public override ReadOnlyCollection <ClaimsIdentity> ValidateToken(SecurityToken token) { SimpleWebToken swt = token as SimpleWebToken; if (swt == null) { throw new SecurityTokenValidationException("The received token is of incorrect token type.Expected SimpleWebToken"); } // check issuer name registry for allowed issuers string issuerName = null; if (base.Configuration.IssuerNameRegistry != null) { issuerName = base.Configuration.IssuerNameRegistry.GetIssuerName(token); if (string.IsNullOrEmpty(issuerName)) { throw new SecurityTokenValidationException("Invalid issuer "); } } // check expiration if (DateTime.Compare(swt.ValidTo, DateTime.UtcNow) <= 0) { throw new SecurityTokenExpiredException("The incoming token has expired. Get a new access token from the Authorization Server."); } // check audience if (base.Configuration.AudienceRestriction.AudienceMode != AudienceUriMode.Never) { var allowedAudiences = base.Configuration.AudienceRestriction.AllowedAudienceUris; if (!allowedAudiences.Any(uri => uri == swt.AudienceUri)) { throw new AudienceUriValidationFailedException(); } } // retrieve signing key var clause = new WebTokenSecurityKeyClause(swt.Issuer); var securityKey = Configuration.IssuerTokenResolver.ResolveSecurityKey(clause) as InMemorySymmetricSecurityKey; if (securityKey == null) { throw new SecurityTokenValidationException("No signing key found"); } // TODO // check signature if (!swt.VerifySignature(securityKey.GetSymmetricKey())) { throw new SecurityTokenValidationException("Signature verification of the incoming token failed."); } var id = new ClaimsIdentity("SWT"); foreach (var claim in swt.Claims) { claim.Value.Split(',').ToList().ForEach(v => id.AddClaim(new Claim(claim.Type, v, ClaimValueTypes.String, issuerName))); } return(new List <ClaimsIdentity> { id }.AsReadOnly()); }
public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token) { if (token == null) { throw new ArgumentNullException("token"); } var jwt = token as JsonWebToken; if (jwt == null) { throw new ArgumentException("Token is not a JsonWebToken"); } // check if configuration is properly set if (base.Configuration == null) { throw new InvalidOperationException("No configuration set for token handler"); } // check issuer name registry for allowed issuers var issuerName = base.Configuration.IssuerNameRegistry.GetIssuerName(token); if (string.IsNullOrEmpty(issuerName)) { throw new SecurityTokenValidationException("Invalid issuer"); } // check expiration if (jwt.ExpirationTime.HasValue) { if (DateTime.Compare(jwt.ValidTo, DateTime.UtcNow) <= 0) { throw new SecurityTokenExpiredException("The token has expired"); } } // check audience if (base.Configuration.AudienceRestriction.AudienceMode != AudienceUriMode.Never) { var allowedAudiences = base.Configuration.AudienceRestriction.AllowedAudienceUris; if (!allowedAudiences.Any(uri => uri == jwt.Audience)) { throw new AudienceUriValidationFailedException(); } } if (jwt.Header.SignatureAlgorithm != JwtConstants.SignatureAlgorithms.None) { // retrieve signing key var clause = new WebTokenSecurityKeyClause(jwt.Issuer); var signingKey = Configuration.IssuerTokenResolver.ResolveSecurityKey(clause); if (signingKey == null) { throw new SecurityTokenValidationException("No signing key found"); } VerifySignature(jwt, signingKey); } var identity = CreateClaimsIdentity(jwt); return new List<ClaimsIdentity> { identity }.AsReadOnly(); }
public override ReadOnlyCollection <ClaimsIdentity> ValidateToken(SecurityToken token) { if (token == null) { throw new ArgumentNullException("token"); } var jwt = token as JsonWebToken; if (jwt == null) { throw new ArgumentException("Token is not a JsonWebToken"); } // check if configuration is properly set if (base.Configuration == null) { throw new InvalidOperationException("No configuration set for token handler"); } // check issuer name registry for allowed issuers var issuerName = base.Configuration.IssuerNameRegistry.GetIssuerName(token); if (string.IsNullOrEmpty(issuerName)) { throw new SecurityTokenValidationException("Invalid issuer"); } // check expiration if (jwt.ExpirationTime.HasValue) { if (DateTime.Compare(jwt.ValidTo, DateTime.UtcNow) <= 0) { throw new SecurityTokenExpiredException("The token has expired"); } } // check audience if (base.Configuration.AudienceRestriction.AudienceMode != AudienceUriMode.Never) { var allowedAudiences = base.Configuration.AudienceRestriction.AllowedAudienceUris; if (!allowedAudiences.Any(uri => uri == jwt.Audience)) { throw new AudienceUriValidationFailedException(); } } if (jwt.Header.SignatureAlgorithm != JwtConstants.SignatureAlgorithms.None) { // retrieve signing key var clause = new WebTokenSecurityKeyClause(jwt.Issuer); var signingKey = Configuration.IssuerTokenResolver.ResolveSecurityKey(clause); if (signingKey == null) { throw new SecurityTokenValidationException("No signing key found"); } VerifySignature(jwt, signingKey); } var identity = CreateClaimsIdentity(jwt); return(new List <ClaimsIdentity> { identity }.AsReadOnly()); }
public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token) { SimpleWebToken swt = token as SimpleWebToken; if (swt == null) { throw new SecurityTokenValidationException("The received token is of incorrect token type.Expected SimpleWebToken"); } // check issuer name registry for allowed issuers string issuerName = null; if (base.Configuration.IssuerNameRegistry != null) { issuerName = base.Configuration.IssuerNameRegistry.GetIssuerName(token); if (string.IsNullOrEmpty(issuerName)) { throw new SecurityTokenValidationException("Invalid issuer "); } } // check expiration if (DateTime.Compare(swt.ValidTo, DateTime.UtcNow) <= 0) { throw new SecurityTokenExpiredException("The incoming token has expired. Get a new access token from the Authorization Server."); } // check audience if (base.Configuration.AudienceRestriction.AudienceMode != AudienceUriMode.Never) { var allowedAudiences = base.Configuration.AudienceRestriction.AllowedAudienceUris; if (!allowedAudiences.Any(uri => uri == swt.AudienceUri)) { throw new AudienceUriValidationFailedException(); } } // retrieve signing key var clause = new WebTokenSecurityKeyClause(swt.Issuer); var securityKey = Configuration.IssuerTokenResolver.ResolveSecurityKey(clause) as InMemorySymmetricSecurityKey; if (securityKey == null) { throw new SecurityTokenValidationException("No signing key found"); } // TODO // check signature if (!swt.VerifySignature(securityKey.GetSymmetricKey())) { throw new SecurityTokenValidationException("Signature verification of the incoming token failed."); } var id = new ClaimsIdentity("SWT"); foreach (var claim in swt.Claims) { claim.Value.Split(',').ToList().ForEach(v => id.AddClaim(new Claim(claim.Type, v, ClaimValueTypes.String, issuerName))); } return new List<ClaimsIdentity> { id }.AsReadOnly(); }