private static SecurityToken ReadToken(AccessSecurityTokenHandler handler, string tokenString)
{
using (var reader = tokenString.AsXmlReader(true))
{
reader.MoveToContent();
var readToken = handler.ReadToken(reader);
return(readToken);
}
}
private static void TestMalformedTokens()
{
var expiredToken = File.ReadAllText("ExpiredToken.xml");
var tamperedToken = File.ReadAllText("TamperedToken.xml");
var handler = new AccessSecurityTokenHandler()
{
Configuration = new SecurityTokenHandlerConfiguration()
};
ConfigureHandler(handler.Configuration);
try
{
using (var reader = expiredToken.AsXmlReader(true))
{
Console.WriteLine("\nReading expired token");
var readToken = handler.ReadToken(reader);
handler.ValidateToken(readToken);
}
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
try
{
using (var reader = tamperedToken.AsXmlReader(true))
{
Console.WriteLine("\nReading tampered token");
var readToken = handler.ReadToken(reader);
handler.ValidateToken(readToken);
}
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
}