private async void onVerifyClick(object sender, RoutedEventArgs e)
{
// do something
string issuer = "";
List<SecurityToken> signingTokens = null;
try
{
string stsDiscoveryEndpoint = string.Format("{0}/.well-known/openid-configuration", authority);
ConfigurationManager<OpenIdConnectConfiguration> configManager = new ConfigurationManager<OpenIdConnectConfiguration>(stsDiscoveryEndpoint);
OpenIdConnectConfiguration config = await configManager.GetConfigurationAsync();
issuer = config.Issuer;
signingTokens = config.SigningTokens.ToList();
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
TokenValidationParameters validationParameters = new TokenValidationParameters
{
ValidAudience = audience,
ValidIssuer = issuer,
IssuerSigningTokens = signingTokens,
CertificateValidator = X509CertificateValidator.None
};
// Validate token.
SecurityToken validatedToken = new JwtSecurityToken();
ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(m_access_token, validationParameters, out validatedToken);
var puid = claimsPrincipal.FindFirst(@"puid");
MessageBox.Show("Verify Access token success! ");
}
catch(Exception ex)
{
string message = ex.Message;
if (ex.InnerException != null)
{
message += "Verifing Access token get Inner Exception : " + ex.InnerException.Message;
}
MessageBox.Show(message);
}
}
//
// SendAsync checks that incoming requests have a valid access token, and sets the current user identity using that access token.
//
protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
string authHeader = null;
string jwtToken = null;
string issuer;
string stsDiscoveryEndpoint = string.Format("{0}/.well-known/openid-configuration", authority);
List<SecurityToken> signingTokens;
// The header is of the form "bearer <accesstoken>", so extract to the right of the whitespace to find the access token.
authHeader = HttpContext.Current.Request.Headers["Authorization"];
if (authHeader != null)
{
int startIndex = authHeader.LastIndexOf(' ');
if (startIndex > 0)
{
jwtToken = authHeader.Substring(startIndex).Trim();
}
}
if (jwtToken == null)
{
HttpResponseMessage response = BuildResponseErrorMessage(HttpStatusCode.Unauthorized);
return response;
}
try
{
// The issuer and signingTokens are cached for 24 hours. They are updated if any of the conditions in the if condition is true.
if (DateTime.UtcNow.Subtract(_stsMetadataRetrievalTime).TotalHours > 24
|| string.IsNullOrEmpty(_issuer)
|| _signingTokens == null)
{
// Get tenant information that's used to validate incoming jwt tokens
ConfigurationManager<OpenIdConnectConfiguration> configManager = new ConfigurationManager<OpenIdConnectConfiguration>(stsDiscoveryEndpoint);
OpenIdConnectConfiguration config = await configManager.GetConfigurationAsync();
_issuer = config.Issuer;
_signingTokens = config.SigningTokens.ToList();
_stsMetadataRetrievalTime = DateTime.UtcNow;
}
issuer = _issuer;
signingTokens = _signingTokens;
}
catch (Exception)
{
return new HttpResponseMessage(HttpStatusCode.InternalServerError);
}
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
TokenValidationParameters validationParameters = new TokenValidationParameters
{
ValidAudience = audience,
ValidIssuer = issuer,
IssuerSigningTokens = signingTokens,
CertificateValidator = X509CertificateValidator.None
};
try
{
// Validate token.
SecurityToken validatedToken = new JwtSecurityToken();
ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(jwtToken, validationParameters, out validatedToken);
// Set the ClaimsPrincipal on the current thread.
Thread.CurrentPrincipal = claimsPrincipal;
// Set the ClaimsPrincipal on HttpContext.Current if the app is running in web hosted environment.
if (HttpContext.Current != null)
{
HttpContext.Current.User = claimsPrincipal;
}
// If the token is scoped, verify that required permission is set in the scope claim.
if (ClaimsPrincipal.Current.FindFirst(scopeClaimType) != null && ClaimsPrincipal.Current.FindFirst(scopeClaimType).Value != "user_impersonation")
{
HttpResponseMessage response = BuildResponseErrorMessage(HttpStatusCode.Forbidden);
return response;
}
return await base.SendAsync(request, cancellationToken);
}
catch (SecurityTokenValidationException)
{
HttpResponseMessage response = BuildResponseErrorMessage(HttpStatusCode.Unauthorized);
return response;
}
catch (Exception)
{
return new HttpResponseMessage(HttpStatusCode.InternalServerError);
}
}
