public string Protect(AuthenticationTicket data)
{
if (data == null)
{
throw new ArgumentNullException("data");
}
if (string.IsNullOrWhiteSpace(this.audienceId))
{
throw new InvalidOperationException("AuthenticationTicket. Properties does not include audience");
}
Audience audience = AudiencesStore.FindAudience(this.audienceId);
var securityKey = GetSymmetricSecurityKey(audience);
var signingCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(securityKey, Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256);
var claims = data.Identity.Claims;
var issued = data.Properties.IssuedUtc;
var expires = data.Properties.ExpiresUtc;
if (!issued.HasValue || !expires.HasValue)
{
return(null);
}
var token = new JwtSecurityToken(this.issuer, this.audienceId, claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingCredentials);
var tokenHandler = new JwtSecurityTokenHandler();
var jwt = tokenHandler.WriteToken(token);
return(jwt);
}
public AuthenticationTicket Unprotect(string protectedText)
{
if (string.IsNullOrWhiteSpace(protectedText))
{
throw new ArgumentNullException("protectedText");
}
var handler = new JwtSecurityTokenHandler();
var token = handler.ReadToken(protectedText) as JwtSecurityToken;
if (token == null)
{
throw new ArgumentOutOfRangeException("protectedText", "Invalid JWT Token");
}
Audience audience = AudiencesStore.FindAudience(this.audienceId);
var validationParameters = new TokenValidationParameters
{
IssuerSigningKey = GetSymmetricSecurityKey(audience),
ValidAudiences = new[] { audience.AudienceId },
ValidateIssuer = true,
ValidIssuer = this.issuer,
ValidateLifetime = true,
ValidateAudience = true,
ValidateIssuerSigningKey = true
};
var tokenHandler = new JwtSecurityTokenHandler();
SecurityToken validatedToken = null;
ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(protectedText, validationParameters, out validatedToken);
var claimsIdentity = (ClaimsIdentity)claimsPrincipal.Identity;
var authenticationExtra = new AuthenticationProperties(new Dictionary <string, string>());
if (claimsIdentity.Claims.Any(c => c.Type == ExpiryClaimName))
{
string expiryClaim = (from c in claimsIdentity.Claims where c.Type == ExpiryClaimName select c.Value).Single();
authenticationExtra.ExpiresUtc = epoch.AddSeconds(Convert.ToInt64(expiryClaim, CultureInfo.InvariantCulture));
}
if (claimsIdentity.Claims.Any(c => c.Type == IssuedAtClaimName))
{
string issued = (from c in claimsIdentity.Claims where c.Type == IssuedAtClaimName select c.Value).Single();
authenticationExtra.IssuedUtc = epoch.AddSeconds(Convert.ToInt64(issued, CultureInfo.InvariantCulture));
}
var returnedIdentity = new ClaimsIdentity(claimsIdentity.Claims, "JWT");
return(new AuthenticationTicket(returnedIdentity, authenticationExtra));
}
