private ClaimsIdentityCollection ValidateTokenCore(System.IdentityModel.Tokens.SecurityToken token, bool isActorToken)
{
JsonWebSecurityToken jsonWebSecurityToken = token as JsonWebSecurityToken;
if (jsonWebSecurityToken == null)
{
return(base.ValidateToken(token));
}
if (base.Configuration == null)
{
throw new System.InvalidOperationException("No configuration.");
}
if (base.Configuration.IssuerNameRegistry == null)
{
throw new System.InvalidOperationException("No issuername registry configured.");
}
this.ValidateLifetime(jsonWebSecurityToken);
this.ValidateAudience(jsonWebSecurityToken);
System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = jsonWebSecurityToken.IssuerToken as System.IdentityModel.Tokens.X509SecurityToken;
if (x509SecurityToken != null)
{
base.Configuration.CertificateValidator.Validate(x509SecurityToken.Certificate);
}
ClaimsIdentityCollection claimsIdentityCollection = new ClaimsIdentityCollection();
ClaimsIdentity claimsIdentity = new ClaimsIdentity("Federation");
if (!isActorToken && jsonWebSecurityToken.ActorToken != null)
{
ValidateActorTokenForAppOnly(jsonWebSecurityToken.ActorToken);
ClaimsIdentityCollection claimsIdentityCollection2 = this.ValidateActorToken(jsonWebSecurityToken.ActorToken);
if (claimsIdentityCollection2.Count > 1)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. Actor has multiple identities.");
}
claimsIdentity.Actor = claimsIdentityCollection2[0];
}
string issuerName = this.GetIssuerName(jsonWebSecurityToken);
foreach (JsonWebTokenClaim current in jsonWebSecurityToken.Claims)
{
if (claimsIdentity.Actor == null || !System.StringComparer.Ordinal.Equals("actortoken", current.ClaimType))
{
string text = current.Value;
if (text == null)
{
text = "NULL";
}
claimsIdentity.Claims.Add(new Claim(current.ClaimType, text, "http://www.w3.org/2001/XMLSchema#string", issuerName));
}
}
if (!isActorToken && base.Configuration.SaveBootstrapTokens)
{
claimsIdentity.BootstrapToken = token;
}
claimsIdentityCollection.Add(claimsIdentity);
return(claimsIdentityCollection);
}
public override ClaimsIdentityCollection ValidateToken(SecurityToken token)
{
ClaimsIdentityCollection idColl = new ClaimsIdentityCollection();
IClaimsIdentity id = new ClaimsIdentity((token as MyCustomToken).Claims);
idColl.Add(id);
return(idColl);
}
/// <summary>
/// This methos validates the Simple Web Token.
/// </summary>
/// <param name="token">A simple web token.</param>
/// <returns>A Claims Collection which contains all the claims from the token.</returns>
public ClaimsIdentityCollection ValidateToken(SecurityToken token, string key)
{
SimpleWebToken realToken = token as SimpleWebToken;
if (realToken == null)
{
throw new InvalidTokenReceivedException("The received token is of incorrect token type.Expected SimpleWebToken");
}
if (realToken.AudienceUri != OAuthConfiguration.Configuration.ServiceSettings.Realm)
{
throw new InvalidTokenReceivedException("The Audience Uri of the incoming token is not expected. Expected AudienceUri is " + OAuthConfiguration.Configuration.ServiceSettings.Realm);
}
if (StringComparer.OrdinalIgnoreCase.Compare(realToken.Issuer, OAuthConfiguration.Configuration.StsSettings.IssuerUri.ToString()) != 0)
{
throw new InvalidTokenReceivedException("The Issuer of the token is not trusted. Trusted issuer is " + OAuthConfiguration.Configuration.StsSettings.IssuerUri);
}
if (!realToken.SignVerify(Convert.FromBase64String(key)))
{
throw new InvalidTokenReceivedException("Signature verification of the incoming token failed.");
}
if (DateTime.Compare(realToken.ValidTo, DateTime.UtcNow) <= 0)
{
throw new ExpiredTokenReceivedException("The incoming token has expired. Get a new access token from the Authorization Server.");
}
ClaimsIdentityCollection identities = new ClaimsIdentityCollection();
ClaimsIdentity identity = new ClaimsIdentity();
foreach (var claim in realToken.Claims)
{
identity.Claims.Add(claim);
}
identities.Add(identity);
return(identities);
}
public override ClaimsIdentityCollection ValidateToken(SecurityToken token)
{
UserNameSecurityToken unToken = token as UserNameSecurityToken;
if (unToken == null)
{
throw new ArgumentException("token");
}
// replace with proper password validation!
if (!(unToken.UserName == "demouser" && unToken.Password == "demouser"))
{
throw new SecurityTokenValidationException();
}
ClaimsIdentity id = new ClaimsIdentity(new List<Claim>
{
new Claim(WSIdentityConstants.ClaimTypes.Name, unToken.UserName)
}, "UserName");
var ids = new ClaimsIdentityCollection();
ids.Add(id);
return ids;
}
/// <summary>
///
/// </summary>
/// <param name="token"></param>
/// <returns></returns>
public override ClaimsIdentityCollection ValidateToken(SecurityToken token)
{
if (null == token)
throw new ArgumentNullException("token");
SimpleWebToken webToken = token as SimpleWebToken;
if (null == webToken)
throw new SecurityTokenException("The token provided to ValidateToken must be a SimpleWebToken.");
if (false == webToken.IsSignatureValid())
throw new SecurityTokenException("Signature is invalid.");
if (webToken.ValidTo < DateTime.Now)
throw new SecurityTokenException("Token is expired");
if (false == IsIssuerTrusted(webToken))
throw new SecurityTokenException("Issuer not trusted");
if (false == IsAudienceTrusted(webToken))
throw new SecurityTokenException("Invalid audience");
ClaimsIdentityCollection identities = new ClaimsIdentityCollection();
identities.Add(CreateClaims(webToken.Values));
return identities;
}
/// <summary>
/// This methos validates the Simple Web Token.
/// </summary>
/// <param name="token">A simple web token.</param>
/// <returns>A Claims Collection which contains all the claims from the token.</returns>
public ClaimsIdentityCollection ValidateToken(SecurityToken token, string key)
{
SimpleWebToken realToken = token as SimpleWebToken;
if (realToken == null)
{
throw new InvalidTokenReceivedException("The received token is of incorrect token type.Expected SimpleWebToken");
}
if (realToken.AudienceUri != OAuthConfiguration.Configuration.ServiceSettings.Realm)
{
throw new InvalidTokenReceivedException("The Audience Uri of the incoming token is not expected. Expected AudienceUri is " + OAuthConfiguration.Configuration.ServiceSettings.Realm);
}
if (StringComparer.OrdinalIgnoreCase.Compare(realToken.Issuer, OAuthConfiguration.Configuration.StsSettings.IssuerUri.ToString()) != 0)
{
throw new InvalidTokenReceivedException("The Issuer of the token is not trusted. Trusted issuer is " + OAuthConfiguration.Configuration.StsSettings.IssuerUri);
}
if (!realToken.SignVerify(Convert.FromBase64String(key)))
{
throw new InvalidTokenReceivedException("Signature verification of the incoming token failed.");
}
if (DateTime.Compare(realToken.ValidTo, DateTime.UtcNow) <= 0)
{
throw new ExpiredTokenReceivedException("The incoming token has expired. Get a new access token from the Authorization Server.");
}
ClaimsIdentityCollection identities = new ClaimsIdentityCollection();
ClaimsIdentity identity = new ClaimsIdentity();
foreach (var claim in realToken.Claims)
{
identity.Claims.Add(claim);
}
identities.Add(identity);
return identities;
}
private ClaimsIdentityCollection GetIdentitiesFromClaim(IClaimsPrincipal incomingPrincipal, string claimType, string claimValue)
{
ClaimsIdentityCollection ids = new ClaimsIdentityCollection();
foreach ( IClaimsIdentity identity in incomingPrincipal.Identities )
{
foreach (Claim c in identity.Claims)
{
if (c.ClaimType == claimType && c.Value == claimValue)
{
ids.Add(identity);
}
}
}
return ids;
}
public override ClaimsIdentityCollection ValidateToken(SecurityToken token)
{
CustomTextTraceSource ts = new CustomTextTraceSource("IdpSts.CustomUserNameSecurityTokenHandler.ValidateToken",
"MyTraceSource", SourceLevels.Information);
//StackTracer.TraceStack(ts);
UserNameSecurityToken usernameToken = token as UserNameSecurityToken;
if (usernameToken == null)
{
throw new ArgumentException("usernameToken", "The security token is not a valid username security token.");
}
// will throw if fails
UsernameCredentialStore.AuthenticateUser(usernameToken.UserName, usernameToken.Password);
ClaimsIdentityCollection identities = new ClaimsIdentityCollection();
IClaimsIdentity claimsIdentity = new ClaimsIdentity("CustomUserNameSecurityTokenHandler");
claimsIdentity.Claims.Add(new Claim(System.IdentityModel.Claims.ClaimTypes.Name, usernameToken.UserName));
identities.Add(claimsIdentity);
return identities;
}
