public AuthorizedModel ValidateToken( AuthenticationHeaderValue value, JwtBindingConfiguration config) { if (value?.Scheme != "Bearer") { throw new AuthorizationSchemeNotSupportedException(value?.Scheme); } if (string.IsNullOrWhiteSpace(config.Issuer)) { throw new ConfigurationException("Configuring an issuer is required in order to validate a JWT Token"); } var validationParameter = GetTokenValidationParameters(config.Issuer, config.Audience, config.IssuerPattern); if (!string.IsNullOrWhiteSpace(config.Signature)) { var sig = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(config.Signature)); validationParameter.IssuerSigningKey = sig; } else { var securityKeys = GetSigningKeys(config.Issuer).Result; validationParameter.IssuerSigningKeys = securityKeys; } try { var handler = new JwtSecurityTokenHandler(); var claimsPrincipal = handler.ValidateToken(value.Parameter, validationParameter, out var token); ValidateIssuerPattern(token, config.IssuerPattern); ValidateScopes(token, config.Scopes); ValidateRoles(token, config.Roles); ValidateIdentities(token, config.AllowedIdentities); var displayName = GetDisplayNameFromToken(claimsPrincipal); return(GetAuthorizedModelFromToken(token, displayName)); } catch (SecurityTokenSignatureKeyNotFoundException ex1) { _logger.LogError(ex1, "Failed to validate token signature, token is considered to be invalid"); throw new AuthorizationFailedException(ex1); } catch (SecurityTokenException ex2) { _logger.LogError(ex2, "Failed to validate, token is considered to be invalid"); throw new AuthorizationFailedException(ex2); } catch (Exception ex) { _logger.LogError(ex, "Unknown exception occurred while trying to validate JWT Token"); throw new AuthorizationFailedException(ex); } }
private AuthorizedModel Validate() { var config = new JwtBindingConfiguration { Signature = _signature, Scopes = _scopes, Audience = _audience, Issuer = _issuer, IssuerPattern = _issuerPattern }; return(_service.ValidateToken( new AuthenticationHeaderValue(_scheme, _token), config)); }
private void Act() { var config = new JwtBindingConfiguration { SymmetricSecuritySigningKey = _symmetricSigningKey, Scopes = _scopes, Audience = _audience, Issuer = _issuer, IssuerPattern = _issuerPattern, AllowedIdentities = _allowedIdentities }; _service.ValidateToken( new AuthenticationHeaderValue(_scheme, _token), config); }
private static SecurityKey GetIssuerSigningKey(JwtBindingConfiguration config) { if (!string.IsNullOrWhiteSpace(config.SymmetricSecuritySigningKey)) { return(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(config.SymmetricSecuritySigningKey))); } if (!string.IsNullOrWhiteSpace(config.X509CertificateSigningKey)) { var certificate = new X509Certificate2(Convert.FromBase64String(config.X509CertificateSigningKey)); var certificateKey = new X509SecurityKey(certificate); return(certificateKey); } return(null); }
private AuthorizedModel Validate() { var config = new JwtBindingConfiguration { Scopes = _scopes, Audience = _audience, Issuer = _issuer, IssuerPattern = _issuerPattern }; if (!string.IsNullOrWhiteSpace(_certificateWithPrivateKey)) { config.X509CertificateSigningKey = _certificateWithPublicKey; } else { config.SymmetricSecuritySigningKey = _symmetricSigningKey; } return(_service.ValidateToken( new AuthenticationHeaderValue(_scheme, _token), config)); }