public void SignedHttpRequestValidationContext() { var httpRequestData = new HttpRequestData(); var signedHttpRequest = SignedHttpRequestTestUtils.CreateDefaultSignedHttpRequestToken(SignedHttpRequestTestUtils.DefaultSignedHttpRequestPayload.ToString()).EncodedToken; var tokenValidationParameters = SignedHttpRequestTestUtils.DefaultTokenValidationParameters; var validationParameters = new SignedHttpRequestValidationParameters(); var callContext = new CallContext(); Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(null, httpRequestData, null, validationParameters, callContext)); Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(null, httpRequestData, null)); Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(null, httpRequestData, null, (SignedHttpRequestValidationParameters)null)); Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(null, httpRequestData, null, (CallContext)null)); Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(string.Empty, httpRequestData, null, validationParameters, callContext)); Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(string.Empty, httpRequestData, null)); Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(string.Empty, httpRequestData, null, (SignedHttpRequestValidationParameters)null)); Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(string.Empty, httpRequestData, null, (CallContext)null)); Assert.Throws <ArgumentNullException>("httpRequestData", () => new SignedHttpRequestValidationContext(signedHttpRequest, null, null, validationParameters, callContext)); Assert.Throws <ArgumentNullException>("httpRequestData", () => new SignedHttpRequestValidationContext(signedHttpRequest, null, null)); Assert.Throws <ArgumentNullException>("httpRequestData", () => new SignedHttpRequestValidationContext(signedHttpRequest, null, null, (SignedHttpRequestValidationParameters)null)); Assert.Throws <ArgumentNullException>("httpRequestData", () => new SignedHttpRequestValidationContext(signedHttpRequest, null, null, (CallContext)null)); Assert.Throws <ArgumentNullException>("accessTokenValidationParameters", () => new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, null, validationParameters, callContext)); Assert.Throws <ArgumentNullException>("accessTokenValidationParameters", () => new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, null)); Assert.Throws <ArgumentNullException>("accessTokenValidationParameters", () => new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, null, (SignedHttpRequestValidationParameters)null)); Assert.Throws <ArgumentNullException>("accessTokenValidationParameters", () => new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, null, (CallContext)null)); Assert.Throws <ArgumentNullException>("signedHttpRequestValidationParameters", () => new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, tokenValidationParameters, (SignedHttpRequestValidationParameters)null)); Assert.Throws <ArgumentNullException>("signedHttpRequestValidationParameters", () => new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, tokenValidationParameters, null, callContext)); Assert.Throws <ArgumentNullException>("callContext", () => new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, tokenValidationParameters, validationParameters, null)); // no exceptions var signedHttpRequestDescriptor = new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, tokenValidationParameters); Assert.Equal(httpRequestData, signedHttpRequestDescriptor.HttpRequestData); Assert.Equal(signedHttpRequest, signedHttpRequestDescriptor.SignedHttpRequest); Assert.Equal(tokenValidationParameters, signedHttpRequestDescriptor.AccessTokenValidationParameters); Assert.NotNull(signedHttpRequestDescriptor.SignedHttpRequestValidationParameters); Assert.NotNull(signedHttpRequestDescriptor.CallContext); signedHttpRequestDescriptor = new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, tokenValidationParameters, callContext); Assert.Equal(httpRequestData, signedHttpRequestDescriptor.HttpRequestData); Assert.Equal(signedHttpRequest, signedHttpRequestDescriptor.SignedHttpRequest); Assert.Equal(tokenValidationParameters, signedHttpRequestDescriptor.AccessTokenValidationParameters); Assert.Equal(callContext, signedHttpRequestDescriptor.CallContext); Assert.NotNull(signedHttpRequestDescriptor.SignedHttpRequestValidationParameters); signedHttpRequestDescriptor = new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, tokenValidationParameters, validationParameters); Assert.Equal(httpRequestData, signedHttpRequestDescriptor.HttpRequestData); Assert.Equal(signedHttpRequest, signedHttpRequestDescriptor.SignedHttpRequest); Assert.Equal(tokenValidationParameters, signedHttpRequestDescriptor.AccessTokenValidationParameters); Assert.Equal(validationParameters, signedHttpRequestDescriptor.SignedHttpRequestValidationParameters); Assert.NotNull(signedHttpRequestDescriptor.CallContext); signedHttpRequestDescriptor = new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, tokenValidationParameters, validationParameters, callContext); Assert.Equal(httpRequestData, signedHttpRequestDescriptor.HttpRequestData); Assert.Equal(signedHttpRequest, signedHttpRequestDescriptor.SignedHttpRequest); Assert.Equal(tokenValidationParameters, signedHttpRequestDescriptor.AccessTokenValidationParameters); Assert.Equal(validationParameters, signedHttpRequestDescriptor.SignedHttpRequestValidationParameters); Assert.Equal(callContext, signedHttpRequestDescriptor.CallContext); }
public async Task Roundtrips(RoundtripSignedHttpRequestTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.Roundtrips", theoryData); try { var handler = new SignedHttpRequestHandler(); var signedHttpRequestDescriptor = new SignedHttpRequestDescriptor(theoryData.AccessToken, theoryData.HttpRequestData, theoryData.SigningCredentials, theoryData.SignedHttpRequestCreationParameters); signedHttpRequestDescriptor.CnfClaimValue = theoryData.CnfClaimValue; var signedHttpRequest = handler.CreateSignedHttpRequest(signedHttpRequestDescriptor); var cryptoProviderFactory = signedHttpRequestDescriptor.SigningCredentials.CryptoProviderFactory ?? signedHttpRequestDescriptor.SigningCredentials.Key.CryptoProviderFactory; if (cryptoProviderFactory.CryptoProviderCache.TryGetSignatureProvider( signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm, signedHttpRequestDescriptor.SigningCredentials.Key is AsymmetricSecurityKey ? typeof(AsymmetricSignatureProvider).ToString() : typeof(SymmetricSignatureProvider).ToString(), true, out _)) { context.Diffs.Add(LogHelper.FormatInvariant("SignedHttpRequest cached SignatureProvider (Signing), Key: '{0}', Algorithm: '{1}'", signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm)); } var signedHttpRequestValidationContext = new SignedHttpRequestValidationContext(signedHttpRequest, theoryData.HttpRequestData, theoryData.TokenValidationParameters, theoryData.SignedHttpRequestValidationParameters); var result = await handler.ValidateSignedHttpRequestAsync(signedHttpRequestValidationContext, CancellationToken.None).ConfigureAwait(false); if (cryptoProviderFactory.CryptoProviderCache.TryGetSignatureProvider( signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm, signedHttpRequestDescriptor.SigningCredentials.Key is AsymmetricSecurityKey ? typeof(AsymmetricSignatureProvider).ToString() : typeof(SymmetricSignatureProvider).ToString(), false, out _)) { context.Diffs.Add(LogHelper.FormatInvariant("SignedHttpRequest cached SignatureProvider (Validate), Key: '{0}', Algorithm: '{1}'", signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm)); } IdentityComparer.AreBoolsEqual(result.IsValid, theoryData.IsValid, context); if (result.Exception != null) { throw result.Exception; } Assert.NotNull(result); Assert.NotNull(result.SignedHttpRequest); Assert.NotNull(result.ValidatedSignedHttpRequest); Assert.NotNull(result.AccessTokenValidationResult); theoryData.ExpectedException.ProcessNoException(context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
internal override SecurityKey ResolvePopKeyFromJwk(string jwk, SignedHttpRequestValidationContext signedHttpRequestValidationContext) { if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("trackResolvePopKeyFromJwk")) { signedHttpRequestValidationContext.CallContext.PropertyBag["trackResolvePopKeyFromJwk"] = true; return(null); } return(base.ResolvePopKeyFromJwk(jwk, signedHttpRequestValidationContext)); }
internal override void ValidateBClaim(JsonWebToken signedHttpRequest, SignedHttpRequestValidationContext signedHttpRequestValidationContext) { if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("onlyTrack_ValidateBClaimCall")) { signedHttpRequestValidationContext.CallContext.PropertyBag["onlyTrack_ValidateBClaimCall"] = true; } else { base.ValidateBClaim(signedHttpRequest, signedHttpRequestValidationContext); } }
internal override async Task <TokenValidationResult> ValidateAccessTokenAsync(string accessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken) { if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockValidateAccessTokenAsync_returnInvalidResult")) { return(new TokenValidationResult() { IsValid = false, Exception = new SecurityTokenValidationException() }); } else { return(await base.ValidateAccessTokenAsync(accessToken, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false)); } }
internal override async Task <SecurityKey> ResolvePopKeyAsync(JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken) { if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockResolvePopKeyAsync_returnValidKey")) { return(SignedHttpRequestTestUtils.DefaultSigningCredentials.Key); } else if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockResolvePopKeyAsync_returnInvalidKey")) { return(KeyingMaterial.RsaSecurityKey1); } else if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockResolvePopKeyAsync_returnNullKey")) { return(null); } else { return(await base.ResolvePopKeyAsync(signedHttpRequest, validatedAccessToken, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false)); } }
internal override async Task <SecurityKey> ValidateSignatureAsync(JsonWebToken signedHttpRequest, SecurityKey popKey, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken) { if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockValidateSignedHttpRequestSignatureAsync")) { return(SignedHttpRequestTestUtils.DefaultSigningCredentials.Key); } else { return(await base.ValidateSignatureAsync(signedHttpRequest, popKey, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false)); } }
internal override async Task <SecurityKey> ResolvePopKeyFromKeyIdentifierAsync(string kid, JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken) { if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("trackResolvePopKeyFromKid")) { signedHttpRequestValidationContext.CallContext.PropertyBag["trackResolvePopKeyFromKid"] = true; return(null); } return(await base.ResolvePopKeyFromKeyIdentifierAsync(kid, signedHttpRequest, validatedAccessToken, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false)); }
public SecurityKey ResolvePopKeyFromJwkPublic(string jwk, JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext) { return(ResolvePopKeyFromJwk(jwk, signedHttpRequestValidationContext)); }
internal async Task <SecurityKey> ResolvePopKeyFromCnfClaimPublicAsync(JObject confirmationClaim, JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken) { return(await ResolvePopKeyFromCnfClaimAsync(confirmationClaim, signedHttpRequest, validatedAccessToken, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false)); }
internal JObject GetCnfClaimValuePublic(JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext) { return(GetCnfClaimValue(signedHttpRequest, validatedAccessToken, signedHttpRequestValidationContext)); }
public void ValidateBClaimPublic(JsonWebToken jwtSignedHttpRequest, SignedHttpRequestValidationContext signedHttpRequestValidationContext) { ValidateBClaim(jwtSignedHttpRequest, signedHttpRequestValidationContext); }
public async Task <SecurityKey> ValidateSignaturePublicAsync(JsonWebToken signedHttpRequest, SecurityKey popKey, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken) { return(await ValidateSignatureAsync(signedHttpRequest, popKey, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false)); }
public async Task <SecurityToken> ValidateSignedHttpRequestPayloadPublicAsync(SecurityToken signedHttpRequest, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken) { return(await ValidateSignedHttpRequestPayloadAsync(signedHttpRequest, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false)); }
internal override JObject GetCnfClaimValue(JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext) { if (signedHttpRequestValidationContext?.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetCnfClaimValue_returnJwk")) { return(SignedHttpRequestTestUtils.DefaultCnfJwk); } else if (signedHttpRequestValidationContext?.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetCnfClaimValue_returnJwe")) { return(SignedHttpRequestTestUtils.DefaultCnfJwe); } else if (signedHttpRequestValidationContext?.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetCnfClaimValue_returnJku")) { return(SignedHttpRequestTestUtils.DefaultJku); } else if (signedHttpRequestValidationContext?.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetCnfClaimValue_returnJkuKid")) { return(SignedHttpRequestTestUtils.DefaultJkuKid); } else if (signedHttpRequestValidationContext?.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetCnfClaimValue_returnKid")) { return(SignedHttpRequestTestUtils.DefaultKid); } else if (signedHttpRequestValidationContext?.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetCnfClaimValue_returnCustom")) { return(JObject.Parse("{\"custom\": 1}")); } else { return(base.GetCnfClaimValue(signedHttpRequest, validatedAccessToken, signedHttpRequestValidationContext)); } }
internal async Task <SecurityKey> ResolvePopKeyFromJkuPublicAsync(string jkuSetUrl, JObject cnf, JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken) { return(await ResolvePopKeyFromJkuAsync(jkuSetUrl, cnf, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false)); }
internal override async Task <SecurityKey> ResolvePopKeyFromCnfClaimAsync(JObject confirmationClaim, JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken) { if (signedHttpRequestValidationContext?.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockResolvePopKeyFromCnfClaimAsync_returnRsa")) { return(signedHttpRequestValidationContext.CallContext.PropertyBag["mockResolvePopKeyFromCnfClaimAsync_returnRsa"] as RsaSecurityKey); } else { return(await base.ResolvePopKeyFromCnfClaimAsync(confirmationClaim, signedHttpRequest, validatedAccessToken, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false)); } }
public async Task <IList <SecurityKey> > GetPopKeysFromJkuPublicAsync(string jkuSetUrl, JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken) { return(await GetPopKeysFromJkuAsync(jkuSetUrl, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false)); }
internal override async Task <SecurityKey> ResolvePopKeyFromJkuAsync(string jkuSetUrl, JObject cnf, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken) { if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("trackResolvePopKeyFromJku")) { signedHttpRequestValidationContext.CallContext.PropertyBag["trackResolvePopKeyFromJku"] = true; return(null); } return(await base.ResolvePopKeyFromJkuAsync(jkuSetUrl, cnf, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false)); }
public async Task <SecurityKey> ResolvePopKeyFromKeyIdentifierPublicAsync(string kid, JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken) { return(await ResolvePopKeyFromKeyIdentifierAsync(kid, signedHttpRequest, validatedAccessToken, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false)); }
internal override async Task <IList <SecurityKey> > GetPopKeysFromJkuAsync(string jkuSetUrl, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken) { if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetPopKeysFromJkuAsync_return0Keys")) { return(new List <SecurityKey>()); } else if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetPopKeysFromJkuAsync_returnNull")) { return(null); } else if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetPopKeysFromJkuAsync_return2Keys")) { return(new List <SecurityKey>() { SignedHttpRequestTestUtils.DefaultEncryptingCredentials.Key, SignedHttpRequestTestUtils.DefaultSigningCredentials.Key, }); } else if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetPopKeysFromJkuAsync_return1Key")) { return(new List <SecurityKey>() { SignedHttpRequestTestUtils.DefaultSigningCredentials.Key }); } else if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetPopKeysFromJkuAsync_returnWrongKey")) { return(new List <SecurityKey>() { SignedHttpRequestTestUtils.DefaultEncryptingCredentials.Key }); } return(await base.GetPopKeysFromJkuAsync(jkuSetUrl, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false)); }
protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { try { // Give application opportunity to find from a different location, adjust, or reject token var messageReceivedContext = new SignedHttpRequestMessageReceivedContext(Context, Scheme, Options); // event can set the token //await Events.MessageReceived(messageReceivedContext); if (messageReceivedContext.Result != null) { return(messageReceivedContext.Result); } // If application retrieved token from somewhere else, use that. string signedHttpRequest = messageReceivedContext.Token; if (string.IsNullOrEmpty(signedHttpRequest)) { string authorization = Request.Headers[HeaderNames.Authorization]; // If no authorization header found, nothing to process further if (string.IsNullOrEmpty(authorization)) { return(AuthenticateResult.NoResult()); } if (authorization.StartsWith(SignedHttpRequestConstants.AuthorizationHeaderSchemeName, StringComparison.OrdinalIgnoreCase)) { signedHttpRequest = authorization.Substring((SignedHttpRequestConstants.AuthorizationHeaderSchemeName + " ").Length).Trim(); } // If no token found, no further work possible if (string.IsNullOrEmpty(signedHttpRequest)) { return(AuthenticateResult.NoResult()); } } if (_configuration == null && Options.ConfigurationManager != null) { _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); } var validationParameters = Options.AccessTokenValidationParameters.Clone(); if (_configuration != null) { var issuers = new[] { _configuration.Issuer }; validationParameters.ValidIssuers = validationParameters.ValidIssuers?.Concat(issuers) ?? issuers; validationParameters.IssuerSigningKeys = validationParameters.IssuerSigningKeys?.Concat(_configuration.SigningKeys) ?? _configuration.SigningKeys; } var signedHttpRequestHandler = new SignedHttpRequestHandler(); Request.EnableBuffering(); byte[] body = null; // Only extract the body if it will be validated. if (Options.SignedHttpRequestValidationParameters.ValidateB) { using (var ms = new MemoryStream(2048)) { await Request.Body.CopyToAsync(ms); body = ms.ToArray(); // returns base64 encoded string JSON result } } Request.Body.Position = 0; Dictionary <string, IEnumerable <string> > headers = new Dictionary <string, IEnumerable <string> >(); // Only extract the headers if they will be validated. if (Options.SignedHttpRequestValidationParameters.ValidateH) { foreach (var keyValuePair in Request.Headers) { headers.Add(keyValuePair.Key, keyValuePair.Value.AsEnumerable()); } } var httpRequestData = new HttpRequestData() { Method = Request.Method, Uri = new Uri(UriHelper.GetEncodedUrl(Request)), Body = body, Headers = headers }; var signedHttpRequestValidationContext = new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, validationParameters, Options.SignedHttpRequestValidationParameters); SignedHttpRequestValidationResult signedHttpRequestValidationResult = null; signedHttpRequestValidationResult = await signedHttpRequestHandler.ValidateSignedHttpRequestAsync(signedHttpRequestValidationContext, CancellationToken.None).ConfigureAwait(false); if (!signedHttpRequestValidationResult.IsValid) { Logger.TokenValidationFailed(signedHttpRequestValidationResult.Exception); // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event. if (Options.RefreshOnIssuerKeyNotFound && Options.ConfigurationManager != null && signedHttpRequestValidationResult.Exception is SecurityTokenSignatureKeyNotFoundException) { Options.ConfigurationManager.RequestRefresh(); } var authenticationFailedContext = new SignedHttpRequestAuthenticationFailedContext(Context, Scheme, Options) { Exception = signedHttpRequestValidationResult.Exception }; //await Events.AuthenticationFailed(authenticationFailedContext); if (authenticationFailedContext.Result != null) { return(authenticationFailedContext.Result); } return(AuthenticateResult.Fail(authenticationFailedContext.Exception)); } Logger.TokenValidationSucceeded(); var principal = new ClaimsPrincipal(signedHttpRequestValidationResult.AccessTokenValidationResult.ClaimsIdentity); Request.HttpContext.Items[typeof(SignedHttpRequestValidationResult)] = signedHttpRequestValidationResult; var tokenValidatedContext = new SignedHttpRequestValidatedContext(Context, Scheme, Options) { Principal = principal, SignedHttpRequestValidationResult = signedHttpRequestValidationResult, }; //await Events.TokenValidated(tokenValidatedContext); if (tokenValidatedContext.Result != null) { return(tokenValidatedContext.Result); } tokenValidatedContext.Success(); return(tokenValidatedContext.Result); } catch (Exception ex) { Logger.ErrorProcessingMessage(ex); var authenticationFailedContext = new SignedHttpRequestAuthenticationFailedContext(Context, Scheme, Options) { Exception = ex }; //await Events.AuthenticationFailed(authenticationFailedContext); if (authenticationFailedContext.Result != null) { return(authenticationFailedContext.Result); } throw; } }