public void CreateAndValidateTokens_RoundTripTokens() { JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); CreateAndValidateParams createAndValidateParams; string issuer = "issuer"; string originalIssuer = "originalIssuer"; createAndValidateParams = new CreateAndValidateParams { Case = "ClaimSets.DuplicateTypes", Claims = ClaimSets.DuplicateTypes(issuer, originalIssuer), CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.DuplicateTypes(issuer, originalIssuer), null), ExceptionType = null, TokenValidationParameters = new TokenValidationParameters { RequireSignedTokens = false, ValidateAudience = false, ValidateLifetime = false, ValidateIssuer = false, } }; RunRoundTrip(createAndValidateParams, handler); createAndValidateParams = new CreateAndValidateParams { Case = "ClaimSets.Simple_simpleSigned_Asymmetric", Claims = ClaimSets.Simple(issuer, originalIssuer), CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.Simple(issuer, originalIssuer), KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2), ExceptionType = null, SigningCredentials = KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2, SigningToken = KeyingMaterial.DefaultX509Token_2048, TokenValidationParameters = new TokenValidationParameters { ValidateAudience = false, IssuerSigningKey = new X509SecurityKey(KeyingMaterial.DefaultCert_2048), ValidIssuer = issuer, } }; RunRoundTrip(createAndValidateParams, handler); createAndValidateParams = new CreateAndValidateParams { Case = "ClaimSets.Simple_simpleSigned_Symmetric", Claims = ClaimSets.Simple(issuer, originalIssuer), CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.Simple(issuer, originalIssuer), KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2), ExceptionType = null, SigningCredentials = KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2, SigningToken = KeyingMaterial.DefaultSymmetricSecurityToken_256, TokenValidationParameters = new TokenValidationParameters { ValidateAudience = false, IssuerSigningKey = KeyingMaterial.DefaultSymmetricSecurityKey_256, ValidIssuer = issuer, } }; RunRoundTrip(createAndValidateParams, handler); }
private void RunRoundTrip(CreateAndValidateParams jwtParams, JwtSecurityTokenHandler handler) { SecurityToken validatedToken; string jwt = handler.WriteToken(jwtParams.CompareTo); ClaimsPrincipal principal = handler.ValidateToken(jwt, jwtParams.TokenValidationParameters, out validatedToken); // create from security descriptor SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor(); tokenDescriptor.SigningCredentials = jwtParams.SigningCredentials; tokenDescriptor.Lifetime = new Lifetime(jwtParams.CompareTo.ValidFrom, jwtParams.CompareTo.ValidTo); tokenDescriptor.Subject = new ClaimsIdentity(jwtParams.Claims); tokenDescriptor.TokenIssuerName = jwtParams.CompareTo.Issuer; foreach (string str in jwtParams.CompareTo.Audiences) { if (!string.IsNullOrWhiteSpace(str)) { tokenDescriptor.AppliesToAddress = str; } } JwtSecurityToken token = handler.CreateToken(tokenDescriptor) as JwtSecurityToken; Assert.IsTrue(IdentityComparer.AreEqual(token, jwtParams.CompareTo), "!IdentityComparer.AreEqual( token, jwtParams.CompareTo )"); // write as xml MemoryStream ms = new MemoryStream(); XmlDictionaryWriter writer = XmlDictionaryWriter.CreateDictionaryWriter(XmlTextWriter.Create(ms)); handler.WriteToken(writer, jwtParams.CompareTo); writer.Flush(); ms.Flush(); ms.Seek(0, SeekOrigin.Begin); XmlDictionaryReader reader = XmlDictionaryReader.CreateTextReader(ms, XmlDictionaryReaderQuotas.Max); reader.Read(); token = handler.ReadToken(reader) as JwtSecurityToken; ms.Close(); IdentityComparer.AreEqual(token, jwtParams.CompareTo); }