private JsonWebSecurityTokenHandler GetSecurityTokenHandler(string audience, string authMetadataEndpoint, X509Certificate2 currentCertificate) { JsonWebSecurityTokenHandler jsonTokenHandler = new JsonWebSecurityTokenHandler(); jsonTokenHandler.Configuration = new Microsoft.IdentityModel.Tokens.SecurityTokenHandlerConfiguration(); jsonTokenHandler.Configuration.AudienceRestriction = new Microsoft.IdentityModel.Tokens.AudienceRestriction(AudienceUriMode.Always); jsonTokenHandler.Configuration.AudienceRestriction.AllowedAudienceUris.Add( new Uri(audience, UriKind.RelativeOrAbsolute)); jsonTokenHandler.Configuration.CertificateValidator = X509CertificateValidator.None; jsonTokenHandler.Configuration.IssuerTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver( new ReadOnlyCollection<SecurityToken>(new List<SecurityToken>( new SecurityToken[] { new X509SecurityToken(currentCertificate) })), false); Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry issuerNameRegistry = new Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry(); issuerNameRegistry.AddTrustedIssuer(currentCertificate.Thumbprint, Config.ExchangeApplicationIdentifier); jsonTokenHandler.Configuration.IssuerNameRegistry = issuerNameRegistry; return jsonTokenHandler; }
private JsonWebSecurityTokenHandler GetSecurityTokenHandler(string audience, string authMetadataEndpoint, X509Certificate2 currentCertificate) { JsonWebSecurityTokenHandler jsonTokenHandler = new JsonWebSecurityTokenHandler(); jsonTokenHandler.Configuration = new Microsoft.IdentityModel.Tokens.SecurityTokenHandlerConfiguration(); jsonTokenHandler.Configuration.AudienceRestriction = new Microsoft.IdentityModel.Tokens.AudienceRestriction(AudienceUriMode.Always); jsonTokenHandler.Configuration.AudienceRestriction.AllowedAudienceUris.Add( new Uri(audience, UriKind.RelativeOrAbsolute)); jsonTokenHandler.Configuration.CertificateValidator = X509CertificateValidator.None; jsonTokenHandler.Configuration.IssuerTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver( new ReadOnlyCollection <SecurityToken>(new List <SecurityToken>( new SecurityToken[] { new X509SecurityToken(currentCertificate) })), false); Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry issuerNameRegistry = new Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry(); issuerNameRegistry.AddTrustedIssuer(currentCertificate.Thumbprint, Config.ExchangeApplicationIdentifier); jsonTokenHandler.Configuration.IssuerNameRegistry = issuerNameRegistry; return(jsonTokenHandler); }