public void Unprotecting_Ticket_With_Invalid_JWT_Throws_SecurityException() { // Arrange var ticketFormat = TicketFormat(); var authProps = new AuthenticationProperties(); authProps.StoreTokens(new[] { new AuthenticationToken() { Name = "jwt", Value = "Evil Token" } }); var encryptedString = ticketFormat.Protect( new AuthenticationTicket( ClaimsPrincipalFactory.CreatePrincipal(new[] { new Claim(ClaimTypes.GivenName, "Blah") }), authProps, "Cookies")); // Act & assert Assert.Null(ticketFormat.Unprotect(encryptedString)); }
public TokenWithClaimsPrincipal GenerateAccessTokenWithClaimsPrincipal(string userName, IEnumerable <Claim> userClaims) { var userClaimList = userClaims.ToList(); var accessToken = this.GenerateAccessToken(userName, userClaimList); return(new TokenWithClaimsPrincipal() { AccessToken = accessToken, ClaimsPrincipal = ClaimsPrincipalFactory.CreatePrincipal( MergeUserClaimsWithDefaultClaims(userName, userClaimList)), AuthProperties = CreateAuthProperties(accessToken) }); }
public void Unprotecting_Ticket_With_Empty_AuthProps_Throws_ArgumentNullException() { // Arrange var ticketFormat = TicketFormat(); var encryptedString = ticketFormat.Protect( new AuthenticationTicket( ClaimsPrincipalFactory.CreatePrincipal(new[] { new Claim(ClaimTypes.GivenName, "Blah") }), new AuthenticationProperties(), "Cookies")); // Act & assert Assert.Null(ticketFormat.Unprotect(encryptedString)); }