Example #1
0
        public SimpleWebToken ValidateToken(string token)
        {
            if (token == null)
            {
                throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "SWT not found");
            }

            var swt         = new SimpleWebToken(token);
            var securityKey = Convert.FromBase64String(this.SharedKeyBase64);

            if (securityKey == null)
            {
                throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "Missing shared key");
            }

            if (!IsHMACValid(swt.RawToken, securityKey))
            {
                throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "Invalid signature");
            }

            if (swt.IsExpired)
            {
                throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "Token expired");
            }

            if (this.AllowedAudiences != null && this.AllowedAudiences.Count > 0)
            {
                var swtAudienceUri = default(Uri);
                if (!Uri.TryCreate(swt.Audience, UriKind.RelativeOrAbsolute, out swtAudienceUri))
                {
                    throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "Invalid audience");
                }

                if (!this.AllowedAudiences.Any(uri => uri == swtAudienceUri))
                {
                    throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "Audience not found");
                }
            }

            if (!string.IsNullOrEmpty(this.AllowedIssuer))
            {
                if (!this.AllowedIssuer.Equals(swt.Issuer, StringComparison.Ordinal))
                {
                    throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "Invalid issuer");
                }
            }

            return(swt);
        }
        public SimpleWebToken ValidateToken(string token)
        {
            if (token == null)
                throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "SWT not found");

            var swt = new SimpleWebToken(token);
            var securityKey = Convert.FromBase64String(this.SharedKeyBase64);

            if (securityKey == null)
                throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "Missing shared key");

            if (!IsHMACValid(swt.RawToken, securityKey))
                throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "Invalid signature");

            if (swt.IsExpired)
                throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "Token expired");

            if (this.AllowedAudiences != null && this.AllowedAudiences.Count > 0)
            {
                var swtAudienceUri = default(Uri);
                if (!Uri.TryCreate(swt.Audience, UriKind.RelativeOrAbsolute, out swtAudienceUri))
                    throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "Invalid audience");

                if (!this.AllowedAudiences.Any(uri => uri == swtAudienceUri))
                    throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "Audience not found");
            }

            if (!string.IsNullOrEmpty(this.AllowedIssuer))
            {
                if (!this.AllowedIssuer.Equals(swt.Issuer, StringComparison.Ordinal))
                {
                    throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "Invalid issuer");
                }
            }

            return swt;
        }