens (JWTs) are common in today’s web-based world. The notion of JWTs works really well inside of the SPA to Web API world that many of us are currently developing. In these systems, the JWT is created by the user when the signs into the system. After sign-in, a JWT is created and often stored it the user’s browser, usually in the form of a cookie.

Configuring an ASP.NET site to work with a JWT is very easy. There is lots of documentation out there on how to use JWT with an ASP.NET website.

But what if you wanted to just create a JWT, and then validate it? How would you do that in raw code?

It’s actually pretty simple. Microsoft provides the JwtSecurityTokenHandler class to do most of the hard work for us. We just need to use the CreateJwtSecurityToken method to create the token and then write the token using the WriteToken method.

Reading or decoding the JWT is pretty simple too. Just use the ValidateToken method on the same JwtSecurityTokenHandler.

Manually creating and decode JWTs isn’t something you will probably ever do, but it is nice to know that.NET Core gives you the ability to do this manually if you want to.