public override ReadOnlyCollection <ClaimsIdentity> ValidateToken(SecurityToken token)
{
SimpleWebToken swt = token as SimpleWebToken;
if (swt == null)
{
throw new SecurityTokenValidationException("The received token is of incorrect token type.Expected SimpleWebToken");
}
// check issuer name registry for allowed issuers
string issuerName = null;
if (base.Configuration.IssuerNameRegistry != null)
{
issuerName = base.Configuration.IssuerNameRegistry.GetIssuerName(token);
if (string.IsNullOrEmpty(issuerName))
{
throw new SecurityTokenValidationException("Invalid issuer ");
}
}
// check expiration
if (DateTime.Compare(swt.ValidTo, DateTime.UtcNow) <= 0)
{
throw new SecurityTokenExpiredException("The incoming token has expired. Get a new access token from the Authorization Server.");
}
// check audience
if (base.Configuration.AudienceRestriction.AudienceMode != AudienceUriMode.Never)
{
var allowedAudiences = base.Configuration.AudienceRestriction.AllowedAudienceUris;
if (!allowedAudiences.Any(uri => uri == swt.AudienceUri))
{
throw new AudienceUriValidationFailedException();
}
}
// retrieve signing key
var clause = new WebTokenSecurityKeyClause(swt.Issuer);
var securityKey = Configuration.IssuerTokenResolver.ResolveSecurityKey(clause) as InMemorySymmetricSecurityKey;
if (securityKey == null)
{
throw new SecurityTokenValidationException("No signing key found");
}
// TODO
// check signature
if (!swt.VerifySignature(securityKey.GetSymmetricKey()))
{
throw new SecurityTokenValidationException("Signature verification of the incoming token failed.");
}
var id = new ClaimsIdentity("SWT");
foreach (var claim in swt.Claims)
{
claim.Value.Split(',').ToList().ForEach(v => id.AddClaim(new Claim(claim.Type, v, ClaimValueTypes.String, issuerName)));
}
return(new List <ClaimsIdentity> {
id
}.AsReadOnly());
}
public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
var jwt = token as JsonWebToken;
if (jwt == null)
{
throw new ArgumentException("Token is not a JsonWebToken");
}
// check if configuration is properly set
if (base.Configuration == null)
{
throw new InvalidOperationException("No configuration set for token handler");
}
// check issuer name registry for allowed issuers
var issuerName = base.Configuration.IssuerNameRegistry.GetIssuerName(token);
if (string.IsNullOrEmpty(issuerName))
{
throw new SecurityTokenValidationException("Invalid issuer");
}
// check expiration
if (jwt.ExpirationTime.HasValue)
{
if (DateTime.Compare(jwt.ValidTo, DateTime.UtcNow) <= 0)
{
throw new SecurityTokenExpiredException("The token has expired");
}
}
// check audience
if (base.Configuration.AudienceRestriction.AudienceMode != AudienceUriMode.Never)
{
var allowedAudiences = base.Configuration.AudienceRestriction.AllowedAudienceUris;
if (!allowedAudiences.Any(uri => uri == jwt.Audience))
{
throw new AudienceUriValidationFailedException();
}
}
if (jwt.Header.SignatureAlgorithm != JwtConstants.SignatureAlgorithms.None)
{
// retrieve signing key
var clause = new WebTokenSecurityKeyClause(jwt.Issuer);
var signingKey = Configuration.IssuerTokenResolver.ResolveSecurityKey(clause);
if (signingKey == null)
{
throw new SecurityTokenValidationException("No signing key found");
}
VerifySignature(jwt, signingKey);
}
var identity = CreateClaimsIdentity(jwt);
return new List<ClaimsIdentity> { identity }.AsReadOnly();
}
public override ReadOnlyCollection <ClaimsIdentity> ValidateToken(SecurityToken token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
var jwt = token as JsonWebToken;
if (jwt == null)
{
throw new ArgumentException("Token is not a JsonWebToken");
}
// check if configuration is properly set
if (base.Configuration == null)
{
throw new InvalidOperationException("No configuration set for token handler");
}
// check issuer name registry for allowed issuers
var issuerName = base.Configuration.IssuerNameRegistry.GetIssuerName(token);
if (string.IsNullOrEmpty(issuerName))
{
throw new SecurityTokenValidationException("Invalid issuer");
}
// check expiration
if (jwt.ExpirationTime.HasValue)
{
if (DateTime.Compare(jwt.ValidTo, DateTime.UtcNow) <= 0)
{
throw new SecurityTokenExpiredException("The token has expired");
}
}
// check audience
if (base.Configuration.AudienceRestriction.AudienceMode != AudienceUriMode.Never)
{
var allowedAudiences = base.Configuration.AudienceRestriction.AllowedAudienceUris;
if (!allowedAudiences.Any(uri => uri == jwt.Audience))
{
throw new AudienceUriValidationFailedException();
}
}
if (jwt.Header.SignatureAlgorithm != JwtConstants.SignatureAlgorithms.None)
{
// retrieve signing key
var clause = new WebTokenSecurityKeyClause(jwt.Issuer);
var signingKey = Configuration.IssuerTokenResolver.ResolveSecurityKey(clause);
if (signingKey == null)
{
throw new SecurityTokenValidationException("No signing key found");
}
VerifySignature(jwt, signingKey);
}
var identity = CreateClaimsIdentity(jwt);
return(new List <ClaimsIdentity> {
identity
}.AsReadOnly());
}
public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token)
{
SimpleWebToken swt = token as SimpleWebToken;
if (swt == null)
{
throw new SecurityTokenValidationException("The received token is of incorrect token type.Expected SimpleWebToken");
}
// check issuer name registry for allowed issuers
string issuerName = null;
if (base.Configuration.IssuerNameRegistry != null)
{
issuerName = base.Configuration.IssuerNameRegistry.GetIssuerName(token);
if (string.IsNullOrEmpty(issuerName))
{
throw new SecurityTokenValidationException("Invalid issuer ");
}
}
// check expiration
if (DateTime.Compare(swt.ValidTo, DateTime.UtcNow) <= 0)
{
throw new SecurityTokenExpiredException("The incoming token has expired. Get a new access token from the Authorization Server.");
}
// check audience
if (base.Configuration.AudienceRestriction.AudienceMode != AudienceUriMode.Never)
{
var allowedAudiences = base.Configuration.AudienceRestriction.AllowedAudienceUris;
if (!allowedAudiences.Any(uri => uri == swt.AudienceUri))
{
throw new AudienceUriValidationFailedException();
}
}
// retrieve signing key
var clause = new WebTokenSecurityKeyClause(swt.Issuer);
var securityKey = Configuration.IssuerTokenResolver.ResolveSecurityKey(clause) as InMemorySymmetricSecurityKey;
if (securityKey == null)
{
throw new SecurityTokenValidationException("No signing key found");
}
// TODO
// check signature
if (!swt.VerifySignature(securityKey.GetSymmetricKey()))
{
throw new SecurityTokenValidationException("Signature verification of the incoming token failed.");
}
var id = new ClaimsIdentity("SWT");
foreach (var claim in swt.Claims)
{
claim.Value.Split(',').ToList().ForEach(v => id.AddClaim(new Claim(claim.Type, v, ClaimValueTypes.String, issuerName)));
}
return new List<ClaimsIdentity> { id }.AsReadOnly();
}
