private void RunAudienceVariation(List <Claim> audienceClaims, List <string> expectedAudiences, CompareContext context)
{
var handler = new JwtSecurityTokenHandler();
var tokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(audienceClaims);
tokenDescriptor.Audience = null;
var jwt = handler.CreateEncodedJwt(tokenDescriptor);
SecurityToken token = null;
var claimsPrincipal = handler.ValidateToken(jwt, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, out token);
var jwtToken = token as JwtSecurityToken;
var audiences = jwtToken.Audiences;
IdentityComparer.AreEqual(audiences, expectedAudiences as IEnumerable <string>, context);
ClaimsIdentity identity = claimsPrincipal.Identity as ClaimsIdentity;
IdentityComparer.AreEqual(identity.FindAll(JwtRegisteredClaimNames.Aud), audienceClaims, context);
}
public void InboundFilterTest()
{
var handler = new JwtSecurityTokenHandler();
handler.OutboundClaimTypeMap.Clear();
var claims = ClaimSets.DefaultClaims;
string encodedJwt = handler.CreateEncodedJwt(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(claims));
handler.InboundClaimTypeMap.Clear();
handler.InboundClaimFilter.Add("aud");
handler.InboundClaimFilter.Add("exp");
handler.InboundClaimFilter.Add("iat");
handler.InboundClaimFilter.Add("iss");
handler.InboundClaimFilter.Add("nbf");
SecurityToken validatedToken;
ClaimsPrincipal claimsPrincipal = handler.ValidateToken(encodedJwt, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, out validatedToken);
var context = new CompareContext();
IdentityComparer.AreEqual(claimsPrincipal.Claims, claims, context);
TestUtilities.AssertFailIfErrors(context.Diffs);
}
public static TheoryData <CreateAndValidateParams> CreationParams()
{
var createParams = new TheoryData <CreateAndValidateParams>();
var expires = DateTime.UtcNow + TimeSpan.FromDays(1);
var handler = new JwtSecurityTokenHandler();
var nbf = DateTime.UtcNow;
var signingCredentials = new SigningCredentials(KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256, SecurityAlgorithms.RsaSha256Signature);
var verifyingKey = KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256_Public;
createParams.Add(new CreateAndValidateParams
{
Case = "ClaimSets.NoClaims",
SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(null),
TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters,
});
createParams.Add(new CreateAndValidateParams
{
Case = "EmptyToken",
SecurityTokenDescriptor = new SecurityTokenDescriptor(),
TokenValidationParameters = new TokenValidationParameters
{
RequireSignedTokens = false,
ValidateAudience = false,
ValidateLifetime = false,
ValidateIssuer = false,
}
});
createParams.Add(new CreateAndValidateParams
{
Case = "ClaimSets.DuplicateTypes",
ExceptionType = null,
SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(ClaimSets.DuplicateTypes()),
TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters,
});
createParams.Add(new CreateAndValidateParams
{
Case = "ClaimSets.Simple_Asymmetric",
ExceptionType = null,
SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(ClaimSets.DefaultClaims),
TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters
});
createParams.Add(new CreateAndValidateParams
{
Case = "ClaimSets.Simple_Symmetric",
ExceptionType = null,
SecurityTokenDescriptor = IdentityUtilities.DefaultSymmetricSecurityTokenDescriptor(ClaimSets.DefaultClaims),
TokenValidationParameters = IdentityUtilities.DefaultSymmetricTokenValidationParameters
});
createParams.Add(new CreateAndValidateParams
{
Case = "ClaimSets.RoleClaims",
ExceptionType = null,
SecurityTokenDescriptor = IdentityUtilities.DefaultSymmetricSecurityTokenDescriptor(ClaimSets.GetDefaultRoleClaims(handler)),
TokenValidationParameters = IdentityUtilities.DefaultSymmetricTokenValidationParameters
});
return(createParams);
}
