// todo [wanl]: hubName uses [AutoResolve] public InputBindingProvider(IConfiguration configuration, INameResolver nameResolver, ISecurityTokenValidator securityTokenValidator, ISignalRConnectionInfoConfigurer signalRConnectionInfoConfigurer) { this.configuration = configuration; this.nameResolver = nameResolver; this.securityTokenValidator = securityTokenValidator; this.signalRConnectionInfoConfigurer = signalRConnectionInfoConfigurer; }
/// <summary> /// Initialise a new instance of the Okta JWT Security Token Handler /// </summary> /// <param name="tokenService">The Token Service.</param> /// <param name="tokenValidator">Token validator.</param> /// <param name="userSessionUpdateOktaTokenService">User update okta token service.</param> /// <param name="userSessionRetrievalByOktaIdService">User retrieval by okta id service.</param> /// <param name="userRetrievalById">User retrieval by id service.</param> /// <param name="userRetrievalByEmailService">User retrieval by email service.</param> /// <param name="userRetrievalByOktaId">User retrieval by okta id.</param> /// <param name="userUpdateService">Update user service.</param> /// <param name="userCreationService">User creation service.</param> /// <param name="oktaClient">Okta client.</param> /// <param name="oktaTokenExpiryTime">Okta token expiry time.</param> public OktaJwtSecurityTokenHandler( ITokenService tokenService, ISecurityTokenValidator tokenValidator, IAsyncQueryHandler <UserSessionUpdateOktaTokenQuery, MeUserSession> userSessionUpdateOktaTokenService, IAsyncQueryHandler <UserSessionRetrievalByOktaIdQuery, MeUserSession> userSessionRetrievalByOktaIdService, IAsyncQueryHandler <UserRetrievalByIdQuery, MeUser> userRetrievalById, IAsyncQueryHandler <UserRetrievalByOktaIdQuery, MeUser> userRetrievalByOktaId, IAsyncQueryHandler <UserRetrievalByEmailQuery, MeUser> userRetrievalByEmailService, IAsyncQueryHandler <UserUpdateQuery, MeUser> userUpdateService, IAsyncQueryHandler <CreateUserQuery, MeUser> userCreationService, IOktaClient oktaClient, int oktaTokenExpiryTime) { _tokenHandler = tokenValidator; _tokenService = tokenService; _userSessionUpdateOktaTokenService = userSessionUpdateOktaTokenService; _oktaTokenExpiryTime = oktaTokenExpiryTime; _userSessionRetrievalByOktaIdService = userSessionRetrievalByOktaIdService; _userRetrievalByEmailService = userRetrievalByEmailService; _userCreationService = userCreationService; _userRetrievalByOktaId = userRetrievalByOktaId; _userRetrievalById = userRetrievalById; _userUpdateService = userUpdateService; _oktaClient = oktaClient; }
public static void ValidateTokenReplay(string securityToken, ISecurityTokenValidator tokenValidator, TokenValidationParameters validationParameters) { if (!validationParameters.ValidateTokenReplay) { return; } TokenValidationParameters tvp = validationParameters.Clone(); TokenReplayCache replayCache = new TokenReplayCache() { OnAddReturnValue = true, OnFindReturnValue = false, }; tvp.TokenReplayCache = replayCache; TestUtilities.ValidateToken(securityToken, tvp, tokenValidator, ExpectedException.NoExceptionExpected); replayCache.OnFindReturnValue = true; TestUtilities.ValidateToken(securityToken, tvp, tokenValidator, ExpectedException.SecurityTokenReplayDetected()); replayCache.OnFindReturnValue = false; replayCache.OnAddReturnValue = false; TestUtilities.ValidateToken(securityToken, tvp, tokenValidator, ExpectedException.SecurityTokenReplayAddFailed()); }
public TokenController(IOptions <AuthOptions> options, ISecurityTokenValidator jwtTokenValidator, ILogger <TokenController> logger, ITokenRefreshHandler tokenRefreshHandler, ITokenValidationParametersFactory tokenValidationParametersFactory) { if (options == null) { throw new ArgumentNullException(nameof(options), $"{nameof(options)} cannot be null"); } if (jwtTokenValidator == null) { throw new ArgumentNullException(nameof(jwtTokenValidator), $"{nameof(jwtTokenValidator)} cannot be null"); } if (logger == null) { throw new ArgumentNullException(nameof(logger), $"{nameof(logger )} cannot be null"); } if (tokenRefreshHandler == null) { throw new ArgumentNullException(nameof(tokenRefreshHandler), $"{nameof(tokenRefreshHandler)} cannot be null"); } _authOptions = options.Value; _jwtTokenValidator = jwtTokenValidator; _logger = logger; _tokenRefreshHandler = tokenRefreshHandler; _tokenValidationParametersFactory = tokenValidationParametersFactory; }
public AccessTokenValidator( ISecurityTokenValidator securityTokenValidator, ILoggerFactory loggerFactory) { _securityTokenValidator = securityTokenValidator; _logger = loggerFactory.CreateLogger <AccessTokenValidator>(); }
public Auth0ValueProvider( HttpRequest request, Auth0Options options, FunctionTokenAttribute attribute, ISecurityTokenValidator securityHandler) : base(request, options.SigningOptions, attribute, securityHandler) { }
public JwtBearerOptionsValidatorConfigureOptions(ISecurityTokenValidator securityTokenValidator) : base( JwtBearerDefaults.AuthenticationScheme, options => { options.SecurityTokenValidators.Clear(); options.SecurityTokenValidators.Add(securityTokenValidator); }) {}
public TokenValidator(ISecurityTokenValidator securityTokenValidator, IConfigurationManager <OpenIdConnectConfiguration> configurationManager, IOptions <TokenValidatorConfiguration> tokenValidatorOptions, ILogger <TokenValidator> logger) { this.securityTokenValidator = securityTokenValidator ?? throw new ArgumentNullException(nameof(securityTokenValidator)); this.configurationManager = configurationManager ?? throw new ArgumentNullException(nameof(configurationManager)); this.logger = logger ?? throw new ArgumentNullException(nameof(logger)); _ = tokenValidatorOptions ?? throw new ArgumentNullException(nameof(tokenValidatorOptions)); tokenValidatorConfiguration = tokenValidatorOptions.Value; }
public SigningKeyValueProvider( HttpRequest request, TokenSigningKeyOptions options, FunctionTokenAttribute attribute, ISecurityTokenValidator securityHandler) : base(request, options, attribute, securityHandler) { this.options = options; }
public UserHandlers( IUserApiClient userApiClient, TokensJWT tokensJWT, ISecurityTokenValidator securityTokenValidator) { this.userApiClient = userApiClient; this.tokensJWT = tokensJWT; this.securityTokenValidator = securityTokenValidator; }
public AcmeJwsPKAuthenticationHandler(IOptionsMonitor <AcmeJwsAuthenticationOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, JWS.AcmeJwsSecurityTokenHandler validator, Services.IReplayNonceRegistry nonceRegistry) : base(options, logger, encoder, clock) { _tokenValidator = validator; _nonceRegistry = nonceRegistry; }
public TokenValidationHandler() { _audience = ConfigurationManager.AppSettings["ida:Audience"]; _clientId = ConfigurationManager.AppSettings["ida:ClientId"]; var aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"]; _tenant = ConfigurationManager.AppSettings["ida:TenantId"]; _authority = string.Format(CultureInfo.InvariantCulture, aadInstance, _tenant); _configManager = new ConfigurationManager <OpenIdConnectConfiguration>($"{_authority}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever()); _tokenValidator = new JwtSecurityTokenHandler(); }
public BearerTokenB2CValueProvider( HttpRequest request, TokenAzureB2COptions options, FunctionTokenAttribute attribute, IAzureB2CTokensLoader loader, ISecurityTokenValidator securityHandler) : base(request, options, attribute, securityHandler) { this.options = options; azureB2CTokensLoader = loader; }
public SignalRConnectionInputBinding( BindingProviderContext context, IConfiguration configuration, INameResolver nameResolver, ISecurityTokenValidator securityTokenValidator, ISignalRConnectionInfoConfigurer signalRConnectionInfoConfigurer) : base(context, configuration, nameResolver) { this.securityTokenValidator = securityTokenValidator; this.signalRConnectionInfoConfigurer = signalRConnectionInfoConfigurer; this.userType = context.Parameter.ParameterType; }
/// <inheritdoc /> protected BearerTokenValueProvider( HttpRequest request, ITokenOptions options, FunctionTokenAttribute attribute, ISecurityTokenValidator tokenValidator) { InputAttribute = attribute; Request = request; Options = options; securityTokenValidator = tokenValidator; }
public SignalRConnectionInputBinding( BindingProviderContext context, IConfiguration configuration, INameResolver nameResolver, ISecurityTokenValidator securityTokenValidator, ISignalRConnectionInfoConfigurer signalRConnectionInfoConfigurer) : base(context, configuration, nameResolver) { _securityTokenValidator = securityTokenValidator; _signalRConnectionInfoConfigurer = signalRConnectionInfoConfigurer; _managerStore = StaticServiceHubContextStore.ServiceManagerStore; _userType = context.Parameter.ParameterType; }
public TokenValidationHandler() { _audience = ConfigurationManager.AppSettings["ida:Audience"]; _clientId = ConfigurationManager.AppSettings["ida:ClientId"]; var aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"]; _tenant = ConfigurationManager.AppSettings["ida:TenantId"]; _authority = string.Format(CultureInfo.InvariantCulture, aadInstance, _tenant); // The ConfigurationManager class holds properties to control the metadata refresh interval. For more details, https://docs.microsoft.com/en-us/dotnet/api/microsoft.identitymodel.protocols.configurationmanager-1?view=azure-dotnet _configManager = new ConfigurationManager <OpenIdConnectConfiguration>($"{_authority}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever()); _tokenValidator = new JwtSecurityTokenHandler(); }
public SignalRConfigProvider( INameResolver nameResolver, ILoggerFactory loggerFactory, IConfiguration configuration, IServiceManagerStore serviceManagerStore, ISecurityTokenValidator securityTokenValidator = null, ISignalRConnectionInfoConfigurer signalRConnectionInfoConfigurer = null) { this.logger = loggerFactory.CreateLogger(LogCategories.CreateTriggerCategory("SignalR")); this.nameResolver = nameResolver; this.serviceManagerStore = serviceManagerStore; this._dispatcher = new SignalRTriggerDispatcher(); inputBindingProvider = new InputBindingProvider(configuration, nameResolver, securityTokenValidator, signalRConnectionInfoConfigurer); }
public SignalRConfigProvider( IOptions <SignalROptions> options, INameResolver nameResolver, ILoggerFactory loggerFactory, IConfiguration configuration, ISecurityTokenValidator securityTokenValidator = null, ISignalRConnectionInfoConfigurer signalRConnectionInfoConfigurer = null) { this.options = options.Value; this.loggerFactory = loggerFactory; this.logger = loggerFactory.CreateLogger(LogCategories.CreateTriggerCategory("SignalR")); this.nameResolver = nameResolver; this.configuration = configuration; this._dispatcher = new SignalRTriggerDispatcher(); inputBindingProvider = new InputBindingProvider(configuration, nameResolver, securityTokenValidator, signalRConnectionInfoConfigurer); }
public void SecurityTokenHandlerCollectionExtensions_Defaults() { SecurityTokenHandlerCollection securityTokenValidators = SecurityTokenHandlerCollectionExtensions.GetDefaultHandlers(); foreach (var tokenHandler in securityTokenValidators) { ISecurityTokenValidator tokenValidator = tokenHandler as ISecurityTokenValidator; Assert.IsNotNull(tokenValidator, "tokenHandler is not ISecurityTokenHandler, is" + tokenHandler.GetType().ToString()); } securityTokenValidators = SecurityTokenHandlerCollectionExtensions.GetDefaultHandlers(); foreach (var tokenHandler in securityTokenValidators) { ISecurityTokenValidator tokenValidator = tokenHandler as ISecurityTokenValidator; Assert.IsNotNull(tokenValidator, "tokenHandler is not ISecurityTokenHandler, is" + tokenHandler.GetType().ToString()); } }
internal AuthenticationService(Auth0ApiSettings apiSettings, IConfigurationManager <OpenIdConnectConfiguration> configManager, TokenValidationParameters validationParamOverrides, IAsyncPolicy <ClaimsPrincipal> validationRequestPolicy, ISecurityTokenValidator tokenValidator) { _apiSettings = apiSettings; _configManager = configManager; _validationRequestPolicy = validationRequestPolicy; _validationParamOverrides = validationParamOverrides; _tokenValidator = tokenValidator ?? new JwtSecurityTokenHandler(); if (_validationRequestPolicy == null) { _validationRequestPolicy = Policy .Handle <SecurityTokenSignatureKeyNotFoundException>() .RetryAsync(1, (ex, retryCount) => { _configManager.RequestRefresh(); }) .AsAsyncPolicy <ClaimsPrincipal>(); } }
public static ClaimsPrincipal ValidateToken(this SecurityTokenHandlerCollection tokenHandlers, string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken) { if (tokenHandlers == null) { throw new ArgumentNullException("tokenHandlers"); } if (securityToken == null) { throw new ArgumentNullException("securityToken"); } if (validationParameters == null) { throw new ArgumentNullException("validationParameters"); } bool iSecurityTokenValidatorFound = false; foreach (SecurityTokenHandler tokenHandler in tokenHandlers) { ISecurityTokenValidator securityTokenValidator = tokenHandler as ISecurityTokenValidator; if (securityTokenValidator != null && securityTokenValidator.CanReadToken(securityToken)) { iSecurityTokenValidatorFound = true; return(securityTokenValidator.ValidateToken(securityToken, validationParameters, out validatedToken)); } } if (iSecurityTokenValidatorFound) { throw new SecurityTokenValidationException(ErrorMessages.IDX10201); } else { throw new SecurityTokenValidationException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10201, securityToken)); } }
public static void ValidateTokenReplay(string securityToken, ISecurityTokenValidator tokenValidator, TokenValidationParameters validationParameters) { TokenValidationParameters tvp = validationParameters.Clone() as TokenValidationParameters; Microsoft.IdentityModel.Test.TokenReplayCache replayCache = new Microsoft.IdentityModel.Test.TokenReplayCache() { OnAddReturnValue = true, OnFindReturnValue = false, }; tvp.TokenReplayCache = replayCache; TestUtilities.ValidateToken(securityToken, tvp, tokenValidator, ExpectedException.NoExceptionExpected); replayCache.OnFindReturnValue = true; TestUtilities.ValidateToken(securityToken, tvp, tokenValidator, ExpectedException.SecurityTokenReplayDetected()); replayCache.OnFindReturnValue = false; replayCache.OnAddReturnValue = false; TestUtilities.ValidateToken(securityToken, tvp, tokenValidator, ExpectedException.SecurityTokenReplayAddFailed()); }
public SecurityTokenTypeValidator(ISecurityTokenValidator underlyingValidator) { _underlyingValidator = underlyingValidator; }
public RiskJwtBearerPostConfigureOptions(ISecurityTokenValidator securityTokenValidator) { _securityTokenValidator = securityTokenValidator; }
public TokenValidationService(ISecurityTokenValidator jwtValidator) { _jwtValidator = jwtValidator; }
public static ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, ISecurityTokenValidator tokenValidator, ExpectedException expectedException) { ClaimsPrincipal retVal = null; try { retVal = tokenValidator.ValidateToken(securityToken, validationParameters, out SecurityToken validatedToken); expectedException.ProcessNoException(); } catch (Exception ex) { expectedException.ProcessException(ex); } return(retVal); }
public async Task Invoke(HttpContext context, ISecurityTokenValidator tokenValidator, IOptions <DelegationOptions> options, ITokenValidationParametersFactory tokenValidationParametersFactory) { if (tokenValidator == null) { throw new ArgumentNullException(nameof(tokenValidator), $"{nameof(tokenValidator)} cannot be null."); } if (tokenValidationParametersFactory == null) { throw new ArgumentNullException(nameof(tokenValidationParametersFactory), $"{nameof(tokenValidationParametersFactory)} cannot be null."); } var validationParameters = tokenValidationParametersFactory.Create(); // get DelegationUser added as scoped service var delegationUser = context.RequestServices.GetService(typeof(IDelegationUser)) as DelegationUser; bool delegationUserParsed = false; var token = string.Empty; try { token = GetDelegationJwtToken(context, options.Value.DelegationHeader); if (!string.IsNullOrWhiteSpace(token)) { if (tokenValidator.CanReadToken(token)) { ClaimsPrincipal principal = null; SecurityToken validatedToken = null; try { principal = tokenValidator.ValidateToken(token, validationParameters, out validatedToken); _logger.LogInformation($"Jwt delegation token validation succeeded"); } catch (Exception ex) { _logger.LogInformation($"Jwt delegation token validation failed. Exception: {ex.ToString()}"); throw; } ClaimsIdentity claimsIdentity = principal.Identities?.FirstOrDefault(); if (claimsIdentity != null && delegationUser.TrySetValues(claimsIdentity, token)) { delegationUserParsed = true; } } } } catch (Exception ex) { _logger.LogInformation($"Processing delegation user failed. Exception: {ex.ToString()}"); throw; } if (delegationUserParsed) { delegationUser.SetValid(true); _logger.LogInformation($"Request for delegated user: { delegationUser.Sub} ({delegationUser.GivenName} {delegationUser.SurName})"); } else { delegationUser.SetValid(false); var info = $"No delegated user detected for request { (string.IsNullOrWhiteSpace(token) ? "(no delegation token found)" : $"(delegation token: {token})") }."; _logger.LogInformation(info); } await _next.Invoke(context); }
private ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, ISecurityTokenValidator tokenValidator, ExpectedException expectedException) { ClaimsPrincipal princiapl = null; try { SecurityToken validatedToken; princiapl = tokenValidator.ValidateToken(securityToken, validationParameters, out validatedToken); expectedException.ProcessNoException(); } catch (Exception exception) { expectedException.ProcessException(exception); } return(princiapl); }
private ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, ISecurityTokenValidator tokenValidator, ExpectedException expectedException) { ClaimsPrincipal princiapl = null; try { SecurityToken validatedToken; princiapl = tokenValidator.ValidateToken(securityToken, validationParameters, out validatedToken); expectedException.ProcessNoException(); } catch (Exception exception) { expectedException.ProcessException(exception); } return princiapl; }
public SecurityTokenValidationInputBinding(ISecurityTokenValidator securityTokenValidator) { _securityTokenValidator = securityTokenValidator; }
public static ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, ISecurityTokenValidator tokenValidator, ExpectedException expectedException) { ClaimsPrincipal retVal = null; try { SecurityToken validatedToken; retVal = tokenValidator.ValidateToken(securityToken, validationParameters, out validatedToken); expectedException.ProcessNoException(); } catch (Exception ex) { expectedException.ProcessException(ex); } return retVal; }
public AzureAdTokenValidationService(IHttpContextAccessor httpContextAccessor, ISecurityTokenValidator securityTokenValidator, ILogger <AzureAdTokenValidationService> logger) { _httpContextAccessor = httpContextAccessor; _securityTokenValidator = securityTokenValidator; _logger = logger; }