public void CreateAndValidateTokens_RoundTripTokens()
{
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
CreateAndValidateParams createAndValidateParams;
string issuer = "issuer";
string originalIssuer = "originalIssuer";
createAndValidateParams = new CreateAndValidateParams
{
Case = "ClaimSets.DuplicateTypes",
Claims = ClaimSets.DuplicateTypes(issuer, originalIssuer),
CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.DuplicateTypes(issuer, originalIssuer), null),
ExceptionType = null,
TokenValidationParameters = new TokenValidationParameters
{
RequireSignedTokens = false,
ValidateAudience = false,
ValidateLifetime = false,
ValidateIssuer = false,
}
};
RunRoundTrip(createAndValidateParams, handler);
createAndValidateParams = new CreateAndValidateParams
{
Case = "ClaimSets.Simple_simpleSigned_Asymmetric",
Claims = ClaimSets.Simple(issuer, originalIssuer),
CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.Simple(issuer, originalIssuer), KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2),
ExceptionType = null,
SigningCredentials = KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2,
SigningToken = KeyingMaterial.DefaultX509Token_2048,
TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
IssuerSigningKey = new X509SecurityKey(KeyingMaterial.DefaultCert_2048),
ValidIssuer = issuer,
}
};
RunRoundTrip(createAndValidateParams, handler);
createAndValidateParams = new CreateAndValidateParams
{
Case = "ClaimSets.Simple_simpleSigned_Symmetric",
Claims = ClaimSets.Simple(issuer, originalIssuer),
CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.Simple(issuer, originalIssuer), KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2),
ExceptionType = null,
SigningCredentials = KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2,
SigningToken = KeyingMaterial.DefaultSymmetricSecurityToken_256,
TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
IssuerSigningKey = KeyingMaterial.DefaultSymmetricSecurityKey_256,
ValidIssuer = issuer,
}
};
RunRoundTrip(createAndValidateParams, handler);
}
public void CreateAndValidateTokens_DuplicateClaims()
{
SecurityToken validatedToken;
string encodedJwt = IdentityUtilities.CreateJwtToken(
new SecurityTokenDescriptor
{
AppliesToAddress = IdentityUtilities.DefaultAudience,
SigningCredentials = IdentityUtilities.DefaultSymmetricSigningCredentials,
Subject = new ClaimsIdentity(ClaimSets.DuplicateTypes(IdentityUtilities.DefaultIssuer, IdentityUtilities.DefaultIssuer)),
TokenIssuerName = IdentityUtilities.DefaultIssuer,
});
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
JwtSecurityTokenHandler.InboundClaimFilter.Add("aud");
JwtSecurityTokenHandler.InboundClaimFilter.Add("exp");
JwtSecurityTokenHandler.InboundClaimFilter.Add("iat");
JwtSecurityTokenHandler.InboundClaimFilter.Add("iss");
JwtSecurityTokenHandler.InboundClaimFilter.Add("nbf");
ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(encodedJwt, IdentityUtilities.DefaultSymmetricTokenValidationParameters, out validatedToken);
Assert.IsTrue(IdentityComparer.AreEqual <IEnumerable <Claim> >(claimsPrincipal.Claims, ClaimSets.DuplicateTypes(IdentityUtilities.DefaultIssuer, IdentityUtilities.DefaultIssuer), new CompareContext {
IgnoreProperties = true, IgnoreSubject = true
}));
JwtSecurityTokenHandler.InboundClaimFilter.Clear();
}
public void DuplicateClaims()
{
Console.WriteLine("Entering: " + MethodBase.GetCurrentMethod());
string issuer = "http://www.dupsRus.com";
string audience = "http://www.contoso.com";
JwtSecurityToken jwt = new JwtSecurityToken(issuer: issuer, audience: audience, claims: ClaimSets.DuplicateTypes(issuer, issuer), signingCredentials: KeyingMaterial.SymmetricSigningCreds_256_Sha2, lifetime: new Lifetime(DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromHours(10)));
JwtSecurityTokenHandler jwtHandler = new JwtSecurityTokenHandler();
string encodedJwt = jwtHandler.WriteToken(jwt);
JwtSecurityToken jwtRead = jwtHandler.ReadToken(encodedJwt) as JwtSecurityToken;
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
SigningToken = KeyingMaterial.BinarySecretToken_256,
AudienceUriMode = Selectors.AudienceUriMode.Never,
ValidIssuer = issuer,
};
Console.WriteLine("Comparing jwt.Claims");
IEnumerable <Claim> claims = ClaimSets.ClaimsPlus(claims: ClaimSets.DuplicateTypes(issuer, issuer), lifetime: new Lifetime(jwt.ValidFrom, jwt.ValidTo), issuer: issuer, audience: audience);
// ClaimTypes would have been translated outbound, when the jwt was created.
// Comparision should take that into account.
List <Claim> translatedClaims = new List <Claim>();
foreach (Claim c in claims)
{
translatedClaims.Add(ClaimSets.OutboundClaim(c));
}
if (!IdentityComparer.AreEqual(jwt.Claims, translatedClaims))
{
Assert.Fail("Claims are different");
}
// ClaimTypes would have been translated inbound, when the identity was created.
// Comparision should take that into account.
Console.WriteLine("Comparing Claimsprincipal Claims");
var cp = jwtHandler.ValidateToken(jwtRead, validationParameters);
translatedClaims.Clear();
foreach (Claim c in claims)
{
translatedClaims.Add(ClaimSets.InboundClaim(c));
}
Assert.IsTrue(IdentityComparer.AreEqual(translatedClaims, cp.Claims), "Claims are different");
}