Search code examples

Token handler unable to convert the token to jwt token

I'm trying to convert my token string to jwt token using JwtSecurityTokenHandler. But it's getting error that saying

IDX12709: CanReadToken() returned false. JWT is not well formed: '[PII is hidden]'.\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.

How can I solve this issue?

Here is my token


var tokenHandler = new JwtSecurityTokenHandler();
var jwtToken = tokenHandler.ReadToken(token) as JwtSecurityToken;

Calling web api

using (HttpClient client = new HttpClient())
                string path = "UserMaintenance/ValidateUserId?userid=" + txtUsername.Text.Trim().ToString();
                client.BaseAddress = new Uri(GlobalData.BaseUri);
                client.DefaultRequestHeaders.Add("Authorization", "Bearer" + GlobalData.Token);
                HttpResponseMessage response = client.GetAsync(path).Result;
                if (response.IsSuccessStatusCode)
                    var value = response.Content.ReadAsStringAsync().Result;
                    isValid = JsonConvert.DeserializeObject<bool>(value);

Here is my GetPrincipal method

public static ClaimsPrincipal GetPrincipal(string token)
            var symmetricKey = Convert.FromBase64String(Secret);
            var validationParameters = new TokenValidationParameters()
                RequireExpirationTime = true,
                ValidateIssuer = false,
                ValidateAudience = false,
                IssuerSigningKey = new SymmetricSecurityKey(symmetricKey)

            var handler = new JwtSecurityTokenHandler();

            SecurityToken securityToken;
            var principal = handler.ValidateToken(token, validationParameters, out securityToken);

            return principal;

        catch (Exception ex)
            return null;


  • This is how I do it and it works for me:

    var token = new System.IdentityModel.Tokens.JwtSecurityToken(jwt);  

    The above line works for System.IdentityModel.Tokens.Jwt package version 4.0.0. As @Nick commented, in the latest versions of the package, the JwtSecurityToken does not exist in the previous namespace anymore, instead it exists in System.IdentityModel.Tokens.Jwt so you need to write: var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(jwt);

    Unless your token is not well-formed. It would be better if you share the token too.


    You also need to remove the word "Bearer " from the beginning of the token (If you haven't):

     var jwt = context.Request.Headers["Authorization"].Replace("Bearer ", string.Empty);