public static ClaimsPrincipal ValidateToken(this SecurityTokenHandlerCollection tokenHandlers, string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken) { if (tokenHandlers == null) { throw new ArgumentNullException("tokenHandlers"); } if (securityToken == null) { throw new ArgumentNullException("securityToken"); } if (validationParameters == null) { throw new ArgumentNullException("validationParameters"); } bool iSecurityTokenValidatorFound = false; foreach (SecurityTokenHandler tokenHandler in tokenHandlers) { ISecurityTokenValidator securityTokenValidator = tokenHandler as ISecurityTokenValidator; if (securityTokenValidator != null && securityTokenValidator.CanReadToken(securityToken)) { iSecurityTokenValidatorFound = true; return(securityTokenValidator.ValidateToken(securityToken, validationParameters, out validatedToken)); } } if (iSecurityTokenValidatorFound) { throw new SecurityTokenValidationException(ErrorMessages.IDX10201); } else { throw new SecurityTokenValidationException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10201, securityToken)); } }
public async Task <ClaimsPrincipal> ValidateTokenAsync(string token) { if (!securityTokenValidator.CanReadToken(token)) { logger.LogError(AuthenticationResources.TokenInvalid); return(null); } if (ValidationParameters == null) { var openIdConnectConfiguration = await configurationManager.GetConfigurationAsync(CancellationToken.None); ValidationParameters = new TokenValidationParameters() { IssuerSigningKeys = openIdConnectConfiguration.SigningKeys, RequireSignedTokens = true, ValidAudiences = tokenValidatorConfiguration.ValidAudiences, ValidateAudience = true, ValidIssuers = tokenValidatorConfiguration.ValidIssuers, ValidateIssuer = true, ValidateIssuerSigningKey = true, ValidateLifetime = true, }; } ClaimsPrincipal claimsPrincipal = null; try { claimsPrincipal = securityTokenValidator.ValidateToken(token, ValidationParameters, out _); } catch (SecurityTokenException ex) { logger.LogError(ex.Message); } return(claimsPrincipal); }
public bool CanReadToken(string securityToken) { return(_underlyingValidator.CanReadToken(securityToken)); }
public async Task Invoke(HttpContext context, ISecurityTokenValidator tokenValidator, IOptions <DelegationOptions> options, ITokenValidationParametersFactory tokenValidationParametersFactory) { if (tokenValidator == null) { throw new ArgumentNullException(nameof(tokenValidator), $"{nameof(tokenValidator)} cannot be null."); } if (tokenValidationParametersFactory == null) { throw new ArgumentNullException(nameof(tokenValidationParametersFactory), $"{nameof(tokenValidationParametersFactory)} cannot be null."); } var validationParameters = tokenValidationParametersFactory.Create(); // get DelegationUser added as scoped service var delegationUser = context.RequestServices.GetService(typeof(IDelegationUser)) as DelegationUser; bool delegationUserParsed = false; var token = string.Empty; try { token = GetDelegationJwtToken(context, options.Value.DelegationHeader); if (!string.IsNullOrWhiteSpace(token)) { if (tokenValidator.CanReadToken(token)) { ClaimsPrincipal principal = null; SecurityToken validatedToken = null; try { principal = tokenValidator.ValidateToken(token, validationParameters, out validatedToken); _logger.LogInformation($"Jwt delegation token validation succeeded"); } catch (Exception ex) { _logger.LogInformation($"Jwt delegation token validation failed. Exception: {ex.ToString()}"); throw; } ClaimsIdentity claimsIdentity = principal.Identities?.FirstOrDefault(); if (claimsIdentity != null && delegationUser.TrySetValues(claimsIdentity, token)) { delegationUserParsed = true; } } } } catch (Exception ex) { _logger.LogInformation($"Processing delegation user failed. Exception: {ex.ToString()}"); throw; } if (delegationUserParsed) { delegationUser.SetValid(true); _logger.LogInformation($"Request for delegated user: { delegationUser.Sub} ({delegationUser.GivenName} {delegationUser.SurName})"); } else { delegationUser.SetValid(false); var info = $"No delegated user detected for request { (string.IsNullOrWhiteSpace(token) ? "(no delegation token found)" : $"(delegation token: {token})") }."; _logger.LogInformation(info); } await _next.Invoke(context); }