public static TheoryData <JwtTheoryData> RoundTripTokensTheoryData() { var theoryData = new TheoryData <JwtTheoryData>(); var handler = new JwtSecurityTokenHandler(); theoryData.Add(new JwtTheoryData { TestId = "Test1", TokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(null), ValidationParameters = Default.AsymmetricSignTokenValidationParameters, }); theoryData.Add(new JwtTheoryData { TestId = "Test2", TokenDescriptor = new SecurityTokenDescriptor(), ValidationParameters = new TokenValidationParameters { RequireSignedTokens = false, ValidateAudience = false, ValidateLifetime = false, ValidateIssuer = false, } }); theoryData.Add(new JwtTheoryData { TestId = "Test3", TokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(ClaimSets.DuplicateTypes()), ValidationParameters = Default.AsymmetricSignTokenValidationParameters, }); theoryData.Add(new JwtTheoryData { TestId = "Test4", TokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(ClaimSets.DefaultClaims), ValidationParameters = Default.AsymmetricSignTokenValidationParameters }); theoryData.Add(new JwtTheoryData { TestId = "Test5", TokenDescriptor = Default.SymmetricSignSecurityTokenDescriptor(ClaimSets.DefaultClaims), ValidationParameters = Default.SymmetricEncryptSignTokenValidationParameters }); theoryData.Add(new JwtTheoryData { TestId = "Test6", TokenDescriptor = Default.SymmetricSignSecurityTokenDescriptor(ClaimSets.GetDefaultRoleClaims(handler)), ValidationParameters = Default.SymmetricEncryptSignTokenValidationParameters }); return(theoryData); }
public void RoleClaims() { JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); TokenValidationParameters validationParameters = new TokenValidationParameters { RequireSignedTokens = false, ValidateAudience = false, ValidateIssuer = false }; DateTime utcNow = DateTime.UtcNow; DateTime expire = utcNow + TimeSpan.FromHours(1); ClaimsIdentity subject = new ClaimsIdentity(claims: ClaimSets.GetDefaultRoleClaims(null)); JwtSecurityToken jwtToken = handler.CreateJwtSecurityToken(Default.Issuer, Default.Audience, subject, utcNow, expire, utcNow); SecurityToken securityToken; ClaimsPrincipal principal = handler.ValidateToken(jwtToken.RawData, validationParameters, out securityToken); CheckForRoles(ClaimSets.GetDefaultRoles(), new string[] { Guid.NewGuid().ToString(), Guid.NewGuid().ToString() }, principal); ClaimsIdentity expectedIdentity = new ClaimsIdentity( authenticationType: "Federation", claims: ClaimSets.GetDefaultRoleClaims(handler) ); expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Iss, Default.Issuer, ClaimValueTypes.String, Default.Issuer)); expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Aud, Default.Audience, ClaimValueTypes.String, Default.Issuer)); expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Exp, EpochTime.GetIntDate(expire).ToString(), ClaimValueTypes.Integer, Default.Issuer)); expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Nbf, EpochTime.GetIntDate(utcNow).ToString(), ClaimValueTypes.Integer, Default.Issuer)); expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Iat, EpochTime.GetIntDate(utcNow).ToString(), ClaimValueTypes.Integer, Default.Issuer)); CompareContext context = new CompareContext { IgnoreType = true }; IdentityComparer.AreEqual(principal.Claims, expectedIdentity.Claims, context); TestUtilities.AssertFailIfErrors(GetType().ToString() + ".RoleClaims", context.Diffs); }
public static TheoryData <CreateAndValidateParams> CreationParams() { var theoryData = new TheoryData <CreateAndValidateParams>(); var handler = new JwtSecurityTokenHandler(); theoryData.Add(new CreateAndValidateParams { Case = "Test1", SecurityTokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(null), TokenValidationParameters = Default.AsymmetricSignTokenValidationParameters, }); theoryData.Add(new CreateAndValidateParams { Case = "Test2", SecurityTokenDescriptor = new SecurityTokenDescriptor(), TokenValidationParameters = new TokenValidationParameters { RequireSignedTokens = false, ValidateAudience = false, ValidateLifetime = false, ValidateIssuer = false, } }); theoryData.Add(new CreateAndValidateParams { Case = "Test3", ExceptionType = null, SecurityTokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(ClaimSets.DuplicateTypes()), TokenValidationParameters = Default.AsymmetricSignTokenValidationParameters, }); theoryData.Add(new CreateAndValidateParams { Case = "Test4", ExceptionType = null, SecurityTokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(ClaimSets.DefaultClaims), TokenValidationParameters = Default.AsymmetricSignTokenValidationParameters }); theoryData.Add(new CreateAndValidateParams { Case = "Test5", ExceptionType = null, SecurityTokenDescriptor = Default.SymmetricSignSecurityTokenDescriptor(ClaimSets.DefaultClaims), TokenValidationParameters = Default.SymmetricEncyptSignTokenValidationParameters }); theoryData.Add(new CreateAndValidateParams { Case = "Test6", ExceptionType = null, SecurityTokenDescriptor = Default.SymmetricSignSecurityTokenDescriptor(ClaimSets.GetDefaultRoleClaims(handler)), TokenValidationParameters = Default.SymmetricEncyptSignTokenValidationParameters }); return(theoryData); }
public static TheoryData <CreateAndValidateParams> CreationParams() { var createParams = new TheoryData <CreateAndValidateParams>(); var expires = DateTime.UtcNow + TimeSpan.FromDays(1); var handler = new JwtSecurityTokenHandler(); var nbf = DateTime.UtcNow; var signingCredentials = new SigningCredentials(KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256, SecurityAlgorithms.RsaSha256Signature); var verifyingKey = KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256_Public; createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.NoClaims", SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(null), TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters, }); createParams.Add(new CreateAndValidateParams { Case = "EmptyToken", SecurityTokenDescriptor = new SecurityTokenDescriptor(), TokenValidationParameters = new TokenValidationParameters { RequireSignedTokens = false, ValidateAudience = false, ValidateLifetime = false, ValidateIssuer = false, } }); createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.DuplicateTypes", ExceptionType = null, SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(ClaimSets.DuplicateTypes()), TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters, }); createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.Simple_Asymmetric", ExceptionType = null, SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(ClaimSets.DefaultClaims), TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters }); createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.Simple_Symmetric", ExceptionType = null, SecurityTokenDescriptor = IdentityUtilities.DefaultSymmetricSecurityTokenDescriptor(ClaimSets.DefaultClaims), TokenValidationParameters = IdentityUtilities.DefaultSymmetricTokenValidationParameters }); createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.RoleClaims", ExceptionType = null, SecurityTokenDescriptor = IdentityUtilities.DefaultSymmetricSecurityTokenDescriptor(ClaimSets.GetDefaultRoleClaims(handler)), TokenValidationParameters = IdentityUtilities.DefaultSymmetricTokenValidationParameters }); return(createParams); }