public void Unprotecting_Ticket_With_Invalid_JWT_Throws_SecurityException()
{
// Arrange
var ticketFormat = TicketFormat();
var authProps = new AuthenticationProperties();
authProps.StoreTokens(new[]
{
new AuthenticationToken()
{
Name = "jwt", Value = "Evil Token"
}
});
var encryptedString = ticketFormat.Protect(
new AuthenticationTicket(
ClaimsPrincipalFactory.CreatePrincipal(new[]
{
new Claim(ClaimTypes.GivenName, "Blah")
}),
authProps,
"Cookies"));
// Act & assert
Assert.Null(ticketFormat.Unprotect(encryptedString));
}
public TokenWithClaimsPrincipal GenerateAccessTokenWithClaimsPrincipal(string userName,
IEnumerable <Claim> userClaims)
{
var userClaimList = userClaims.ToList();
var accessToken = this.GenerateAccessToken(userName, userClaimList);
return(new TokenWithClaimsPrincipal()
{
AccessToken = accessToken,
ClaimsPrincipal = ClaimsPrincipalFactory.CreatePrincipal(
MergeUserClaimsWithDefaultClaims(userName, userClaimList)),
AuthProperties = CreateAuthProperties(accessToken)
});
}
public void Unprotecting_Ticket_With_Empty_AuthProps_Throws_ArgumentNullException()
{
// Arrange
var ticketFormat = TicketFormat();
var encryptedString = ticketFormat.Protect(
new AuthenticationTicket(
ClaimsPrincipalFactory.CreatePrincipal(new[]
{
new Claim(ClaimTypes.GivenName, "Blah")
}),
new AuthenticationProperties(),
"Cookies"));
// Act & assert
Assert.Null(ticketFormat.Unprotect(encryptedString));
}
