public static TheoryData <JwtTheoryData> RoundTripTokensTheoryData()
{
var theoryData = new TheoryData <JwtTheoryData>();
var handler = new JwtSecurityTokenHandler();
theoryData.Add(new JwtTheoryData
{
TestId = "Test1",
TokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(null),
ValidationParameters = Default.AsymmetricSignTokenValidationParameters,
});
theoryData.Add(new JwtTheoryData
{
TestId = "Test2",
TokenDescriptor = new SecurityTokenDescriptor(),
ValidationParameters = new TokenValidationParameters
{
RequireSignedTokens = false,
ValidateAudience = false,
ValidateLifetime = false,
ValidateIssuer = false,
}
});
theoryData.Add(new JwtTheoryData
{
TestId = "Test3",
TokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(ClaimSets.DuplicateTypes()),
ValidationParameters = Default.AsymmetricSignTokenValidationParameters,
});
theoryData.Add(new JwtTheoryData
{
TestId = "Test4",
TokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(ClaimSets.DefaultClaims),
ValidationParameters = Default.AsymmetricSignTokenValidationParameters
});
theoryData.Add(new JwtTheoryData
{
TestId = "Test5",
TokenDescriptor = Default.SymmetricSignSecurityTokenDescriptor(ClaimSets.DefaultClaims),
ValidationParameters = Default.SymmetricEncryptSignTokenValidationParameters
});
theoryData.Add(new JwtTheoryData
{
TestId = "Test6",
TokenDescriptor = Default.SymmetricSignSecurityTokenDescriptor(ClaimSets.GetDefaultRoleClaims(handler)),
ValidationParameters = Default.SymmetricEncryptSignTokenValidationParameters
});
return(theoryData);
}
public void RoleClaims()
{
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
TokenValidationParameters validationParameters = new TokenValidationParameters
{
RequireSignedTokens = false,
ValidateAudience = false,
ValidateIssuer = false
};
DateTime utcNow = DateTime.UtcNow;
DateTime expire = utcNow + TimeSpan.FromHours(1);
ClaimsIdentity subject = new ClaimsIdentity(claims: ClaimSets.GetDefaultRoleClaims(null));
JwtSecurityToken jwtToken = handler.CreateJwtSecurityToken(Default.Issuer, Default.Audience, subject, utcNow, expire, utcNow);
SecurityToken securityToken;
ClaimsPrincipal principal = handler.ValidateToken(jwtToken.RawData, validationParameters, out securityToken);
CheckForRoles(ClaimSets.GetDefaultRoles(), new string[] { Guid.NewGuid().ToString(), Guid.NewGuid().ToString() }, principal);
ClaimsIdentity expectedIdentity =
new ClaimsIdentity(
authenticationType: "Federation",
claims: ClaimSets.GetDefaultRoleClaims(handler)
);
expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Iss, Default.Issuer, ClaimValueTypes.String, Default.Issuer));
expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Aud, Default.Audience, ClaimValueTypes.String, Default.Issuer));
expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Exp, EpochTime.GetIntDate(expire).ToString(), ClaimValueTypes.Integer, Default.Issuer));
expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Nbf, EpochTime.GetIntDate(utcNow).ToString(), ClaimValueTypes.Integer, Default.Issuer));
expectedIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Iat, EpochTime.GetIntDate(utcNow).ToString(), ClaimValueTypes.Integer, Default.Issuer));
CompareContext context = new CompareContext {
IgnoreType = true
};
IdentityComparer.AreEqual(principal.Claims, expectedIdentity.Claims, context);
TestUtilities.AssertFailIfErrors(GetType().ToString() + ".RoleClaims", context.Diffs);
}
public static TheoryData <CreateAndValidateParams> CreationParams()
{
var theoryData = new TheoryData <CreateAndValidateParams>();
var handler = new JwtSecurityTokenHandler();
theoryData.Add(new CreateAndValidateParams
{
Case = "Test1",
SecurityTokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(null),
TokenValidationParameters = Default.AsymmetricSignTokenValidationParameters,
});
theoryData.Add(new CreateAndValidateParams
{
Case = "Test2",
SecurityTokenDescriptor = new SecurityTokenDescriptor(),
TokenValidationParameters = new TokenValidationParameters
{
RequireSignedTokens = false,
ValidateAudience = false,
ValidateLifetime = false,
ValidateIssuer = false,
}
});
theoryData.Add(new CreateAndValidateParams
{
Case = "Test3",
ExceptionType = null,
SecurityTokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(ClaimSets.DuplicateTypes()),
TokenValidationParameters = Default.AsymmetricSignTokenValidationParameters,
});
theoryData.Add(new CreateAndValidateParams
{
Case = "Test4",
ExceptionType = null,
SecurityTokenDescriptor = Default.AsymmetricSignSecurityTokenDescriptor(ClaimSets.DefaultClaims),
TokenValidationParameters = Default.AsymmetricSignTokenValidationParameters
});
theoryData.Add(new CreateAndValidateParams
{
Case = "Test5",
ExceptionType = null,
SecurityTokenDescriptor = Default.SymmetricSignSecurityTokenDescriptor(ClaimSets.DefaultClaims),
TokenValidationParameters = Default.SymmetricEncyptSignTokenValidationParameters
});
theoryData.Add(new CreateAndValidateParams
{
Case = "Test6",
ExceptionType = null,
SecurityTokenDescriptor = Default.SymmetricSignSecurityTokenDescriptor(ClaimSets.GetDefaultRoleClaims(handler)),
TokenValidationParameters = Default.SymmetricEncyptSignTokenValidationParameters
});
return(theoryData);
}
public static TheoryData <CreateAndValidateParams> CreationParams()
{
var createParams = new TheoryData <CreateAndValidateParams>();
var expires = DateTime.UtcNow + TimeSpan.FromDays(1);
var handler = new JwtSecurityTokenHandler();
var nbf = DateTime.UtcNow;
var signingCredentials = new SigningCredentials(KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256, SecurityAlgorithms.RsaSha256Signature);
var verifyingKey = KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256_Public;
createParams.Add(new CreateAndValidateParams
{
Case = "ClaimSets.NoClaims",
SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(null),
TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters,
});
createParams.Add(new CreateAndValidateParams
{
Case = "EmptyToken",
SecurityTokenDescriptor = new SecurityTokenDescriptor(),
TokenValidationParameters = new TokenValidationParameters
{
RequireSignedTokens = false,
ValidateAudience = false,
ValidateLifetime = false,
ValidateIssuer = false,
}
});
createParams.Add(new CreateAndValidateParams
{
Case = "ClaimSets.DuplicateTypes",
ExceptionType = null,
SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(ClaimSets.DuplicateTypes()),
TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters,
});
createParams.Add(new CreateAndValidateParams
{
Case = "ClaimSets.Simple_Asymmetric",
ExceptionType = null,
SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(ClaimSets.DefaultClaims),
TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters
});
createParams.Add(new CreateAndValidateParams
{
Case = "ClaimSets.Simple_Symmetric",
ExceptionType = null,
SecurityTokenDescriptor = IdentityUtilities.DefaultSymmetricSecurityTokenDescriptor(ClaimSets.DefaultClaims),
TokenValidationParameters = IdentityUtilities.DefaultSymmetricTokenValidationParameters
});
createParams.Add(new CreateAndValidateParams
{
Case = "ClaimSets.RoleClaims",
ExceptionType = null,
SecurityTokenDescriptor = IdentityUtilities.DefaultSymmetricSecurityTokenDescriptor(ClaimSets.GetDefaultRoleClaims(handler)),
TokenValidationParameters = IdentityUtilities.DefaultSymmetricTokenValidationParameters
});
return(createParams);
}
