static void TokenDemo() { Saml2SecurityTokenHandler h = new Saml2SecurityTokenHandler(); var token = h.CreateToken(new SecurityTokenDescriptor()); System.Console.WriteLine(token); }
static GenericXmlSecurityToken WrapJwt(string jwt) { var subject = new ClaimsIdentity("saml"); subject.AddClaim(new Claim("jwt", jwt)); var descriptor = new SecurityTokenDescriptor { TokenType = TokenTypes.Saml2TokenProfile11, TokenIssuerName = "urn:wrappedjwt", Subject = subject }; var handler = new Saml2SecurityTokenHandler(); var token = handler.CreateToken(descriptor); var xmlToken = new GenericXmlSecurityToken( XElement.Parse(token.ToTokenXmlString()).ToXmlElement(), null, DateTime.Now, DateTime.Now.AddHours(1), null, null, null); return(xmlToken); }
public static Saml2SecurityToken CreateSaml2SecurityTokenSigningByRsa(byte[] certificate, string password, params Claim[] claims) { var descriptor = new SecurityTokenDescriptor(); var digestAlgorithm = "http://www.w3.org/2000/09/xmldsig#sha1"; var signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; var signingCert = new X509Certificate2(certificate, password); var rsa = signingCert.PrivateKey as RSACryptoServiceProvider; var rsaKey = new RsaSecurityKey(rsa); var rsaClause = new RsaKeyIdentifierClause(rsa); var signingSki = new SecurityKeyIdentifier(rsaClause); var signingCredentials = new SigningCredentials(rsaKey, signatureAlgorithm, digestAlgorithm, signingSki); descriptor.TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; descriptor.TokenIssuerName = "CN=app.nhin-hv.com, OU=Domain Control Validated, O=app.nhin-hv.com"; descriptor.SigningCredentials = signingCredentials; descriptor.Subject = new ClaimsIdentity(claims); descriptor.AppliesToAddress = "http://localhost/RelyingPartyApplication"; var issueInstant = DateTime.UtcNow; descriptor.Lifetime = new Lifetime(issueInstant, issueInstant + TimeSpan.FromHours(8)); var tokenHandler = new Saml2SecurityTokenHandler(); var token = tokenHandler.CreateToken(descriptor) as Saml2SecurityToken; return(token); }
public async Task <string> GenerateSerializedRstr(ValidatedWsFederationSigninRequest request) { var now = _clock.UtcNow.UtcDateTime; var principal = request.Subject.Identity as ClaimsIdentity; var nameIdClaim = principal.FindFirst(ClaimTypes.NameIdentifier); if (nameIdClaim == null) { nameIdClaim = new Claim(ClaimTypes.NameIdentifier, principal.Name); nameIdClaim.Properties.Add(ClaimProperties.SamlNameIdentifierFormat, Saml2Constants.NameIdentifierFormats.UnspecifiedString); principal.AddClaim(nameIdClaim); } var tokenDescriptor = new SecurityTokenDescriptor { Audience = request.RequestMessage.Wtrealm, Expires = now.AddSeconds(request.Client.IdentityTokenLifetime), IssuedAt = now, Issuer = _options.IssuerUri, NotBefore = now, SigningCredentials = await _keys.GetSigningCredentialsAsync(), Subject = principal }; //For whatever reason, the Digest method isn't specified in the builder extensions for identity server. //Not a good solution to force the user to use th eoverload that takes SigningCredentials //IdentityServer4/Configuration/DependencyInjection/BuilderExtensions/Crypto.cs //Instead, it should be supported in: // The overload that takes a X509Certificate2 // The overload that looks it up in a cert store // The overload that takes an RsaSecurityKey // AddDeveloperSigningCredential //For now, this is a workaround. if (tokenDescriptor.SigningCredentials.Digest == null) { _logger.LogInformation($"SigningCredentials does not have a digest specified. Using default digest algorithm of {SecurityAlgorithms.Sha256Digest}"); tokenDescriptor.SigningCredentials = new SigningCredentials(tokenDescriptor.SigningCredentials.Key, tokenDescriptor.SigningCredentials.Algorithm, SecurityAlgorithms.Sha256Digest); } _logger.LogDebug("Creating SAML 2.0 security token."); var tokenHandler = new Saml2SecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); _logger.LogDebug("Serializing RSTR."); var rstr = new RequestSecurityTokenResponse { AppliesTo = new AppliesTo(request.RequestMessage.Wtrealm), KeyType = "http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey", Lifetime = new Lifetime(now, now.AddSeconds(request.Client.IdentityTokenLifetime)), RequestedSecurityToken = token, RequestType = "http://schemas.xmlsoap.org/ws/2005/02/trust/Issue", TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" }; return(RequestSecurityTokenResponseSerializer.Serialize(rstr)); }
private void CreateSaml2Tokens(SecurityTokenDescriptor tokenDescriptor) { Saml2SecurityTokenHandler samlTokenHandler = new Saml2SecurityTokenHandler(); Saml2SecurityToken token = samlTokenHandler.CreateToken(tokenDescriptor) as Saml2SecurityToken; MemoryStream ms = new MemoryStream(); XmlDictionaryWriter writer = XmlDictionaryWriter.CreateTextWriter(ms); samlTokenHandler.WriteToken(writer, token); }
static async Task Main(string[] args) { IdentityModelEventSource.ShowPII = true; await Task.Delay(5000); var claims = new[] { new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString()), new Claim(ClaimTypes.Name, "username") }; var identity = new ClaimsIdentity(claims, "Sample"); var handler = new Saml2SecurityTokenHandler(); var parameters = CreateRsaParameters(); using var rsa = new RSACryptoServiceProvider(); rsa.ImportParameters(parameters); var descriptor = new SecurityTokenDescriptor { Issuer = "urn:sample.identityprovider", Audience = "urn:sample.issuer", IssuedAt = DateTime.UtcNow, NotBefore = DateTime.UtcNow.AddMinutes(-5), Expires = DateTime.UtcNow.AddHours(2), Subject = identity, SigningCredentials = SignatureMethod.RsaSha256.CreateCredentials(new RsaSecurityKey(rsa)) }; var token = handler.CreateToken(descriptor); var binding = new WsTrustIssuedTokenBinding(); var endpoint = new EndpointAddress("https://localhost:5001/trust/13"); var factory = new WsTrustChannelFactory(binding, endpoint); factory.SecurityTokenHandlers.Add(handler); for (var i = 0; i < iterations; i++) { var channel = factory.CreateChannelWithIssuedToken(token); var request = new WsTrustRequest(WsTrustConstants.Trust13.WsTrustActions.Issue) { KeyType = WsTrustKeyTypes.Trust13.Bearer, AppliesTo = new AppliesTo(new EndpointReference("urn:sample:relyingparty")) }; var response = await channel.IssueAsync(request); var requestedToken = response.GetRequestedSecurityToken() as GenericXmlSecurityToken; var assertion = requestedToken.Element.OuterXml; Console.WriteLine(assertion); } Console.ReadKey(); }
public async Task <string> GenerateSerializedRstr(ValidatedWsFederationRequest request) { var now = _clock.UtcNow.UtcDateTime; var credential = await _keys.GetSigningCredentialsAsync(); var key = credential.Key as X509SecurityKey; var tokenDescriptor = new SecurityTokenDescriptor { Audience = request.RequestMessage.Wtrealm, Expires = now.AddSeconds(request.Client.IdentityTokenLifetime), IssuedAt = now, Issuer = _options.IssuerUri, NotBefore = now, SigningCredentials = key == null ? credential : new X509SigningCredentials(key.Certificate, _federationOptions.DefaultSignatureAlgorithm), Subject = await CreateSubjectAsync(request) }; //For whatever reason, the Digest method isn't specified in the builder extensions for identity server. //Not a good solution to force the user to use the overload that takes SigningCredentials //IdentityServer4/Configuration/DependencyInjection/BuilderExtensions/Crypto.cs //Instead, it should be supported in: // The overload that takes a X509Certificate2 // The overload that looks it up in a cert store // The overload that takes an RsaSecurityKey // AddDeveloperSigningCredential //For now, this is a workaround. if (tokenDescriptor.SigningCredentials.Digest == null) { _logger.LogInformation($"SigningCredentials does not have a digest specified. Using default digest algorithm of {SecurityAlgorithms.Sha256Digest}"); tokenDescriptor.SigningCredentials = new SigningCredentials(tokenDescriptor.SigningCredentials.Key, tokenDescriptor.SigningCredentials.Algorithm ?? _federationOptions.DefaultSignatureAlgorithm, _federationOptions.DefaultDigestAlgorithm); } _logger.LogDebug("Creating SAML 2.0 security token."); var tokenHandler = new Saml2SecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); _logger.LogDebug("Serializing RSTR."); var rstr = new RequestSecurityTokenResponse { AppliesTo = new AppliesTo(request.RequestMessage.Wtrealm), KeyType = "http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey", Lifetime = new Lifetime { Created = XmlConvert.ToString(now, XmlDateTimeSerializationMode.Utc), Expires = XmlConvert.ToString(now.AddSeconds(request.Client.IdentityTokenLifetime), XmlDateTimeSerializationMode.Utc), }, RequestedSecurityToken = token, RequestType = "http://schemas.xmlsoap.org/ws/2005/02/trust/Issue", TokenType = WsFederationConstants.TokenTypes.Saml2TokenProfile11 }; return(RequestSecurityTokenResponseSerializer.Serialize(rstr)); }
public MeasureTokenHandlers() { IdentityModelEventSource.ShowPII = true; var securityTokenDescriptor = new SecurityTokenDescriptor { Audience = TestData.Audience, Claims = TestData.ClaimsDictionary, Issuer = TestData.Issuer, Subject = TestData.Subject, SigningCredentials = TestData.RsaSigningCredentials_2048Sha256 }; _jwtToken = _jsonWebTokenHandler.CreateToken(securityTokenDescriptor); _saml1Token = _saml1SecurityTokenHandler.WriteToken(_saml1SecurityTokenHandler.CreateToken(securityTokenDescriptor)); _saml2Token = _saml2SecurityTokenHandler.WriteToken(_saml2SecurityTokenHandler.CreateToken(securityTokenDescriptor)); _tokenValidationParameters = TestData.RsaTokenValidationParameters_2048_Public; }
public static string CreateSaml2Token(string name) { var id = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, name) }, "SAML"); var descriptor = new SecurityTokenDescriptor { Subject = id, AppliesToAddress = "https://test", TokenIssuerName = "http://issuer", SigningCredentials = GetSamlSigningCredential(), }; var handler = new Saml2SecurityTokenHandler(); handler.Configuration = new SecurityTokenHandlerConfiguration(); var token = handler.CreateToken(descriptor); return token.ToTokenXmlString(); }
private static Saml2SecurityToken CreateSaml2Token(IList <Claim> claims) { var saml2TokenHandler = new Saml2SecurityTokenHandler(); var tokenDescriptor = new SecurityTokenDescriptor { Audience = Default.Audience, NotBefore = Default.NotBefore, Expires = Default.Expires, IssuedAt = Default.IssueInstant, Issuer = Default.Issuer, SigningCredentials = Default.AsymmetricSigningCredentials, Subject = new ClaimsIdentity(claims) }; var token = saml2TokenHandler.CreateToken(tokenDescriptor) as Saml2SecurityToken; token.SigningKey = Default.AsymmetricSigningKey; return(token); }
private static SecurityToken GenerateHardcodedToken() { var securityTokenDescriptor = new SecurityTokenDescriptor(); securityTokenDescriptor.Subject = ClaimsPrincipal.Current.Identity as ClaimsIdentity; securityTokenDescriptor.Lifetime = new Lifetime(DateTime.Now, DateTime.Now.AddDays(2)); securityTokenDescriptor.TokenIssuerName = "http://identityserver.v2.thinktecture.com/trust/changethis"; securityTokenDescriptor.AppliesToAddress = "https://windows7:444/identity/wstrust/bearer"; securityTokenDescriptor.SigningCredentials = GenerateSigningCredentials(); Saml2SecurityTokenHandler saml2SecurityTokenHandler = new Saml2SecurityTokenHandler(); var saml2SecurityToken = saml2SecurityTokenHandler.CreateToken(securityTokenDescriptor) as Saml2SecurityToken; var authenticationMethod = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"; var authenticationContext = new Saml2AuthenticationContext(new Uri(authenticationMethod)); saml2SecurityToken.Assertion.Statements.Add(new Saml2AuthenticationStatement(authenticationContext)); return(saml2SecurityToken); }
public static string CreateSaml2Token(string name) { var id = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, name) }, "SAML"); var descriptor = new SecurityTokenDescriptor { Subject = id, AppliesToAddress = "https://test", TokenIssuerName = "http://issuer", SigningCredentials = GetSamlSigningCredential(), }; var handler = new Saml2SecurityTokenHandler(); handler.Configuration = new SecurityTokenHandlerConfiguration(); var token = handler.CreateToken(descriptor); return(token.ToTokenXmlString()); }
public ActionResult <string> Login() { var user = new User { Id = 1, Name = "jjj", Email = "*****@*****.**", Birthday = DateTime.Now.AddYears(-10), Password = "******", PhoneNumber = "18888888888" }; var tokenHandler = new Saml2SecurityTokenHandler(); var privateKey = System.IO.File.ReadAllText(Path.Combine(_env.ContentRootPath, "private.key")); var rsaParameters = JsonConvert.DeserializeObject <RSAParameters>(privateKey); var rsaSecurityKey = new RsaSecurityKey(rsaParameters); var tokenDescriptor = new SecurityTokenDescriptor() { Issuer = "https://www.jjj.me", Audience = "https://api.jjj.me", NotBefore = DateTime.Now, Expires = DateTime.UtcNow.AddMinutes(15), SigningCredentials = new SigningCredentials(rsaSecurityKey, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest), Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()), new Claim(ClaimTypes.Name, user.Name), new Claim(ClaimTypes.Email, user.Email), new Claim(ClaimTypes.MobilePhone, user.PhoneNumber), new Claim(ClaimTypes.Role, "Manager") }) }; var token = tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor)); return(token); }
static string CreateSamlToken() { var user = new User { Id = 1, Name = "123", Email = "*****@*****.**", Birthday = DateTime.Now.AddYears(-27), PhoneNumber = "123456789" }; var tokenHandler = new Saml2SecurityTokenHandler(); string keyPrivate = File.ReadAllText(Path.Combine(Directory.GetCurrentDirectory(), "key.private.json")); var keyParameter = JsonConvert.DeserializeObject <RSAParameters>(keyPrivate); var rsaSecurityKey = new RsaSecurityKey(keyParameter); var tokenDescriptor = new SecurityTokenDescriptor { Audience = "aspnetcoreweb", Issuer = "xcode.me", NotBefore = DateTime.Now, Expires = DateTime.UtcNow.AddMinutes(6), SigningCredentials = new SigningCredentials(rsaSecurityKey, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest), Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()), new Claim(ClaimTypes.Name, user.Name), new Claim(ClaimTypes.Email, user.Email), new Claim(ClaimTypes.MobilePhone, user.PhoneNumber), new Claim(ClaimTypes.Role, "Manager") }) }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); return(tokenString); }
/// <summary> /// Creates a token for transaction service channel factory. /// </summary> /// <returns>Token for transaction service.</returns> private System.IdentityModel.Tokens.SecurityToken CreateToken() { ClaimsIdentity claimsIdentity = new ClaimsIdentity(); Claim claim; claim = new Claim(ClaimTypes.Email, this.transactionServiceProfile.UserId); claimsIdentity.Claims.Add(claim); claim = new Claim(this.transactionServiceProfile.IdentityProviderClaim, this.transactionServiceProfile.IdentityProvider); claimsIdentity.Claims.Add(claim); claim = new Claim(ClaimTypes.NameIdentifier, this.transactionServiceProfile.UserId); claimsIdentity.Claims.Add(claim); Saml2SecurityTokenHandler tokenHandler = new Saml2SecurityTokenHandler(); tokenHandler.SamlSecurityTokenRequirement = new SamlSecurityTokenRequirement(); SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor(); tokenDescriptor.TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml2TokenProfile11; tokenDescriptor.TokenIssuerName = this.transactionServiceProfile.IssuerUri; tokenDescriptor.Subject = claimsIdentity; DateTime currentUtcTime = DateTime.UtcNow; tokenDescriptor.Lifetime = new Microsoft.IdentityModel.Protocols.WSTrust.Lifetime(currentUtcTime, currentUtcTime.AddHours(24)); tokenDescriptor.AppliesToAddress = this.transactionServiceProfile.AudienceUrn; X509Certificate2 signingCert = this.FindCertificate(); if (signingCert != null) { tokenDescriptor.SigningCredentials = new X509SigningCredentials(signingCert); } else { throw new ArgumentException("Error locating certificate by thumbprint"); } return(tokenHandler.CreateToken(tokenDescriptor)); }
public static Saml2SecurityToken CreateSaml2Token(SecurityTokenDescriptor securityTokenDescriptor, Saml2SecurityTokenHandler tokenHandler) { return(tokenHandler.CreateToken(securityTokenDescriptor) as Saml2SecurityToken); }
public static void Run(string[] args) { IdentityModelEventSource.ShowPII = true; var testRuns = TestConfig.SetupTestRuns( new List <TestExecutor> { TokenTestExecutors.JsonWebTokenHandler_ValidateToken_InParallel, TokenTestExecutors.JwtSecurityTokenHandler_ValidateToken_InParallel, TokenTestExecutors.Saml2SecurityTokenHandler_ValidateToken_InParallel, TokenTestExecutors.SamlSecurityTokenHandler_ValidateToken_InParallel, TokenTestExecutors.JsonWebTokenHandler_CreateToken_InParallel, TokenTestExecutors.JwtSecurityTokenHandler_CreateToken_InParallel, TokenTestExecutors.Saml2SecurityTokenHandler_CreateToken_InParallel, TokenTestExecutors.SamlSecurityTokenHandler_CreateToken_InParallel, }); var securityTokenDescriptor = TestData.SecurityTokenDescriptor(TestData.RsaSigningCredentials_2048Sha256); var tokenValidationParameters = TestData.TokenValidationParameters(securityTokenDescriptor.SigningCredentials.Key); var jwtTokenHandler = new JwtSecurityTokenHandler(); var jwt = jwtTokenHandler.CreateEncodedJwt(securityTokenDescriptor); var samlTokenHandler = new SamlSecurityTokenHandler(); var samlToken = samlTokenHandler.CreateToken(securityTokenDescriptor); var saml = samlTokenHandler.WriteToken(samlToken); var saml2TokenHandler = new Saml2SecurityTokenHandler(); var saml2Token = saml2TokenHandler.CreateToken(securityTokenDescriptor); var saml2 = saml2TokenHandler.WriteToken(saml2Token); var testConfig = TestConfig.ParseArgs(args); var tokenTestData = new TokenTestRunData { JwtSecurityTokenHandler = new JwtSecurityTokenHandler(), JsonWebTokenHandler = new JsonWebTokenHandler(), JwtToken = jwt, NumIterations = testConfig.NumIterations, Saml2Token = saml2, SamlToken = saml, SamlSecurityTokenHandler = samlTokenHandler, Saml2SecurityTokenHandler = saml2TokenHandler, TokenValidationParameters = tokenValidationParameters, SecurityTokenDescriptor = securityTokenDescriptor }; // run each test to set any static data foreach (var testRun in testRuns) { testRun.TestExecutor(tokenTestData); } var assemblyVersion = typeof(JwtSecurityTokenHandler).Assembly.GetName().Version.ToString(); #if DEBUG var prefix = "DEBUG"; #else var prefix = "RELEASE"; #endif testConfig.Version = $"{prefix}-{assemblyVersion}"; var logName = $"SecurityTokens-{testConfig.Version}_{DateTime.Now.ToString("yyyy.MM.dd.hh.mm.ss")}.txt"; var directory = testConfig.LogDirectory; var logFile = Path.Combine(directory, logName); Directory.CreateDirectory(directory); TestRunner.Run(testConfig, testRuns, tokenTestData); File.WriteAllText(logFile, testConfig.Logger.Logs); }
private void RunValidationTests(SecurityTokenDescriptor tokenDescriptor, SecurityToken securityToken, SecurityKey key, int iterations, bool display = true) { // Create jwts using wif // Create Saml2 tokens // Create Saml tokens DateTime started; string validating = "Validating, signed: '{0}', '{1}' Tokens. Time: '{2}'"; SetReturnSecurityTokenResolver str = new Test.SetReturnSecurityTokenResolver(securityToken, key); SecurityTokenHandlerConfiguration tokenHandlerConfiguration = new SecurityTokenHandlerConfiguration() { IssuerTokenResolver = str, SaveBootstrapContext = true, CertificateValidator = AlwaysSucceedCertificateValidator.New, AudienceRestriction = new AudienceRestriction(AudienceUriMode.Never), IssuerNameRegistry = new SetNameIssuerNameRegistry(Issuers.GotJwt), }; Saml2SecurityTokenHandler samlTokenHandler = new Saml2SecurityTokenHandler(); Saml2SecurityToken token = samlTokenHandler.CreateToken(tokenDescriptor) as Saml2SecurityToken; StringBuilder sb = new StringBuilder(); XmlWriter writer = XmlWriter.Create(sb); samlTokenHandler.WriteToken(writer, token); writer.Flush(); writer.Close(); string tokenXml = sb.ToString(); samlTokenHandler.Configuration = tokenHandlerConfiguration; started = DateTime.UtcNow; for (int i = 0; i < iterations; i++) { StringReader sr = new StringReader(tokenXml); XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader(XmlReader.Create(sr)); reader.MoveToContent(); SecurityToken saml2Token = samlTokenHandler.ReadToken(reader); samlTokenHandler.ValidateToken(saml2Token); } if (display) { Console.WriteLine(string.Format(validating, "Saml2SecurityTokenHandler", iterations, DateTime.UtcNow - started)); } JwtSecurityTokenHandler jwtTokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken jwt = jwtTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken; jwtTokenHandler.Configuration = tokenHandlerConfiguration; started = DateTime.UtcNow; for (int i = 0; i < iterations; i++) { jwtTokenHandler.ValidateToken(jwt.RawData); } if (display) { Console.WriteLine(string.Format(validating, "JwtSecurityTokenHandle - ValidateToken( jwt.RawData )", iterations, DateTime.UtcNow - started)); } jwt = jwtTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken; sb = new StringBuilder(); writer = XmlWriter.Create(sb); jwtTokenHandler.WriteToken(writer, jwt); writer.Flush(); writer.Close(); tokenXml = sb.ToString(); started = DateTime.UtcNow; for (int i = 0; i < iterations; i++) { StringReader sr = new StringReader(tokenXml); XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader(XmlReader.Create(sr)); reader.MoveToContent(); SecurityToken jwtToken = jwtTokenHandler.ReadToken(reader); jwtTokenHandler.ValidateToken(jwtToken); } if (display) { Console.WriteLine(string.Format(validating, "JwtSecurityTokenHandle - ReadToken( reader ), ValidateToken( jwtToken )", iterations, DateTime.UtcNow - started)); } started = DateTime.UtcNow; for (int i = 0; i < iterations; i++) { StringReader sr = new StringReader(tokenXml); XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader(XmlReader.Create(sr)); reader.MoveToContent(); JwtSecurityToken jwtToken = jwtTokenHandler.ReadToken(reader) as JwtSecurityToken; jwtTokenHandler.ValidateToken(jwtToken.RawData); } if (display) { Console.WriteLine(string.Format(validating, "JwtSecurityTokenHandle - ReadToken( reader ), ValidateToken( jwtToken.RawData )", iterations, DateTime.UtcNow - started)); } }