public void JwtSecurityTokenHandler_Extensibility() { DerivedJwtSecurityTokenHandler handler = new DerivedJwtSecurityTokenHandler() { DerivedTokenType = typeof(DerivedJwtSecurityToken) }; JwtSecurityToken jwt = new JwtSecurityToken ( issuer: Default.Issuer, audience: Default.Audience, claims: ClaimSets.Simple(Default.Issuer, Default.Issuer), signingCredentials: KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2, expires: DateTime.UtcNow + TimeSpan.FromHours(10), notBefore: DateTime.UtcNow ); string encodedJwt = handler.WriteToken(jwt); TokenValidationParameters tvp = new TokenValidationParameters() { IssuerSigningKey = KeyingMaterial.DefaultX509Key_2048, ValidateAudience = false, ValidIssuer = Default.Issuer, }; List <string> errors = new List <string>(); ValidateDerived(encodedJwt, handler, tvp, ExpectedException.NoExceptionExpected, errors); }
public static JwtSecurityToken CreateJwtSecurityToken(string issuer = null, string originalIssuer = null) { string iss = issuer ?? IdentityUtilities.DefaultIssuer; string originalIss = originalIssuer ?? IdentityUtilities.DefaultOriginalIssuer; return(new JwtSecurityToken(issuer, "http://www.contoso.com", ClaimSets.Simple(iss, originalIss))); }
/// <summary> /// Clears the cache, the database will be hit lazily. /// </summary> protected void Reset() { Application.Reset(); Actions.Reset(); ClaimSets.Reset(); ResourceClaims.Reset(); AuthorizationStrategies.Reset(); ClaimSetResourceClaimActions.Reset(); ResourceClaimActions.Reset(); }
public static TheoryData <JwtTheoryData> RoundTripTokensTheoryData() { var theoryData = new TheoryData <JwtTheoryData>(); var handler = new JwtSecurityTokenHandler(); theoryData.Add(new JwtTheoryData { TestId = "Test1", TokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(null), ValidationParameters = Default.AsymmetricSignTokenValidationParameters, }); theoryData.Add(new JwtTheoryData { TestId = "Test2", TokenDescriptor = new SecurityTokenDescriptor(), ValidationParameters = new TokenValidationParameters { RequireSignedTokens = false, ValidateAudience = false, ValidateLifetime = false, ValidateIssuer = false, } }); theoryData.Add(new JwtTheoryData { TestId = "Test3", TokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(ClaimSets.DuplicateTypes()), ValidationParameters = Default.AsymmetricSignTokenValidationParameters, }); theoryData.Add(new JwtTheoryData { TestId = "Test4", TokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(ClaimSets.DefaultClaims), ValidationParameters = Default.AsymmetricSignTokenValidationParameters }); theoryData.Add(new JwtTheoryData { TestId = "Test5", TokenDescriptor = Default.SymmetricSignSecurityTokenDescriptor(ClaimSets.DefaultClaims), ValidationParameters = Default.SymmetricEncryptSignTokenValidationParameters }); theoryData.Add(new JwtTheoryData { TestId = "Test6", TokenDescriptor = Default.SymmetricSignSecurityTokenDescriptor(ClaimSets.GetDefaultRoleClaims(handler)), ValidationParameters = Default.SymmetricEncryptSignTokenValidationParameters }); return(theoryData); }
public void Variations() { var context = new CompareContext(); RunAudienceVariation(ClaimSets.MultipleAudiences(), IdentityUtilities.DefaultAudiences, context); RunAudienceVariation(ClaimSets.SingleAudience(), new List <string> { IdentityUtilities.DefaultAudience }, context); TestUtilities.AssertFailIfErrors("AudienceValidation: ", context.Diffs); }
public void Variations() { var context = new CompareContext { IgnoreType = true }; RunAudienceVariation(ClaimSets.MultipleAudiences(), Default.Audiences, context); RunAudienceVariation(ClaimSets.SingleAudience(), new List <string> { Default.Audience }, context); TestUtilities.AssertFailIfErrors("AudienceValidation: ", context.Diffs); }
public static TheoryData <string, string, TokenValidationParameters, JwtPayload, ExpectedException> CreationJWEParams() { var theoryData = new TheoryData <string, string, TokenValidationParameters, JwtPayload, ExpectedException>(); JwtPayload expectedPayload = new JwtPayload(ClaimSets.DefaultClaimsAsCreatedInPayload()); theoryData.Add( "Test1", EncodedJwts.JweTest1, Default.SymmetricEncyptSignInfiniteLifetimeTokenValidationParameters, expectedPayload, ExpectedException.NoExceptionExpected ); theoryData.Add( "Test2", EncodedJwts.JweTest2, Default.SymmetricEncyptSignInfiniteLifetimeTokenValidationParameters, expectedPayload, ExpectedException.NoExceptionExpected ); // signing key not found theoryData.Add( "Test3", EncodedJwts.JweTest3, new TokenValidationParameters { IssuerSigningKey = NotDefault.SymmetricSigningKey256, TokenDecryptionKey = Default.SymmetricEncryptionKey256, ValidateLifetime = false }, expectedPayload, ExpectedException.SecurityTokenSignatureKeyNotFoundException("IDX10501:") ); // encryption key not found theoryData.Add( "Test4", EncodedJwts.JweTest4, new TokenValidationParameters { IssuerSigningKey = Default.SymmetricSigningKey256, TokenDecryptionKey = NotDefault.SymmetricEncryptionKey, ValidateLifetime = false }, expectedPayload, ExpectedException.SecurityTokenDecryptionFailedException("IDX10609:") ); return(theoryData); }
public void RoleClaims() { JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); TokenValidationParameters validationParameters = new TokenValidationParameters { RequireSignedTokens = false, ValidateAudience = false, ValidateIssuer = false }; DateTime utcNow = DateTime.UtcNow; DateTime expire = utcNow + TimeSpan.FromHours(1); ClaimsIdentity subject = new ClaimsIdentity(claims: ClaimSets.GetDefaultRoleClaims(null)); JwtSecurityToken jwtToken = handler.CreateJwtSecurityToken(Default.Issuer, Default.Audience, subject, utcNow, expire, utcNow); SecurityToken securityToken; ClaimsPrincipal principal = handler.ValidateToken(jwtToken.RawData, validationParameters, out securityToken); CheckForRoles(ClaimSets.GetDefaultRoles(), new string[] { Guid.NewGuid().ToString(), Guid.NewGuid().ToString() }, principal); ClaimsIdentity expectedIdentity = new ClaimsIdentity( authenticationType: "Federation", claims: ClaimSets.GetDefaultRoleClaims(handler) ); expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Iss, Default.Issuer, ClaimValueTypes.String, Default.Issuer)); expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Aud, Default.Audience, ClaimValueTypes.String, Default.Issuer)); expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Exp, EpochTime.GetIntDate(expire).ToString(), ClaimValueTypes.Integer, Default.Issuer)); expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Nbf, EpochTime.GetIntDate(utcNow).ToString(), ClaimValueTypes.Integer, Default.Issuer)); expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Iat, EpochTime.GetIntDate(utcNow).ToString(), ClaimValueTypes.Integer, Default.Issuer)); CompareContext context = new CompareContext { IgnoreType = true }; IdentityComparer.AreEqual(principal.Claims, expectedIdentity.Claims, context); TestUtilities.AssertFailIfErrors(GetType().ToString() + ".RoleClaims", context.Diffs); }
public void ClaimSourceAndClaimName() { string claimSources = "_claim_sources"; string claimNames = "_claim_names"; var context = new CompareContext(); JwtPayload payload = new JwtPayload(); payload.Add(claimSources, JsonClaims.ClaimSourcesAsDictionary); payload.Add(claimNames, JsonClaims.ClaimNamesAsDictionary); payload.Add("iss", IdentityUtilities.DefaultIssuer); JwtSecurityToken jwtToken = new JwtSecurityToken(new JwtHeader(), payload); JwtSecurityTokenHandler jwtHandler = new JwtSecurityTokenHandler(); string encodedJwt = jwtHandler.WriteToken(new JwtSecurityToken(new JwtHeader(), payload)); var validationParameters = new TokenValidationParameters { IssuerValidator = (issuer, st, tvp) => { return(issuer); }, RequireSignedTokens = false, ValidateAudience = false, ValidateLifetime = false, }; SecurityToken validatedJwt = null; var claimsPrincipal = jwtHandler.ValidateToken(encodedJwt, validationParameters, out validatedJwt); var expectedIdentity = JsonClaims.ClaimsIdentityDistributedClaims( IdentityUtilities.DefaultIssuer, TokenValidationParameters.DefaultAuthenticationType, JsonClaims.ClaimSourcesAsDictionary, JsonClaims.ClaimNamesAsDictionary); IdentityComparer.AreEqual(claimsPrincipal.Identity as ClaimsIdentity, expectedIdentity, context); jwtToken = new JwtSecurityToken(new JwtHeader(), new JwtPayload(IdentityUtilities.DefaultIssuer, null, ClaimSets.EntityAsJsonClaim(IdentityUtilities.DefaultIssuer, IdentityUtilities.DefaultIssuer), null, null)); encodedJwt = jwtHandler.WriteToken(jwtToken); SecurityToken validatedToken; var cp = jwtHandler.ValidateToken(encodedJwt, validationParameters, out validatedToken); IdentityComparer.AreEqual( cp.FindFirst(typeof(Entity).ToString()), new Claim(typeof(Entity).ToString(), JsonExtensions.SerializeToJson(Entity.Default), JsonClaimValueTypes.Json, IdentityUtilities.DefaultIssuer, IdentityUtilities.DefaultIssuer, cp.Identity as ClaimsIdentity), context); TestUtilities.AssertFailIfErrors(context.Diffs); }
public static TheoryData <CreateAndValidateParams> CreationParams() { var theoryData = new TheoryData <CreateAndValidateParams>(); var handler = new JwtSecurityTokenHandler(); theoryData.Add(new CreateAndValidateParams { Case = "Test1", SecurityTokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(null), TokenValidationParameters = Default.AsymmetricSignTokenValidationParameters, }); theoryData.Add(new CreateAndValidateParams { Case = "Test2", SecurityTokenDescriptor = new SecurityTokenDescriptor(), TokenValidationParameters = new TokenValidationParameters { RequireSignedTokens = false, ValidateAudience = false, ValidateLifetime = false, ValidateIssuer = false, } }); theoryData.Add(new CreateAndValidateParams { Case = "Test3", ExceptionType = null, SecurityTokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(ClaimSets.DuplicateTypes()), TokenValidationParameters = Default.AsymmetricSignTokenValidationParameters, }); theoryData.Add(new CreateAndValidateParams { Case = "Test4", ExceptionType = null, SecurityTokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(ClaimSets.DefaultClaims), TokenValidationParameters = Default.AsymmetricSignTokenValidationParameters }); theoryData.Add(new CreateAndValidateParams { Case = "Test5", ExceptionType = null, SecurityTokenDescriptor = Default.SymmetricSignSecurityTokenDescriptor(ClaimSets.DefaultClaims), TokenValidationParameters = Default.SymmetricEncyptSignTokenValidationParameters }); theoryData.Add(new CreateAndValidateParams { Case = "Test6", ExceptionType = null, SecurityTokenDescriptor = Default.SymmetricSignSecurityTokenDescriptor(ClaimSets.GetDefaultRoleClaims(handler)), TokenValidationParameters = Default.SymmetricEncyptSignTokenValidationParameters }); return(theoryData); }
public static TheoryData <CreateAndValidateParams> CreationParams() { var createParams = new TheoryData <CreateAndValidateParams>(); var expires = DateTime.UtcNow + TimeSpan.FromDays(1); var handler = new JwtSecurityTokenHandler(); var nbf = DateTime.UtcNow; var signingCredentials = new SigningCredentials(KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256, SecurityAlgorithms.RsaSha256Signature); var verifyingKey = KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256_Public; createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.NoClaims", SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(null), TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters, }); createParams.Add(new CreateAndValidateParams { Case = "EmptyToken", SecurityTokenDescriptor = new SecurityTokenDescriptor(), TokenValidationParameters = new TokenValidationParameters { RequireSignedTokens = false, ValidateAudience = false, ValidateLifetime = false, ValidateIssuer = false, } }); createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.DuplicateTypes", ExceptionType = null, SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(ClaimSets.DuplicateTypes()), TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters, }); createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.Simple_Asymmetric", ExceptionType = null, SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(ClaimSets.DefaultClaims), TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters }); createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.Simple_Symmetric", ExceptionType = null, SecurityTokenDescriptor = IdentityUtilities.DefaultSymmetricSecurityTokenDescriptor(ClaimSets.DefaultClaims), TokenValidationParameters = IdentityUtilities.DefaultSymmetricTokenValidationParameters }); createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.RoleClaims", ExceptionType = null, SecurityTokenDescriptor = IdentityUtilities.DefaultSymmetricSecurityTokenDescriptor(ClaimSets.GetDefaultRoleClaims(handler)), TokenValidationParameters = IdentityUtilities.DefaultSymmetricTokenValidationParameters }); return(createParams); }