public static void SuppressSecurityTokenExceptions(
string redirectPath = "~/",
Action <SecurityTokenException> logger = null)
{
HttpContext.Current.ApplicationInstance.Error +=
delegate(object sender, EventArgs e)
{
var ctx = HttpContext.Current;
var ex = ctx.Error;
SecurityTokenException ste = ex as SecurityTokenException;
if (ste != null)
{
var sam = FederatedAuthentication.SessionAuthenticationModule;
if (sam != null)
{
sam.SignOut();
}
ctx.ClearError();
if (logger != null)
{
logger(ste);
}
ctx.Response.Redirect(redirectPath);
}
};
}
/// <summary>
/// Validates JWT token and gets <see cref="ClaimsPrincipal"/> described by it.
/// Throws an exception if token validtion failed.
/// </summary>
/// <param name="token">The token to be validate and from which principal will be retrieved.</param>
/// <param name="forExpiredToken">Indicates whether validation parameters will be used for validation expired token.</param>
/// <returns>Returns <see cref="ClaimsPrincipal"/> principal described by the token.</returns>
/// <exception cref="SecurityTokenException">Token validation failed.</exception>
public ClaimsPrincipal GetPrincipalFromJwtToken(string token, bool forExpiredToken = false)
{
_logger.LogInformation($"Starting method '{nameof(GetPrincipalFromJwtToken)}'.");
try
{
_logger.LogDebug($"Getting validation parameters.");
var validationParameters = _jwtOptions.Value.GetValidationParameters();
if (forExpiredToken)
{
// Validate only expired tokens here. Validation of the token lifetime is not needed.
validationParameters.ValidateLifetime = false;
}
var principal = ValidateToken(token, validationParameters);
_logger.LogInformation($"Finished method '{nameof(GetPrincipalFromJwtToken)}'.");
return(principal);
}
catch (Exception ex)
{
_logger.LogError(ex, $"{ex.GetType().Name} - Token validation failed: {ex.Message}");
var exception = new SecurityTokenException($"Token validation failed: { ex.Message }", ex);
throw exception;
}
}
private static void ThrowException(string message)
{
SecurityTokenException securityTokenException = new SecurityTokenException(message);
if (DiagnosticUtility.ShouldTraceInformation)
{
DiagnosticUtility.ExceptionUtility.TraceHandledException(securityTokenException, TraceEventType.Information);
}
throw securityTokenException;
}
private static Exception ConvertException(Uri requestUri, Exception innerException)
{
string tokenProviderFailedSecurityToken = Resources.TokenProviderFailedSecurityToken;
object[] absoluteUri = new object[] { requestUri.AbsoluteUri, null };
absoluteUri[1] = (innerException == null ? "Unknown" : innerException.Message);
SecurityTokenException securityTokenException = new SecurityTokenException(Microsoft.ServiceBus.SR.GetString(tokenProviderFailedSecurityToken, absoluteUri), innerException);
if (DiagnosticUtility.ShouldTraceInformation)
{
DiagnosticUtility.ExceptionUtility.TraceHandledException(securityTokenException, TraceEventType.Information);
}
return(securityTokenException);
}
public override void Validate(string userName, string password)
{
if (!Configuration.Authentication.Enabled)
{
return;
}
if (!Configuration.Authentication.Users.Any(x => x.Username == userName && x.ValidatePassword(password)))
{
Log.Info("Access denied for request with username {0}", userName);
SecurityTokenException ex = new SecurityTokenException("Validation Failed!");
// Doesn't always work: http://blogs.msdn.com/b/drnick/archive/2010/02/02/fix-to-allow-customizing-the-status-code-when-validation-fails.aspx
ex.Data["HttpStatusCode"] = HttpStatusCode.Unauthorized;
throw ex;
}
}
protected override IEnumerator <IteratorAsyncResult <T> .AsyncStep> GetAsyncSteps()
{
bool flag;
TimeSpan timeSpan;
while (true)
{
bool flag1 = false;
if (!this.bypassCache)
{
lock (this.TokenProvider.mutex)
{
TokenProvider.TokenInfo tokenInfoFromCache = this.TokenProvider.GetTokenInfoFromCache(this.cacheKey);
flag = this.OnProcessCachedEntryFromTokenProvider(tokenInfoFromCache);
}
if (flag)
{
break;
}
}
Stopwatch stopwatch = Stopwatch.StartNew();
try
{
TokenProvider.GetTokenAsyncResultBase <T> getTokenAsyncResultBase = this;
IteratorAsyncResult <T> .BeginCall getTokenBeginCall = this.GetTokenBeginCall;
yield return(getTokenAsyncResultBase.CallAsync(getTokenBeginCall, (T thisPtr, IAsyncResult r) => thisPtr.OnCompletion(r), IteratorAsyncResult <TIteratorAsyncResult> .ExceptionPolicy.Continue));
if (base.LastAsyncStepException != null)
{
goto Label0;
}
stopwatch.Stop();
MessagingPerformanceCounters.IncrementTokenAcquisitionLatency(this.appliesToUri, stopwatch.ElapsedTicks);
MessagingPerformanceCounters.IncrementTokensAcquiredPerSec(this.appliesToUri, 1);
break;
}
finally
{
stopwatch.Stop();
}
Label0:
MessagingPerformanceCounters.IncrementTokenAcquisitionFailuresPerSec(this.appliesToUri, 1);
SecurityTokenException lastAsyncStepException = base.LastAsyncStepException as SecurityTokenException;
TokenProviderException tokenProviderException = base.LastAsyncStepException as TokenProviderException;
TimeoutException timeoutException = base.LastAsyncStepException as TimeoutException;
if (timeoutException != null && timeoutException.InnerException != null && timeoutException.InnerException is WebException)
{
flag1 = true;
}
else if (tokenProviderException != null && tokenProviderException.InnerException != null && tokenProviderException.InnerException is WebException)
{
flag1 = true;
}
else if (lastAsyncStepException != null)
{
TokenProviderHelper.InternalSecurityTokenException internalSecurityTokenException = lastAsyncStepException as TokenProviderHelper.InternalSecurityTokenException;
flag1 = true;
if (internalSecurityTokenException != null)
{
base.LastAsyncStepException = new SecurityTokenException(internalSecurityTokenException.Message, internalSecurityTokenException.InnerException);
switch (internalSecurityTokenException.StatusCode)
{
case HttpStatusCode.BadRequest:
case HttpStatusCode.Unauthorized:
{
flag1 = false;
break;
}
}
}
}
if (flag1)
{
TimeSpan timeSpan1 = base.RemainingTime();
if (timeSpan1 <= TimeSpan.Zero)
{
flag1 = false;
}
else
{
yield return(base.CallAsyncSleep(TimeoutHelper.Min(this.retrySleepTime, timeSpan1)));
TimeSpan timeSpan2 = this.retrySleepTime.Add(this.retrySleepTime);
TokenProvider.GetTokenAsyncResultBase <T> getTokenAsyncResultBase1 = this;
timeSpan = (timeSpan2 < TokenProvider.MaxRetrySleepTime ? timeSpan2 : TokenProvider.MaxRetrySleepTime);
getTokenAsyncResultBase1.retrySleepTime = timeSpan;
}
}
if (!flag1)
{
if (base.LastAsyncStepException == null)
{
break;
}
base.Complete(base.LastAsyncStepException);
break;
}
}
}
private static Exception ConvertWebException(Uri requestUri, WebException exception)
{
Exception securityTokenException;
Exception exception1;
object[] absoluteUri;
object[] objArray;
string tokenProviderFailedSecurityToken;
string tokenProviderTimeout;
string empty = string.Empty;
if (exception == null || exception.Response == null)
{
empty = (exception == null ? "Unknown" : exception.Message);
}
else
{
using (exception.Response)
{
using (StreamReader streamReader = new StreamReader(exception.Response.GetResponseStream()))
{
empty = streamReader.ReadToEnd();
}
HttpWebResponse response = exception.Response as HttpWebResponse;
if (response == null || response.StatusCode == HttpStatusCode.OK || response.StatusCode == HttpStatusCode.Continue)
{
tokenProviderFailedSecurityToken = Resources.TokenProviderFailedSecurityToken;
absoluteUri = new object[] { requestUri.AbsoluteUri, empty };
securityTokenException = new SecurityTokenException(Microsoft.ServiceBus.SR.GetString(tokenProviderFailedSecurityToken, absoluteUri), exception);
if (exception != null && (exception.Status == WebExceptionStatus.Timeout || exception.Status == WebExceptionStatus.RequestCanceled))
{
tokenProviderTimeout = Resources.TokenProviderTimeout;
objArray = new object[] { requestUri.AbsoluteUri };
securityTokenException = new TimeoutException(Microsoft.ServiceBus.SR.GetString(tokenProviderTimeout, objArray), securityTokenException);
}
if (DiagnosticUtility.ShouldTraceInformation)
{
DiagnosticUtility.ExceptionUtility.TraceHandledException(securityTokenException, TraceEventType.Information);
}
return(securityTokenException);
}
else
{
string str = Resources.TokenProviderFailedSecurityToken;
object[] absoluteUri1 = new object[] { requestUri.AbsoluteUri, empty };
Exception internalSecurityTokenException = new TokenProviderHelper.InternalSecurityTokenException(Microsoft.ServiceBus.SR.GetString(str, absoluteUri1), response.StatusCode, exception);
HttpStatusCode statusCode = response.StatusCode;
if (statusCode != HttpStatusCode.NotFound)
{
if (statusCode != HttpStatusCode.RequestTimeout)
{
switch (statusCode)
{
case HttpStatusCode.BadGateway:
case HttpStatusCode.ServiceUnavailable:
{
goto Label2;
}
case HttpStatusCode.GatewayTimeout:
{
break;
}
default:
{
goto Label1;
}
}
}
string tokenProviderTimeout1 = Resources.TokenProviderTimeout;
object[] objArray1 = new object[] { requestUri.AbsoluteUri };
internalSecurityTokenException = new TimeoutException(Microsoft.ServiceBus.SR.GetString(tokenProviderTimeout1, objArray1), exception);
goto Label1;
}
Label2:
string tokenProviderServiceUnavailable = Resources.TokenProviderServiceUnavailable;
object[] absoluteUri2 = new object[] { requestUri.AbsoluteUri };
internalSecurityTokenException = new TokenProviderException(Microsoft.ServiceBus.SR.GetString(tokenProviderServiceUnavailable, absoluteUri2), exception);
Label1:
if (DiagnosticUtility.ShouldTraceInformation)
{
DiagnosticUtility.ExceptionUtility.TraceHandledException(internalSecurityTokenException, TraceEventType.Information);
}
exception1 = internalSecurityTokenException;
}
}
return(exception1);
}
tokenProviderFailedSecurityToken = Resources.TokenProviderFailedSecurityToken;
absoluteUri = new object[] { requestUri.AbsoluteUri, empty };
securityTokenException = new SecurityTokenException(Microsoft.ServiceBus.SR.GetString(tokenProviderFailedSecurityToken, absoluteUri), exception);
if (exception != null && (exception.Status == WebExceptionStatus.Timeout || exception.Status == WebExceptionStatus.RequestCanceled))
{
tokenProviderTimeout = Resources.TokenProviderTimeout;
objArray = new object[] { requestUri.AbsoluteUri };
securityTokenException = new TimeoutException(Microsoft.ServiceBus.SR.GetString(tokenProviderTimeout, objArray), securityTokenException);
}
if (DiagnosticUtility.ShouldTraceInformation)
{
DiagnosticUtility.ExceptionUtility.TraceHandledException(securityTokenException, TraceEventType.Information);
}
return(securityTokenException);
}
