private JsonWebSecurityTokenHandler GetSecurityTokenHandler(string audience,
string authMetadataEndpoint,
X509Certificate2 currentCertificate)
{
JsonWebSecurityTokenHandler jsonTokenHandler = new JsonWebSecurityTokenHandler();
jsonTokenHandler.Configuration = new Microsoft.IdentityModel.Tokens.SecurityTokenHandlerConfiguration();
jsonTokenHandler.Configuration.AudienceRestriction = new Microsoft.IdentityModel.Tokens.AudienceRestriction(AudienceUriMode.Always);
jsonTokenHandler.Configuration.AudienceRestriction.AllowedAudienceUris.Add(
new Uri(audience, UriKind.RelativeOrAbsolute));
jsonTokenHandler.Configuration.CertificateValidator = X509CertificateValidator.None;
jsonTokenHandler.Configuration.IssuerTokenResolver =
SecurityTokenResolver.CreateDefaultSecurityTokenResolver(
new ReadOnlyCollection<SecurityToken>(new List<SecurityToken>(
new SecurityToken[]
{
new X509SecurityToken(currentCertificate)
})), false);
Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry issuerNameRegistry =
new Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry();
issuerNameRegistry.AddTrustedIssuer(currentCertificate.Thumbprint, Config.ExchangeApplicationIdentifier);
jsonTokenHandler.Configuration.IssuerNameRegistry = issuerNameRegistry;
return jsonTokenHandler;
}
private JsonWebSecurityTokenHandler GetSecurityTokenHandler(string audience,
string authMetadataEndpoint,
X509Certificate2 currentCertificate)
{
JsonWebSecurityTokenHandler jsonTokenHandler = new JsonWebSecurityTokenHandler();
jsonTokenHandler.Configuration = new Microsoft.IdentityModel.Tokens.SecurityTokenHandlerConfiguration();
jsonTokenHandler.Configuration.AudienceRestriction = new Microsoft.IdentityModel.Tokens.AudienceRestriction(AudienceUriMode.Always);
jsonTokenHandler.Configuration.AudienceRestriction.AllowedAudienceUris.Add(
new Uri(audience, UriKind.RelativeOrAbsolute));
jsonTokenHandler.Configuration.CertificateValidator = X509CertificateValidator.None;
jsonTokenHandler.Configuration.IssuerTokenResolver =
SecurityTokenResolver.CreateDefaultSecurityTokenResolver(
new ReadOnlyCollection <SecurityToken>(new List <SecurityToken>(
new SecurityToken[]
{
new X509SecurityToken(currentCertificate)
})), false);
Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry issuerNameRegistry =
new Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry();
issuerNameRegistry.AddTrustedIssuer(currentCertificate.Thumbprint, Config.ExchangeApplicationIdentifier);
jsonTokenHandler.Configuration.IssuerNameRegistry = issuerNameRegistry;
return(jsonTokenHandler);
}
