public AuthorizedModel ValidateToken(
AuthenticationHeaderValue value,
JwtBindingConfiguration config)
{
if (value?.Scheme != "Bearer")
{
throw new AuthorizationSchemeNotSupportedException(value?.Scheme);
}
if (string.IsNullOrWhiteSpace(config.Issuer))
{
throw new ConfigurationException("Configuring an issuer is required in order to validate a JWT Token");
}
var validationParameter = GetTokenValidationParameters(config.Issuer, config.Audience, config.IssuerPattern);
if (!string.IsNullOrWhiteSpace(config.Signature))
{
var sig = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(config.Signature));
validationParameter.IssuerSigningKey = sig;
}
else
{
var securityKeys = GetSigningKeys(config.Issuer).Result;
validationParameter.IssuerSigningKeys = securityKeys;
}
try
{
var handler = new JwtSecurityTokenHandler();
var claimsPrincipal = handler.ValidateToken(value.Parameter, validationParameter, out var token);
ValidateIssuerPattern(token, config.IssuerPattern);
ValidateScopes(token, config.Scopes);
ValidateRoles(token, config.Roles);
ValidateIdentities(token, config.AllowedIdentities);
var displayName = GetDisplayNameFromToken(claimsPrincipal);
return(GetAuthorizedModelFromToken(token, displayName));
}
catch (SecurityTokenSignatureKeyNotFoundException ex1)
{
_logger.LogError(ex1, "Failed to validate token signature, token is considered to be invalid");
throw new AuthorizationFailedException(ex1);
}
catch (SecurityTokenException ex2)
{
_logger.LogError(ex2, "Failed to validate, token is considered to be invalid");
throw new AuthorizationFailedException(ex2);
}
catch (Exception ex)
{
_logger.LogError(ex, "Unknown exception occurred while trying to validate JWT Token");
throw new AuthorizationFailedException(ex);
}
}
private AuthorizedModel Validate()
{
var config = new JwtBindingConfiguration
{
Signature = _signature,
Scopes = _scopes,
Audience = _audience,
Issuer = _issuer,
IssuerPattern = _issuerPattern
};
return(_service.ValidateToken(
new AuthenticationHeaderValue(_scheme, _token),
config));
}
private void Act()
{
var config = new JwtBindingConfiguration
{
SymmetricSecuritySigningKey = _symmetricSigningKey,
Scopes = _scopes,
Audience = _audience,
Issuer = _issuer,
IssuerPattern = _issuerPattern,
AllowedIdentities = _allowedIdentities
};
_service.ValidateToken(
new AuthenticationHeaderValue(_scheme, _token),
config);
}
private static SecurityKey GetIssuerSigningKey(JwtBindingConfiguration config)
{
if (!string.IsNullOrWhiteSpace(config.SymmetricSecuritySigningKey))
{
return(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(config.SymmetricSecuritySigningKey)));
}
if (!string.IsNullOrWhiteSpace(config.X509CertificateSigningKey))
{
var certificate = new X509Certificate2(Convert.FromBase64String(config.X509CertificateSigningKey));
var certificateKey = new X509SecurityKey(certificate);
return(certificateKey);
}
return(null);
}
private AuthorizedModel Validate()
{
var config = new JwtBindingConfiguration
{
Scopes = _scopes,
Audience = _audience,
Issuer = _issuer,
IssuerPattern = _issuerPattern
};
if (!string.IsNullOrWhiteSpace(_certificateWithPrivateKey))
{
config.X509CertificateSigningKey = _certificateWithPublicKey;
}
else
{
config.SymmetricSecuritySigningKey = _symmetricSigningKey;
}
return(_service.ValidateToken(
new AuthenticationHeaderValue(_scheme, _token),
config));
}
