Sign up for our newsletter and receive a free copy of our book .NET Web Application Logging Essentials
"What a great idea, ELMAH (Error Logging) for .NET in the cloud."
What can it do?
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. In modern web development, JWTs are the backbone of OpenID Connect and OAuth 2.0, used extensively in ASP.NET Core for securing APIs.
A JWT is a string separated by dots into three parts: the Header, the Payload, and the Signature.
When working with .NET Identity or Microsoft.AspNetCore.Authentication.JwtBearer, you often encounter tokens that aren't behaving as expected. Perhaps the user has the wrong claims, or the "Issued At" (iat) time is skewed. Using a text editor to inspect these is inefficient because the data is Base64Url encoded.
Using the elmah.io JWT Decoder, you can paste a raw token and immediately see the underlying JSON structure.
- Tabular View: We automatically parse the payload into a readable table. This is especially useful for .NET developers checking for specific claims like
http://schemas.microsoft.com/ws/2008/06/identity/claims/role. - Signature Verification: You can provide your secret key or public certificate to verify if the signature is valid. This helps diagnose "Signature verification failed" errors in your middleware.
- Local Processing: Privacy is critical. All decoding and parsing are performed 100% in your browser using JavaScript. Your tokens and secrets are never sent to our servers.
- C# Integration: Once you’ve inspected the token, use the Export to C# feature to generate a typed model or validation logic, saving you from manual boilerplate code.
A typical JWT looks like this string:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5cWhen decoded, the payload reveals the JSON data:
{
"sub": "1234567890",
"name": "John Doe",
"admin": true,
"iat": 1516239022
}If you are trying to manually validate a token in a .NET console app or background service, you would typically use System.IdentityModel.Tokens.Jwt:
var handler = new JwtSecurityTokenHandler();
var jsonToken = handler.ReadToken(stream) as JwtSecurityToken;
// Inspecting a specific claim
var name = jsonToken.Claims.First(claim => claim.Type == "name").Value;This tool replaces the need to write "throwaway" debug code just to see what is inside your Bearer token.
We monitor your websites
We monitor your websites for crashes and availability. This helps you get an overview of the quality of your applications and to spot trends in your releases.
We notify you
We notify you when errors starts happening using Slack, Microsoft Teams, mail or other forms of communication to help you react to errors before your users do.
We help you fix bugs
We help you fix bugs quickly by combining error diagnostic information with innovative quick fixes and answers from Stack Overflow and social media.
We monitor your websites
We monitor your websites for crashes and availability. This helps you get an overview of the quality of your applications and to spot trends in your releases.
We notify you
We notify you when errors starts happening using Slack, Microsoft Teams, mail or other forms of communication to help you react to errors before your users do.
We help you fix bugs
We help you fix bugs quickly by combining error diagnostic information with innovative quick fixes and answers from Stack Overflow and social media.