public static void SuppressSecurityTokenExceptions( string redirectPath = "~/", Action <SecurityTokenException> logger = null) { HttpContext.Current.ApplicationInstance.Error += delegate(object sender, EventArgs e) { var ctx = HttpContext.Current; var ex = ctx.Error; SecurityTokenException ste = ex as SecurityTokenException; if (ste != null) { var sam = FederatedAuthentication.SessionAuthenticationModule; if (sam != null) { sam.SignOut(); } ctx.ClearError(); if (logger != null) { logger(ste); } ctx.Response.Redirect(redirectPath); } }; }
/// <summary> /// Validates JWT token and gets <see cref="ClaimsPrincipal"/> described by it. /// Throws an exception if token validtion failed. /// </summary> /// <param name="token">The token to be validate and from which principal will be retrieved.</param> /// <param name="forExpiredToken">Indicates whether validation parameters will be used for validation expired token.</param> /// <returns>Returns <see cref="ClaimsPrincipal"/> principal described by the token.</returns> /// <exception cref="SecurityTokenException">Token validation failed.</exception> public ClaimsPrincipal GetPrincipalFromJwtToken(string token, bool forExpiredToken = false) { _logger.LogInformation($"Starting method '{nameof(GetPrincipalFromJwtToken)}'."); try { _logger.LogDebug($"Getting validation parameters."); var validationParameters = _jwtOptions.Value.GetValidationParameters(); if (forExpiredToken) { // Validate only expired tokens here. Validation of the token lifetime is not needed. validationParameters.ValidateLifetime = false; } var principal = ValidateToken(token, validationParameters); _logger.LogInformation($"Finished method '{nameof(GetPrincipalFromJwtToken)}'."); return(principal); } catch (Exception ex) { _logger.LogError(ex, $"{ex.GetType().Name} - Token validation failed: {ex.Message}"); var exception = new SecurityTokenException($"Token validation failed: { ex.Message }", ex); throw exception; } }
private static void ThrowException(string message) { SecurityTokenException securityTokenException = new SecurityTokenException(message); if (DiagnosticUtility.ShouldTraceInformation) { DiagnosticUtility.ExceptionUtility.TraceHandledException(securityTokenException, TraceEventType.Information); } throw securityTokenException; }
private static Exception ConvertException(Uri requestUri, Exception innerException) { string tokenProviderFailedSecurityToken = Resources.TokenProviderFailedSecurityToken; object[] absoluteUri = new object[] { requestUri.AbsoluteUri, null }; absoluteUri[1] = (innerException == null ? "Unknown" : innerException.Message); SecurityTokenException securityTokenException = new SecurityTokenException(Microsoft.ServiceBus.SR.GetString(tokenProviderFailedSecurityToken, absoluteUri), innerException); if (DiagnosticUtility.ShouldTraceInformation) { DiagnosticUtility.ExceptionUtility.TraceHandledException(securityTokenException, TraceEventType.Information); } return(securityTokenException); }
public override void Validate(string userName, string password) { if (!Configuration.Authentication.Enabled) { return; } if (!Configuration.Authentication.Users.Any(x => x.Username == userName && x.ValidatePassword(password))) { Log.Info("Access denied for request with username {0}", userName); SecurityTokenException ex = new SecurityTokenException("Validation Failed!"); // Doesn't always work: http://blogs.msdn.com/b/drnick/archive/2010/02/02/fix-to-allow-customizing-the-status-code-when-validation-fails.aspx ex.Data["HttpStatusCode"] = HttpStatusCode.Unauthorized; throw ex; } }
protected override IEnumerator <IteratorAsyncResult <T> .AsyncStep> GetAsyncSteps() { bool flag; TimeSpan timeSpan; while (true) { bool flag1 = false; if (!this.bypassCache) { lock (this.TokenProvider.mutex) { TokenProvider.TokenInfo tokenInfoFromCache = this.TokenProvider.GetTokenInfoFromCache(this.cacheKey); flag = this.OnProcessCachedEntryFromTokenProvider(tokenInfoFromCache); } if (flag) { break; } } Stopwatch stopwatch = Stopwatch.StartNew(); try { TokenProvider.GetTokenAsyncResultBase <T> getTokenAsyncResultBase = this; IteratorAsyncResult <T> .BeginCall getTokenBeginCall = this.GetTokenBeginCall; yield return(getTokenAsyncResultBase.CallAsync(getTokenBeginCall, (T thisPtr, IAsyncResult r) => thisPtr.OnCompletion(r), IteratorAsyncResult <TIteratorAsyncResult> .ExceptionPolicy.Continue)); if (base.LastAsyncStepException != null) { goto Label0; } stopwatch.Stop(); MessagingPerformanceCounters.IncrementTokenAcquisitionLatency(this.appliesToUri, stopwatch.ElapsedTicks); MessagingPerformanceCounters.IncrementTokensAcquiredPerSec(this.appliesToUri, 1); break; } finally { stopwatch.Stop(); } Label0: MessagingPerformanceCounters.IncrementTokenAcquisitionFailuresPerSec(this.appliesToUri, 1); SecurityTokenException lastAsyncStepException = base.LastAsyncStepException as SecurityTokenException; TokenProviderException tokenProviderException = base.LastAsyncStepException as TokenProviderException; TimeoutException timeoutException = base.LastAsyncStepException as TimeoutException; if (timeoutException != null && timeoutException.InnerException != null && timeoutException.InnerException is WebException) { flag1 = true; } else if (tokenProviderException != null && tokenProviderException.InnerException != null && tokenProviderException.InnerException is WebException) { flag1 = true; } else if (lastAsyncStepException != null) { TokenProviderHelper.InternalSecurityTokenException internalSecurityTokenException = lastAsyncStepException as TokenProviderHelper.InternalSecurityTokenException; flag1 = true; if (internalSecurityTokenException != null) { base.LastAsyncStepException = new SecurityTokenException(internalSecurityTokenException.Message, internalSecurityTokenException.InnerException); switch (internalSecurityTokenException.StatusCode) { case HttpStatusCode.BadRequest: case HttpStatusCode.Unauthorized: { flag1 = false; break; } } } } if (flag1) { TimeSpan timeSpan1 = base.RemainingTime(); if (timeSpan1 <= TimeSpan.Zero) { flag1 = false; } else { yield return(base.CallAsyncSleep(TimeoutHelper.Min(this.retrySleepTime, timeSpan1))); TimeSpan timeSpan2 = this.retrySleepTime.Add(this.retrySleepTime); TokenProvider.GetTokenAsyncResultBase <T> getTokenAsyncResultBase1 = this; timeSpan = (timeSpan2 < TokenProvider.MaxRetrySleepTime ? timeSpan2 : TokenProvider.MaxRetrySleepTime); getTokenAsyncResultBase1.retrySleepTime = timeSpan; } } if (!flag1) { if (base.LastAsyncStepException == null) { break; } base.Complete(base.LastAsyncStepException); break; } } }
private static Exception ConvertWebException(Uri requestUri, WebException exception) { Exception securityTokenException; Exception exception1; object[] absoluteUri; object[] objArray; string tokenProviderFailedSecurityToken; string tokenProviderTimeout; string empty = string.Empty; if (exception == null || exception.Response == null) { empty = (exception == null ? "Unknown" : exception.Message); } else { using (exception.Response) { using (StreamReader streamReader = new StreamReader(exception.Response.GetResponseStream())) { empty = streamReader.ReadToEnd(); } HttpWebResponse response = exception.Response as HttpWebResponse; if (response == null || response.StatusCode == HttpStatusCode.OK || response.StatusCode == HttpStatusCode.Continue) { tokenProviderFailedSecurityToken = Resources.TokenProviderFailedSecurityToken; absoluteUri = new object[] { requestUri.AbsoluteUri, empty }; securityTokenException = new SecurityTokenException(Microsoft.ServiceBus.SR.GetString(tokenProviderFailedSecurityToken, absoluteUri), exception); if (exception != null && (exception.Status == WebExceptionStatus.Timeout || exception.Status == WebExceptionStatus.RequestCanceled)) { tokenProviderTimeout = Resources.TokenProviderTimeout; objArray = new object[] { requestUri.AbsoluteUri }; securityTokenException = new TimeoutException(Microsoft.ServiceBus.SR.GetString(tokenProviderTimeout, objArray), securityTokenException); } if (DiagnosticUtility.ShouldTraceInformation) { DiagnosticUtility.ExceptionUtility.TraceHandledException(securityTokenException, TraceEventType.Information); } return(securityTokenException); } else { string str = Resources.TokenProviderFailedSecurityToken; object[] absoluteUri1 = new object[] { requestUri.AbsoluteUri, empty }; Exception internalSecurityTokenException = new TokenProviderHelper.InternalSecurityTokenException(Microsoft.ServiceBus.SR.GetString(str, absoluteUri1), response.StatusCode, exception); HttpStatusCode statusCode = response.StatusCode; if (statusCode != HttpStatusCode.NotFound) { if (statusCode != HttpStatusCode.RequestTimeout) { switch (statusCode) { case HttpStatusCode.BadGateway: case HttpStatusCode.ServiceUnavailable: { goto Label2; } case HttpStatusCode.GatewayTimeout: { break; } default: { goto Label1; } } } string tokenProviderTimeout1 = Resources.TokenProviderTimeout; object[] objArray1 = new object[] { requestUri.AbsoluteUri }; internalSecurityTokenException = new TimeoutException(Microsoft.ServiceBus.SR.GetString(tokenProviderTimeout1, objArray1), exception); goto Label1; } Label2: string tokenProviderServiceUnavailable = Resources.TokenProviderServiceUnavailable; object[] absoluteUri2 = new object[] { requestUri.AbsoluteUri }; internalSecurityTokenException = new TokenProviderException(Microsoft.ServiceBus.SR.GetString(tokenProviderServiceUnavailable, absoluteUri2), exception); Label1: if (DiagnosticUtility.ShouldTraceInformation) { DiagnosticUtility.ExceptionUtility.TraceHandledException(internalSecurityTokenException, TraceEventType.Information); } exception1 = internalSecurityTokenException; } } return(exception1); } tokenProviderFailedSecurityToken = Resources.TokenProviderFailedSecurityToken; absoluteUri = new object[] { requestUri.AbsoluteUri, empty }; securityTokenException = new SecurityTokenException(Microsoft.ServiceBus.SR.GetString(tokenProviderFailedSecurityToken, absoluteUri), exception); if (exception != null && (exception.Status == WebExceptionStatus.Timeout || exception.Status == WebExceptionStatus.RequestCanceled)) { tokenProviderTimeout = Resources.TokenProviderTimeout; objArray = new object[] { requestUri.AbsoluteUri }; securityTokenException = new TimeoutException(Microsoft.ServiceBus.SR.GetString(tokenProviderTimeout, objArray), securityTokenException); } if (DiagnosticUtility.ShouldTraceInformation) { DiagnosticUtility.ExceptionUtility.TraceHandledException(securityTokenException, TraceEventType.Information); } return(securityTokenException); }