/// <summary>
/// Determines whether [is valid token] [the specified web token].
/// </summary>
/// <param name="webToken">The web token.</param>
/// <param name="requestedUri">The requested URI.</param>
/// <returns>
/// <c>true</c> if [is valid token] [the specified web token]; otherwise, <c>false</c>.
/// </returns>
private bool IsValidToken(SimpleWebToken webToken, Uri requestedUri)
{
var tokenValidator = SecurityConfiguration.Instance.TokenValidator;
//return webToken.Issuer == tokenValidator.TrustedIssuerUri
// && (webToken.Audience.IsBaseOf(requestedUri) || (IsLocal(webToken.Audience) && IsLocal(requestedUri)))
// && webToken.ExpiresOn > DateTime.UtcNow
// && webToken.IsValidSignature(tokenValidator.SignatureKey);
var isTrustedUssuerUri = webToken.Issuer == tokenValidator.TrustedIssuerUri;
var isAudience = webToken.Audience.IsBaseOf(requestedUri);
var isLocal = (IsLocal(webToken.Audience) && IsLocal(requestedUri));
if (!isLocal)
{
isLocal = IsLocalWithFQDNCheck(requestedUri);
}
var isExpires = webToken.ExpiresOn > DateTime.UtcNow;
var isValidSignature = webToken.IsValidSignature(tokenValidator.SignatureKey);
var result = isTrustedUssuerUri && (isAudience || isLocal) && isExpires && isValidSignature;
return(result);
}
