public Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
        {
            AuthenticationHeaderValue authorization = context.Request.Headers.Authorization;

            if (authorization != null && string.Equals(authorization.Scheme, "Bearer", StringComparison.OrdinalIgnoreCase))
            {
                string defaultKey = Util.GetDefaultKeyValue();
                if (defaultKey != null)
                {
                    var validationParameters = new TokenValidationParameters()
                    {
                        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(defaultKey)),
                        ValidateAudience = true,
                        ValidateIssuer   = true,
                        ValidAudience    = string.Format(AdminJwtValidAudienceFormat, Instance.GetSetting(AzureWebsiteName)),
                        ValidIssuer      = string.Format(AdminJwtValidIssuerFormat, Instance.GetSetting(AzureWebsiteName))
                    };

                    if (JwtGenerator.IsTokenValid(authorization.Parameter, validationParameters))
                    {
                        context.Request.SetAuthorizationLevel(AuthorizationLevel.Admin);
                    }
                }
            }

            return(Task.CompletedTask);
        }
        public void IssuedToken_WithDefaultValidation_SucceedsValidation()
        {
            using (var variables = new TestScopedEnvironmentVariable(Constants.AzureWebsiteLocalEncryptionKey, TestKeyValue))
            {
                var token = JwtGenerator.GenerateToken("testissuer", "testaudience");

                bool result = JwtGenerator.IsTokenValid(token);

                Assert.True(result);
            }
        }
        public void IssuedToken_WithInvalidValues_FailsValidation()
        {
            using (var variables = new TestScopedEnvironmentVariable(Constants.AzureWebsiteLocalEncryptionKey, TestKeyValue))
            {
                var token = JwtGenerator.GenerateToken("testissuer", "testaudience");

                var testParameters = new TokenValidationParameters()
                {
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(TestKeyValue)),
                    ValidateIssuer   = true,
                    ValidateAudience = true
                };

                bool result = JwtGenerator.IsTokenValid(token, testParameters);

                Assert.False(result);
            }
        }